linotp.controllers.resolvers module

class linotp.controllers.resolvers.ResolversController(name, install_name='', **kwargs)

Bases: BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The ResolverController is used for creating, deleting and modifying resolvers, and getting users from a resolver.

The following is the type definition of a Resolver:

{
    "name": string,
    "entry": string,
    "type": string,
    "spec": string,
    "immutable": boolean,
    "readonly": boolean,
    "admin": boolean,
    "realms": [string]
}

And the following is the type definition of a User:

{
    "userId": string;
    "givenName": string;
    "surname": string;
    "email": string;
    "mobile": string;
    "phone": string;
    "username": string;
    "resolverName": string;
    "resolverClass": string;
}
get_resolvers()

Method: GET /api/v2/resolvers

Return the list of all resolvers visible to the logged-in administrator.

Visible resolvers are determined as follows:

  • If the admin has the permission for scope=system, action=read, all resolvers are visible.

  • If the admin has the permission scope=admin for a realm , the resolvers in that realm will be visible.

Returns

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": [ Resolver ]
}

Raises

  • PolicyException – if the logged-in admin does not have the correct permissions to list resolvers, the exception message is serialized and returned. The response has status code 403.

  • Exception – if any other error occurs the exception message is serialized and returned. The response has status code 500.

get_user(resolver_name, user_id)

Method: GET /api/v2/resolvers/<resolverName>/users/<userId>

Display the requested user, provided it is visible to the logged-in administrator.

A visible user is determined as follows:

  • If the administrator has the permission for scope=admin, action=userlist, for a certain realm, users of all resolvers in that realm are visible. This is the case no matter how the permission is defined: either by explicitly naming a realm, by setting all realms via a wildcard (realm=”*”), or by implicitly giving permissions for everything in the admin scope by not setting any admin scope policies.

  • If the resolver is not in any realm yet, the user is also visible if the administrator has permissions for all realms as described in the previous point (either via wildcard or implicitly).

Parameters

  • resolverName (str) – name of the resolver

  • userId (str) – ID of the user within the resolver

Returns

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": User
}

Raises

  • PolicyException – if the logged-in admin does not have the correct permissions to list users in the given resolver, the exception message is serialized and returned. The response has status code 403.

  • UserNotFoundException – if the user is not found, the exception message is serialized and returned with status code 404.

  • Exception – if any other error occurs the exception message is serialized and returned with status code 500.

get_users(resolver_name)

Method: GET /api/v2/resolvers/<resolverName>/users

Display the list of the users in a given resolver, provided the users of the resolver are visible to the logged-in administrator.

Visible users are determined as follows:

  • If the administrator has the permission for scope=admin, action=userlist, for a certain realm, users of all resolvers in that realm are visible. This is the case no matter how the permission is defined: either by explicitly naming a realm, by setting all realms via a wildcard (realm=”*”), or by implicitly giving permissions for everything in the admin scope by not setting any admin scope policies.

  • If the resolver is not in any realm yet, the users are also visible if the administrator has permissions for all realms as described in the previous point (either via wildcard or implicitly).

Should the pageSize parameter be defined, the list of users is truncated to the given length. By default, the first page is returned. Setting the page parameter allows retrieving other pages.

Parameters

  • resolverName (str) – name of the resolver

  • <searchexpr> (str, optional) – limit results to those matching the searchexpr. Will be retrieved from the UserIdResolverClass. Example: username=Alice.

  • searchTerm (str, optional) – limit results to those matching the searchTerm in at least one searchable field. Supports * as a wildcard operator.

  • sortBy (str, optional) – sort the output by column, defaults to ‘username’

  • sortOrder (str, optional) – ‘asc’ or ‘desc’, defaults to ‘asc’

  • pageSize (int, optional) – limit the number of returned users, defaults to 50 (unless another value is specified in the configuration). Setting it to 0 returns all users.

  • page (int, optional) – request a certain page, defaults to 0

Returns

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": {
        "page": number,
        "pageSize": number,
        "totalPages": number,
        "totalRecords": number,
        "pageRecords": [ User ]
    }
}

Raises

  • PolicyException – if the logged-in admin does not have the correct permissions to list users in the given resolver, the exception message is serialized and returned. The response has status code 403.

  • Exception – if any other error occurs the exception message is serialized and returned. The response has status code 500.

exception linotp.controllers.resolvers.UserNotFoundException

Bases: Exception