linotp.lib.validate module

validation processing logic

class linotp.lib.auth.validate.ValidationHandler[source]

Bases: object

checkSerialPass(serial, passw, options=None, user=None)[source]

This function checks the otp for a given serial

Attention:the parameter user must be set, as the pin policy==1 will verify the user pin
checkTokenList(tokenList, passw, user=User(login='', realm='', conf='' ::resolverUid:{}, resolverConf:{}), options=None)[source]

identify a matching token and test, if the token is valid, locked .. This function is called by checkSerialPass and checkUserPass to

Parameters:
  • tokenList – list of identified tokens
  • passw – the provided passw (mostly pin+otp)
  • user – the identified use - as class object
  • options – additional parameters, which are passed to the token
Returns:

tuple of boolean and optional response

checkUserPass(user, passw, options=None)[source]
Parameters:
  • user – the to be identified user
  • passw – the identification pass
  • options – optional parameters, which are provided to the token checkOTP / checkPass
Returns:

tuple of True/False and optional information

checkYubikeyPass(passw)[source]

Checks the password of a yubikey in Yubico mode (44,48), where the first 12 or 16 characters are the tokenid

Parameters:passw (string) – The password that consist of the static yubikey prefix and the otp
Returns:True/False and the User-Object of the token owner
Return type:dict
check_by_transactionid(transid, passw, options=None)[source]

check the passw against the open transaction

Parameters:
  • transid – the transaction id
  • passw – the pass parameter
  • options – the additional optional parameters
Returns:

tuple of boolean and detail dict

check_status(transid=None, user=None, serial=None, password=None, use_offline=False)[source]

check for open transactions - for polling support

Parameters:
  • transid – the transaction id where we request the status from
  • user – the token owner user
  • serial – or the serial we are searching for
  • password – the pin/password for authorization the request
  • use_offline – on success the offline info is returned
Returns:

tuple of success and detail dict

do_request()[source]
linotp.lib.auth.validate.check_otp(token, otpval, options=None)[source]

check the otp value

Parameters:
  • token – the corresponding token
  • otpval – the to be checked otp value
  • options – the additional request parameters
Returns:

result of the otp check, which is the matching otpcounter or -1 if not valid

linotp.lib.auth.validate.check_pin(token, passw, user=None, options=None)[source]

check the provided pin w.r.t. the policy definition

Parameters:
  • passw – the to be checked pass
  • user – if otppin==1, this is the user, which resolver should be checked
  • options – the optional request parameters
Returns:

boolean, if pin matched True

linotp.lib.auth.validate.split_pin_otp(token, passw, user=None, options=None)[source]

split the pin and the otp from the given password

Parameters:
  • token – the corresponding token
  • passw – the to be split password
  • user – the token user
  • options – currently not used, but might be forwarded to the token.splitPinPass
Returns:

tuple of (split status, pin and otpval)