linotp.app module

exception linotp.app.ConfigurationError

Bases: Exception

class linotp.app.ExtFlaskConfig(*args, **kwargs)

Bases: Config

This is a variation on Flask’s Config class which handles directory and file names specially. If the name of a configuration setting ends with _DIR (except ROOT_DIR) or _FILE, then if its value is not an absolute name (i.e., doesn’t begin with a slash), the value of ROOT_DIR is prepended to it whenever the configuration setting is looked at. This means that relative directory and file names in the configuration are relative to ROOT_DIR.

class RelativePathName

Bases: str

“Marker” that a string is really a relative path name.

check_directories()

config_schema: ConfigSchema = None

from_env_variables()

Take configuration settings from environment variables. E.g., an environment variable called LINOTP_XYZ can be used to set the XYZ configuration item, where its value will be appropriately converted from a string to whatever type XYZ uses (courtesy of ConfigSchema.check_item() by way of self.__setitem__()). This works only for configuration items that are listed in the configuration schema (which can be construed as a security feature).

This is particularly useful when using LinOTP in a Docker-like environment.

get(key, default=None)

We need to overload this so the relative-pathname hack will work even if people use foo.get(‘bar’) instead of foo[‘bar’]. (It turns out that the built-in get() method doesn’t go through __getitem__() – __getitem__()’s mission in life is strictly to make the brackets do something.) The relative-pathname hack is just relevant for variables which contains a _file or _dir entry. So just those calls got handled as warning in all other cases it is handled as debug.

set_schema(config_schema)

Use config_schema as the configuration schema for this app. The configuration schema specifies data types, conversion functions, validation functions, and default values for configuration items; see settings.py for details.

update(config_dict)

Take configuration variables from a dictionary. We don’t want to use dict.update() because that won’t pass the settings through ExtFlaskConfig.__setitem__().

class linotp.app.LinOTPApp

Bases: Flask

The main LinOTP Flask application instance

cache = None

Beaker cache for this app

check()

check_license()

if we are in the setup cycle, we check for the linotpLicenseFile

create_context()

create the request context for all controllers

database_needed() → bool

Does the app require a database?

Whether the app needs a database depends on the command that was executed. Some commands such as init and config need to be able to run without trying to connect to databases.

enable_controller(ctrl_name, url_prefix=None, ctrl_class_name=None)

Initialise an individual controller and its routing

Parameters

• ctrl_name – The name of the controller

• url_prefix – Alternative url prefix. Defaults to /ctrl_name

• ctrl_class_name – Name of controller class to load. Defaults to CtrlNameController

enabled_controllers: List[str]

Currently activated controller names

exclude_from_before_request_setup() → bool

finalise_request(exc)

getCacheManager()

Get cache manager instance for caching classes

A warning is logged if the cache manager is not available in the config

getRadiusDictionaryPath()

get the radius dictionary path

The dictionary file is in the same directory as this file

Returns

path to dictionary file

getRequestParams()

Parses the request params from the request objects body / params dependent on request content_type.

init_jwt_config()

Initialise the JWT authentication machinery.

The LinOTP configuration settings don’t support setting a dedicated secret key for JWT authentication, here we appropriate the first key from the SECRET_FILE (encKey) to use as the base for the secret key. We run this through PBKDF2 first, which is basically security theatre but doesn’t cost us a lot.

is_healthcheck_request() → bool

is_request_static() → bool

setup_audit()

setup_controllers()

Initialise controllers and their routing

DISABLE_CONTROLLERS and ‘ENABLE_CONTROLLERS’ are strings that contain space-separated list of controllers that should be made available. If an entry in this list is foo, this means that the Python module linotp.controllers.foo should be loaded and its FooController class be made available as a Flask blueprint at the /foo URL prefix. Our dispatch mechanism then ensures that a request to /foo/bar will be dispatched to the FooController.bar() view method.

In general, controllers may be specified as module:url_prefix:class_prefix (where url_prefix and class_prefix are optional and will be constructed from module as above if needed).

This function should be called during application setup

setup_resolvers()

Set up the available resolver classes

start_session()

initialize the request metadata

linotp.app.allocate_security_module()

Allocate a security module for the request.

As the security provider has been initialized at application start, we can now fetch an security module connection from the SecurityProvider pool and attach this to the request context (c)

TODO: c, which is the template context, should be replaced with the

app context (flask.g) which holds by definition the application resources on a per request base

linotp.app.create_app(config_name=None, config_extra=None)

Generate a new instance of the Flask app

This generates and configures the main application instance. Testing environments can use config_extra to provide extra configuration values such as a temporary database URL.

@param config_name The name of the configuration to load from settings.py @param config_extra An optional dict of configuration override values

linotp.app.drop_security_module()

Mark the request security module as free again.

drop the current security module (c.hsm) back to the security modules pool of security provider

linotp.app.healthcheck()

linotp.app.init_linotp_config(app)

initialize the app global linotp config manager

linotp.app.init_logging(app)

Sets up logging for LinOTP.

linotp.app.init_security_provider()

Initialize the security provider.

the security provider is an manager for a pool of security module connections.

The security provider will then provide on each request an hsm connection out of the pool with in the request context (flask.g).

linotp.app.setup_cache(app)

Initialise the Beaker cache for this app.