linotp.controllers.tokens module¶

class linotp.controllers.tokens.TokenAdapter(linotp_token)¶

Bases: object

Data class to hold a token representation based on the one returned by the TokenIterator, but transforming some of the fields.

The goal is not to have to repeat ourselves across all endpoint functions and keep the returned data structures in a consistent format.

to_JSON_format()¶

Return a JSON-compatible dictionary representation of the Token.

Some attributes are related to each other and grouped by “topic”, namely: tokenConfiguration, userInfo, usageData, and validityPeriod.

class linotp.controllers.tokens.TokensController(name, install_name='', **kwargs)¶

Bases: BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The TokenController is used for listing, creating, deleting and modifying tokens.

The following is the type definition of a Token:

{
    "id": number,
    "description": string,
    "serial": string,
    "type": string,
    "creationDate": date,
    "isActive": boolean,
    "realms": [string],
    "tokenConfiguration": {
        "countWindow": number,
        "syncWindow": number,
        "otpLength": number,
        "otpCounter": number,
    },
    "userInfo": {
        "id": string,
        "username": string,
        "description": string,
        "idResolverInfo": {
            "name": string,
            "class": string
        }
    },
    "usageCounters": {
        "loginAttempts": number,
        "maxLoginAttempts": number,
        "maxSuccessfulLoginAttempts": number,
        "lastSuccessfulLoginAttempts": date,
        "failedLoginAttempts": number,
        "maxFailedLoginAttempts": number,
        "lastAuthenticationMatch": date
    },
    "validityPeriod": {
        "start": date,
        "end": date,
    }
}

Note: If a Token has no user, userInfo will be None

after_request_funcs: t.Dict[ft.AppOrBlueprintKey, t.List[ft.AfterRequestCallable]]¶

A data structure of functions to call at the end of each request, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the after_request() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

before_request_funcs: t.Dict[ft.AppOrBlueprintKey, t.List[ft.BeforeRequestCallable]]¶

A data structure of functions to call at the beginning of each request, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the before_request() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

deferred_functions: t.List[DeferredSetupFunction]¶

error_handler_spec: t.Dict[ft.AppOrBlueprintKey, t.Dict[t.Optional[int], t.Dict[t.Type[Exception], ft.ErrorHandlerCallable]]]¶

A data structure of registered error handlers, in the format {scope: {code: {class: handler}}}. The scope key is the name of a blueprint the handlers are active for, or None for all requests. The code key is the HTTP status code for HTTPException, or None for other exceptions. The innermost dictionary maps exception classes to handler functions.

To register an error handler, use the errorhandler() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

get_token_by_serial(serial)¶

Method: GET /api/v2/tokens/<serial>

Display all the information on a single token.

Parameters:

serial (string) – the unique token serial

Returns:

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": Token
}

Raises:

PolicyException – if the logged-in admin does not have the correct permissions to view the token, return an HTTP 403 error response
Exception – if any other error occurs the exception message is serialized and returned in an HTTP 500 error response

get_tokens()¶

Method: GET /api/v2/tokens

Display the list of all tokens visible to the logged-in administrator.

Should the pageSize parameter be defined, the list of tokens is truncated to the given length. By default, the first page is returned. Setting the page parameter allows retrieving other pages.

Parameters:

pageSize (int, optional) – limit the number of returned tokens, defaults to 50 (unless another value is specified in the configuration). Setting it to 0 returns all tokens.
page (int, optional) – request a certain page, defaults to 0
sortBy (str, optional) – sort the output by column, defaults to ‘serial’
sortOrder (str, optional) – ‘asc’ or ‘desc’, defaults to ‘asc’
searchTerm (str, optional) – limit entries to those partially matching the searchTerm
userId (str, optional) – limit the results to the tokens owned by the users with this user ID
username (str, optional) – limit the results to the tokens owned by the users with this username. Supports * as wildcard operator.
realm (str, optional) – limit the results to the tokens owned by the users in this realm. Supports * as wildcard operator.
resolverName (str, optional) – limit the results to the tokens owned by users in this resolver

Returns:

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": {
        "page": number,
        "pageSize": number,
        "totalPages": number,
        "totalRecords": number,
        "pageRecords": [ Token ]
    }
}

Raises:

PolicyException – if the logged-in admin does not have the correct permissions to list tokens, return an HTTP 403 error response
Exception – if any other error occurs the exception message is serialized and returned in an HTTP 500 error response

name: str¶

teardown_request_funcs: t.Dict[ft.AppOrBlueprintKey, t.List[ft.TeardownCallable]]¶

A data structure of functions to call at the end of each request even if an exception is raised, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the teardown_request() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

template_context_processors: t.Dict[ft.AppOrBlueprintKey, t.List[ft.TemplateContextProcessorCallable]]¶

A data structure of functions to call to pass extra context values when rendering templates, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the context_processor() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

url_default_functions: t.Dict[ft.AppOrBlueprintKey, t.List[ft.URLDefaultCallable]]¶

A data structure of functions to call to modify the keyword arguments when generating URLs, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the url_defaults() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

url_value_preprocessors: t.Dict[ft.AppOrBlueprintKey, t.List[ft.URLValuePreprocessorCallable]]¶

A data structure of functions to call to modify the keyword arguments passed to the view function, in the format {scope: [functions]}. The scope key is the name of a blueprint the functions are active for, or None for all requests.

To register a function, use the url_value_preprocessor() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

view_functions: t.Dict[str, t.Callable]¶

A dictionary mapping endpoint names to view functions.

To register a view function, use the route() decorator.

This data structure is internal. It should not be modified directly and its format may change at any time.

linotp.controllers.tokens module¶

Table of Contents

Previous topic

Next topic

This Page