linotp.controllers.resolvers module

class linotp.controllers.resolvers.ResolversController(name, install_name='', **kwargs)

Bases: BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The ResolverController is used for creating, deleting and modifying resolvers, and getting users from a resolver.

The following is the type definition of a Resolver:

{
    "name": string,
    "entry": string,
    "type": string,
    "spec": string,
    "immutable": boolean,
    "readonly": boolean,
    "admin": boolean,
    "realms": [string]
}

And the following is the type definition of a User:

{
    "userId": string;
    "givenName": string;
    "surname": string;
    "email": string;
    "mobile": string;
    "phone": string;
    "username": string;
    "resolverName": string;
    "resolverClass": string;
}
after_request_funcs: t.Dict[ft.AppOrBlueprintKey, t.List[ft.AfterRequestCallable]]

A data structure of functions to call at the end of each request, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the after_request() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

before_request_funcs: t.Dict[ft.AppOrBlueprintKey, t.List[ft.BeforeRequestCallable]]

A data structure of functions to call at the beginning of each request, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the before_request() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

deferred_functions: t.List[DeferredSetupFunction]
error_handler_spec: t.Dict[ft.AppOrBlueprintKey, t.Dict[t.Optional[int], t.Dict[t.Type[Exception], ft.ErrorHandlerCallable]]]

A data structure of registered error handlers, in the format {scope: {code: {class: handler}}}. The scope key is the name of a blueprint the handlers are active for, or None for all requests. The code key is the HTTP status code for HTTPException, or None for other exceptions. The innermost dictionary maps exception classes to handler functions.

To register an error handler, use the errorhandler() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

get_resolvers()

Method: GET /api/v2/resolvers

Return the list of all resolvers visible to the logged-in administrator.

Visible resolvers are determined as follows:

  • If the admin has the permission for scope=system, action=read, all resolvers are visible.

  • If the admin has the permission scope=admin for a realm , the resolvers in that realm will be visible.

Returns:

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": [ Resolver ]
}

Raises:

  • PolicyException – if the logged-in admin does not have the correct permissions to list resolvers, the exception message is serialized and returned. The response has status code 403.

  • Exception – if any other error occurs the exception message is serialized and returned. The response has status code 500.

get_user(resolver_name, user_id)

Method: GET /api/v2/resolvers/<resolverName>/users/<userId>

Display the requested user, provided it is visible to the logged-in administrator.

A visible user is determined as follows:

  • If the administrator has the permission for scope=admin, action=userlist, for a certain realm, users of all resolvers in that realm are visible. This is the case no matter how the permission is defined: either by explicitly naming a realm, by setting all realms via a wildcard (realm=”*”), or by implicitly giving permissions for everything in the admin scope by not setting any admin scope policies.

  • If the resolver is not in any realm yet, the user is also visible if the administrator has permissions for all realms as described in the previous point (either via wildcard or implicitly).

Parameters:

  • resolverName (str) – name of the resolver

  • userId (str) – ID of the user within the resolver

Returns:

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": User
}

Raises:

  • PolicyException – if the logged-in admin does not have the correct permissions to list users in the given resolver, the exception message is serialized and returned. The response has status code 403.

  • UserNotFoundException – if the user is not found, the exception message is serialized and returned with status code 404.

  • Exception – if any other error occurs the exception message is serialized and returned with status code 500.

get_users(resolver_name)

Method: GET /api/v2/resolvers/<resolverName>/users

Display the list of the users in a given resolver, provided the users of the resolver are visible to the logged-in administrator.

Visible users are determined as follows:

  • If the administrator has the permission for scope=admin, action=userlist, for a certain realm, users of all resolvers in that realm are visible. This is the case no matter how the permission is defined: either by explicitly naming a realm, by setting all realms via a wildcard (realm=”*”), or by implicitly giving permissions for everything in the admin scope by not setting any admin scope policies.

  • If the resolver is not in any realm yet, the users are also visible if the administrator has permissions for all realms as described in the previous point (either via wildcard or implicitly).

Should the pageSize parameter be defined, the list of users is truncated to the given length. By default, the first page is returned. Setting the page parameter allows retrieving other pages.

Parameters:

  • resolverName (str) – name of the resolver

  • <searchexpr> (str, optional) – limit results to those matching the searchexpr. Will be retrieved from the UserIdResolverClass. Example: username=Alice.

  • searchTerm (str, optional) – limit results to those matching the searchTerm in at least one searchable field. Supports * as a wildcard operator.

  • sortBy (str, optional) – sort the output by column, defaults to ‘username’

  • sortOrder (str, optional) – ‘asc’ or ‘desc’, defaults to ‘asc’

  • pageSize (int, optional) – limit the number of returned users, defaults to 50 (unless another value is specified in the configuration). Setting it to 0 returns all users.

  • page (int, optional) – request a certain page, defaults to 0

Returns:

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": {
        "page": number,
        "pageSize": number,
        "totalPages": number,
        "totalRecords": number,
        "pageRecords": [ User ]
    }
}

Raises:

  • PolicyException – if the logged-in admin does not have the correct permissions to list users in the given resolver, the exception message is serialized and returned. The response has status code 403.

  • Exception – if any other error occurs the exception message is serialized and returned. The response has status code 500.

name: str
teardown_request_funcs: t.Dict[ft.AppOrBlueprintKey, t.List[ft.TeardownCallable]]

A data structure of functions to call at the end of each request even if an exception is raised, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the teardown_request() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

template_context_processors: t.Dict[ft.AppOrBlueprintKey, t.List[ft.TemplateContextProcessorCallable]]

A data structure of functions to call to pass extra context values when rendering templates, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the context_processor() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

url_default_functions: t.Dict[ft.AppOrBlueprintKey, t.List[ft.URLDefaultCallable]]

A data structure of functions to call to modify the keyword arguments when generating URLs, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the url_defaults() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

url_value_preprocessors: t.Dict[ft.AppOrBlueprintKey, t.List[ft.URLValuePreprocessorCallable]]

A data structure of functions to call to modify the keyword arguments passed to the view function, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the url_value_preprocessor() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

view_functions: t.Dict[str, t.Callable]

A dictionary mapping endpoint names to view functions.

To register a view function, use the route() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

exception linotp.controllers.resolvers.UserNotFoundException

Bases: Exception