linotp.tokens.pushtoken module

class linotp.tokens.pushtoken.pushtoken.PushTokenClass(token_model_object)[source]

Bases: linotp.tokens.base.TokenClass, linotp.tokens.base.stateful_mixin.StatefulTokenMixin

checkOtp(passwd, counter, window, options=None)[source]

checks if the supplied challenge response is correct.

Parameters:
  • passwd – The challenge response
  • options – A dictionary of parameters passed by the upper layer (used for transaction_id in this context)
  • counter – legacy API (unused)
  • window – legacy API (unused)
Raises TokenStateError:
 

If token state is not ‘active’ or ‘pairing_challenge_sent’

Returns:

-1 for failure, 1 for success

createChallenge(transaction_id, options)[source]

entry hook for the challenge logic. when this function is called a challenge with an transaction was created.

Parameters:
  • transaction_id – A unique transaction id used to identity the challenge object
  • options – additional options as a dictionary
Raises TokenStateError:
 

If token state is not ‘active’ or ‘pairing_response_received’

Returns:

A tuple (success, message, data, attributes) with success being a boolean indicating if the call to this method was successful, message being a string that is passed to the user, attributes being additional output data (unused in here)

create_challenge_url(transaction_id, content_type, callback_url='', message=None, login=None, host=None)[source]

creates a challenge url (looking like lseqr://push/<base64string>), returns the url and the unencrypted challenge data

Parameters:
  • transaction_id – The transaction id generated by LinOTP
  • content_type – One of the types CONTENT_TYPE_SIGNREQ, CONTENT_TYPE_PAIRING, CONTENT_TYPE_LOGIN
  • callback_url – callback url (optional), default is empty string
  • message – the transaction message, that should be signed by the client. Only for content type CONTENT_TYPE_SIGNREQ
  • login – the login name of the user. Only for content type CONTENT_TYPE_LOGIN
  • host – hostname of the user. Only for content type CONTENT_TYPE_LOGIN
Returns:

tuple (challenge_url, sig_base), with challenge_url being the push url and sig_base the message, that is used for the client signature

classmethod getClassInfo(key=None, ret='all')[source]
classmethod getClassPrefix()[source]
classmethod getClassType()[source]
getInitDetail(params, user=None)[source]

returns initialization details in the enrollment process (gets called after update method). used here to pass the pairing url to the user

Parameters:
  • params – parameters provided by the client
  • user – (unused)
Raises TokenStateError:
 

If token state is not ‘initialized’

Returns:

a dict consisting of a ‘pairing_url’ entry, containing the pairing url and a ‘pushtoken_pairing_url’ entry containing a data structure used in the manage frontend in the enrollment process

isActive()[source]
pair(pairing_data)[source]

If token has state ‘unpaired’ it saves the data from the pairing response and changes the state to ‘pairing_response_received’

If token is already in ‘active’ state it changes the gda supplied in the pairing response under the condition that the public key matches (re-pairing case)

Raises TokenStateError:
 If token state is not ‘active’ or ‘unpaired’
Parameters:pairing_data – A PushTokenPairingData object
statusValidationSuccess()[source]
update(params)[source]

initialization entry hook for the enrollment process.

Parameters:

params – parameters provided by the client

Raises:
  • Exception – If the client supplied unrecognized configuration parameters for this token type
  • Exception – If the policy ‘pushtoken_pairing_callback_url’ was not set.
  • TokenStateError – If token state is not None (default pre-enrollment state)