linotp.lib.auth.validate module

validation processing logic

class linotp.lib.auth.validate.ValidationHandler

Bases: object

checkSerialPass(serial, passw, options=None, user=None)

This function checks the otp for a given serial

Attention

the parameter user must be set, as the pin policy==1 will verify the user pin

checkTokenList(tokenList, passw, user=User(login='', realm='', conf='' ::resolverUid:{}, resolverConf:{}), options=None)

identify a matching token and test, if the token is valid, locked .. This function is called by checkSerialPass and checkUserPass to

Parameters

  • tokenList – list of identified tokens

  • passw – the provided passw (mostly pin+otp)

  • user – the identified use - as class object

  • options – additional parameters, which are passed to the token

Returns

tuple of boolean and optional response

checkUserPass(user, passw, options=None)
Parameters

  • user – the to be identified user

  • passw – the identification pass

  • options – optional parameters, which are provided to the token checkOTP / checkPass

Returns

tuple of True/False and optional information

checkYubikeyPass(passw)

Checks the password of a yubikey in Yubico mode (44,48), where the first 12 or 16 characters are the tokenid

Parameters

passw (string) – The password that consist of the static yubikey prefix and the otp

Returns

True/False and the User-Object of the token owner

Return type

dict

check_by_transactionid(transid, passw, options=None)

check the passw against the open transaction

Parameters

  • transid – the transaction id

  • passw – the pass parameter

  • options – the additional optional parameters

Returns

tuple of boolean and detail dict

check_status(transid=None, user=None, serial=None, password=None, use_offline=False)

check for open transactions - for polling support

Parameters

  • transid – the transaction id where we request the status from

  • user – the token owner user

  • serial – or the serial we are searching for

  • password – the pin/password for authorization the request

  • use_offline – on success the offline info is returned

Returns

tuple of success and detail dict

do_request()
linotp.lib.auth.validate.check_otp(token, otpval, options=None)

check the otp value

Parameters

  • token – the corresponding token

  • otpval – the to be checked otp value

  • options – the additional request parameters

Returns

result of the otp check, which is the matching otpcounter or -1 if not valid

linotp.lib.auth.validate.check_pin(token, passw, user=None, options=None)

check the provided pin w.r.t. the policy definition

Parameters

  • passw – the to be checked pass

  • user – if otppin==1, this is the user, which resolver should be checked

  • options – the optional request parameters

Returns

boolean, if pin matched True

linotp.lib.auth.validate.split_pin_otp(token, passw, user=None, options=None)

split the pin and the otp from the given password

Parameters

  • token – the corresponding token

  • passw – the to be split password

  • user – the token user

  • options – currently not used, but might be forwarded to the token.splitPinPass

Returns

tuple of (split status, pin and otpval)