linotp.controllers.system module¶
system controller - to configure the system
-
class
linotp.controllers.system.
SystemController
(*args, **kw)[source]¶ Bases:
linotp.lib.base.BaseController
The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The SystemController is used to configure the LinOTP server. The functions of the SystemController are invoked like this
https://server/system/<functionname>The functions are described below in more detail.
-
checkPolicy
()[source]¶ - method:
- system/checkPolicy
- description:
- this function checks if a the given parameter will trigger a policy or not.
- arguments:
- user - the name of the user
- realm - the realm
- scope - the scope
- action
- client - the client IP
- returns:
- a json result like this:
- value : { “allowed” : “true”,
- “policy” : <Name der Policy, die das erlaubt hat> }
- value : { “allowed” : “false”,
- “info” : <sowas wie die Fehlermeldung> }
-
delConfig
()[source]¶ delete a configuration key * if an error occurs an exception is serializedsetConfig and returned
Parameters: key – configuration key name Returns: a json result with the deleted value
-
delPolicy
()[source]¶ - method:
- system/delPolicy
- description:
- this function deletes the policy with the given name
- arguments:
- name - the policy with the given name
- returns:
- a json result about the delete success
- exception:
- if an error occurs an exception is serialized and returned
-
delProvider
()[source]¶ - method:
- system/delProviders
- description:
- delete a SMS- and Email-providers
- arguments:
- name - the name of the SMS or EMail Provider type - the provider type
Returns: boolean, true if number of deleted config entries is > 0 else False with message in detail
-
delRealm
()[source]¶ - method:
- system/delRealm
- description:
- this function deletes the given realm
- arguments:
- realm - the name of the realm to be deleted
- returns:
- a json result if deleting the realm was successful
- exception:
- if an error occurs an exception is serialized and returned
-
delResolver
()[source]¶ - method:
- system/delResolver
- description:
- this function deletes an existing resolver All config keys of this resolver get deleted
- arguments:
- resolver - the name of the resolver to delete.
- returns:
- success state
- exception:
- if an error occurs an exception is serialized and returned
-
getConfig
()[source]¶ retrieve value of a defined configuration key, or if no key is given, the complete configuration is returned if an error occurs an exception is serialized and returned
- remark: the assumption is, that the access to system/getConfig
- is only allowed to privileged users
Parameters: key – generic configuration entry name (optional) Returns: a json result with key value or all key + value pairs
-
getDefaultRealm
()[source]¶ - method:
- system/getDefaultRealm
- description:
- this function returns the default realm
- arguments:
- ./.
- returns:
- a json description of the default realm
- exception:
- if an error occurs an exception is serialized and returned
-
getPolicy
()[source]¶ - method:
- system/getPolicy
- description:
- this function is used to retrieve the policies that you defined.
- arguments:
- realm - (optional) will return all policies in the given realm
- name - (optional) will only return the policy with the given
- name
- action (optional) will only return the policy with the given
- action
- user (optional) will only return the policy for this user
- scope - (optional) will only return the policies within the
- given scope
- export - (optional) The filename needs to be specified as the
- third part of the URL like /system/getPolicy/policy.cfg. It will then be exported to this file.
- display_inactive - (optional) if set, then also inactive policies
- will be displayed
- returns:
- a json result with the configuration of the specified policies
- exception:
- if an error occurs an exception is serialized and returned
-
getPolicyDef
()[source]¶ - method:
- system/getPolicyDef
- description:
- This is a helper function that returns the POSSIBLE policy definitions, that can be used to define your policies.
- arguments:
- scope - optional - if given, the function will only return policy
- definitions for the given scope.
- returns:
- the policy definitions of
- allowed scopes
- allowed actions in scopes
- type of actions
- exception:
- if an error occurs an exception is serialized and returned
-
getProvider
()[source]¶ - method:
- system/getProviders
- description:
- get a dict of SMS- and Email-providers
- arguments:
- name (optional) - the name of the provider in LinOTP type - the type of the provider: SMS or EMail
Returns: dictionary of provider with its entries as dictionary {‘ProviderA’ : { ‘Timeout’: ‘100’, …}
-
getProviderDef
()[source]¶ - method:
- system/getProviderDef
- description:
- get definition of a provider - used for automatic rendering
- arguments:
type (required) - the provider type class (optional) - the specific class definition or the parent
class definition if not specified
Returns: dictionary with the class as key and the parameters with their types as dictionaries
-
getRealms
()[source]¶ - method:
- system/getRealms
- description:
- returns all realm definitinos as a json result.
arguments:
- returns:
- a json result with a list of Realms
- exception:
- if an error occurs an exception is serialized and returned
Either the admin has the policy scope=system, action=read or he is rights in scope=admin for some realms. If he does not have the system-read-right, then he will only see the realms, he is admin of.
-
getResolver
()[source]¶ - method:
- system/getResolver
- description:
- this function retrieves the definition of the resolver
- arguments:
- resolver - the name of the resolver
- returns:
- a json result with the configuration of a specified resolver
- exception:
- if an error occurs an exception is serialized and returned
-
getResolvers
()[source]¶ - method:
- system/getResolvers
- descriptions:
- returns a json list of all useridresolvers
arguments:
- returns:
- a json result with a list of all available resolvers
- exception:
- if an error occurs an exception is serialized and returned
-
getSupportInfo
()[source]¶ return the support status, which is community support by default or the support subscription info, which could be the old license
-
importPolicy
()[source]¶ - method:
- system/importPolicy
- description:
- This function is used to import policies from a file.
- arguments:
- file - mandatory: The policy file in the POST request
-
isSupportValid
()[source]¶ verifies the support license status
- if ok
- status and value in response are both true
- else
- value is false and the detail is returned as detail in the response
-
policies_flexi
()[source]¶ This function is used to fill the policies tab Unlike the complex /system/getPolcies function, it only returns a simple array of the tokens.
-
setConfig
()[source]¶ set a configuration key or a set of configuration entries
parameter could either be in the form key=..&value=.. or as a set of generic keyname=value pairs.
Note
In case of key-value pairs the type information could be provided by an additional parameter with same keyname with the postfix “.type”. Value could then be ‘password’ to trigger the storing of the value in an encrypted form
Parameters: - key – configuration entry name
- value – configuration value
- type – type of the value: int or string/text or password password will trigger to store the encrypted value
- description – additional information for this config entry
or
Parameters: pairs (key-value) – pair of &keyname=value pairs Returns: a json result with a boolean “result”: true
-
setDefault
()[source]¶ - method:
- system/set
- description:
- define default settings for tokens. These default settings are used when new tokens are generated. The default settings will not affect already enrolled tokens.
- arguments:
- DefaultMaxFailCount - Default value for the maximum allowed
- authentication failures
- DefaultSyncWindow - Default value for the
- synchronization window
DefaultCountWindow - Default value for the counter window DefaultOtpLen - Default value for the OTP value length –
usuall 6 or 8- DefaultResetFailCount - Default value, if the FailCounter should
- be reset on successful authentication [True|False]
- returns:
- a json result with a boolean
- “result”: true
- exception:
- if an error occurs an exception is serialized and returned
-
setDefaultProvider
()[source]¶ - method:
- system/setDefaultProvider
- description:
- set provider (SMS- and Email) as default
- arguments:
- name - the name of the SMS or EMail Provider type - the provider type
Returns: boolean, true if number of deleted config entries is > 0 else False with message in detail
-
setDefaultRealm
()[source]¶ - method:
- system/setDefaultRealm
- description:
- this function sets the given realm to the default realm
- arguments:
- realm - the name of the realm, that should be the default realm
- returns:
- a json result with a list of Realms
- exception:
- if an error occurs an exception is serialized and returned
-
setPolicy
()[source]¶ - method:
- system/setPolicy
- description:
Stores a policy that define ACL or behaviour of several different actions in LinOTP. The policy is stored as configuration values like this:
Policy.<NAME>.action Policy.<NAME>.scope Policy.<NAME>.realm
- arguments:
- name: name of the policy action: which action may be executed scope: selfservice realm: This polcy holds for this realm user: (optional) This polcy binds to this user time: (optional) on which time does this policy hold client: (optional) for which requesting client this should be
- returns:
- a json result with success or error
- exception:
- if an error occurs an exception is serialized and returned
-
setProvider
()[source]¶ - method:
- system/setProvider
- description:
- creates or updates SMS- and Email-provider
- arguments:
- name - the name of the provider in LinOTP type - the type of the provider [email, sms] class - the name of the provider config - the configuration for this provider timeout - the timeout
Returns: boolean - True or False with message in detail
-
setRealm
()[source]¶ - method:
- system/setRealm
- description:
- this function is used to define a realm with the given useridresolvers
- arguments:
- realm - name of the realm
- resolvers - comma separated list of resolvers, that should be in this realm
- returns:
- a json result with a list of Realms
- exception:
- if an error occurs an exception is serialized and returned
-
setResolver
()[source]¶ - method:
- system/setResolver
- description:
- creates or updates a useridresolver
- arguments:
name - the name of the resolver type - the type of the resolver [ldapsersolver, sqlresolver]
- LDAP:
- LDAPURI LDAPBASE BINDDN BINDPW TIMEOUT SIZELIMIT LOGINNAMEATTRIBUTE LDAPSEARCHFILTER LDAPFILTER USERINFO NOREFERRALS - True|False
- SQL:
- Database Driver Server Port User Password Table Map
- returns:
- a json result with the found value
- exception:
- if an error occurs an exception is serialized and returned
-