linotp.lib.user module¶
contains user - related functions
- exception linotp.lib.user.NoResolverFound¶
Bases:
Exception
- class linotp.lib.user.User(login='', realm='', resolver_config_identifier='')¶
Bases:
object- addResolverUId(resolver, uid, conf='', resId='', resCId='')¶
- checkPass(password)¶
- exists()¶
check if a user exists in the given realm
- getPermissions()¶
- getRealms()¶
return all realms in which the user is located
- Returns
list of realms
- getResolverConf(resolver_spec)¶
- getResolverUId(resolver_spec)¶
- getResolvers()¶
- getUserInfo(resolver=None)¶
- getUserPerConf()¶
a wildcard usr (realm = *) could have multiple configurations this method will return a list of uniq users, one per configuration
- Returns
list of users
- static get_fq_resolver(res)¶
- get_full_qualified_names()¶
Get full qualified names.
- Returns
list of full qualified names
- get_uid_resolver(resolvers=None)¶
generator to get the uid and resolver info of the user
- Parameters
resolvers – provide the resolver, where to check for the user
- Returns
the tuple of uid and resolver
- linotp.lib.user.delete_from_local_cache(login, user_id, resolver_spec)¶
remove info from the request local cache
- linotp.lib.user.delete_from_realm_resolver_cache(login, realmname)¶
helper for realm cache cleanup
- linotp.lib.user.delete_from_realm_resolver_local_cache(login, realmname)¶
helper for local realm cache cleanup
- linotp.lib.user.delete_from_resolver_user_cache(login, user_id, resolver_spec)¶
clean up the resolver cache
- linotp.lib.user.delete_from_user_cache(user_name, user_id, resolver_spec)¶
helper to remove permutation of user entry
- linotp.lib.user.delete_realm_resolver_cache(realmname)¶
in case of a resolver change / delete, we have to dump the cache
- linotp.lib.user.delete_resolver_user_cache(resolver_spec)¶
in case of a resolver change / delete, we have to dump the user cache
- linotp.lib.user.find_resolver_spec_for_config_identifier(realms_dict, config_identifier)¶
Iterates through a realms dictionary, extracts the resolver specification and returns it, when its config identifier matches the provided config_identifier argument
- Parameters
realms_dict – A realms dictionary
config_identifier – The config identifier to search for
:return Resolver specification (or None if no match occurred)
- linotp.lib.user.getRealmBox()¶
returns the config value of selfservice.realmbox. if True, the realmbox in the selfservice login will be displayed. if False, the realmbox will not be displayed and the user needs to login
via user@realm
- linotp.lib.user.getResolvers(user)¶
get the list of the Resolvers within a users.realm or from the resolver conf, if given in the user object
- Note
It ignores the user.login attribute!
- Parameters
user (User object) – User with realm or resolver conf
- linotp.lib.user.getResolversOfUser(user)¶
getResolversOfUser returns the list of the Resolvers of a user in a given realm. A user can be be in more than one resolver if the login name is the same and if the user has the same id.
The usecase behind this constrain is that an user for example could be ldap wise in a group which could be addressed by two queries.
- Parameters
user – userobject with user.login, user.realm
- Returns
array of resolvers, the user was found in
- linotp.lib.user.getSearchFields(user)¶
- linotp.lib.user.getSplitAtSign()¶
returns the config value of splitAtSign. if True, the username should be split if there is an at sign. if False, the username will be taken unchanged for loginname.
- linotp.lib.user.getUserDetail(user)¶
Returns userinfo of an user
- Parameters
user – the user
- Returns
the userinfo dict
- linotp.lib.user.getUserFromParam(param)¶
establish an user object from the request parameters
- linotp.lib.user.getUserFromRequest()¶
This function returns the logged-in user as object
- Returns
the authenticated user as user object or None
- linotp.lib.user.getUserId(userObject)¶
- Parameters
user – user object
- Returns
(uid,resId,resIdC)
- linotp.lib.user.getUserInfo(userid, resolver, resolver_spec)¶
get the user info for an given user, identified by the userid + resolver/resolver_spec
- Parameters
userid – the unique user identifier
resolver – the resolver (optional)
resolver_spec – the resolver identifier + name
- Returns
dictionary, which is empty, if no user info could be retreived
- linotp.lib.user.getUserList(param, search_user)¶
- linotp.lib.user.getUserListIterators(param, search_user)¶
return a list of iterators for all userid resolvers
- Parameters
param – request params (dict), which might be realm or resolver conf
search_user – restrict the resolvers to those of the search_user
- linotp.lib.user.getUserPhone(user, phone_type='phone')¶
Returns the phone numer of a user
- Parameters
user (user object) – the user with the phone
phone_type (string) – The type of the phone, i.e. either mobile or phone (land line)
- Returns
list with phone numbers of this user object
- linotp.lib.user.getUserRealms(user, allRealms=None, defaultRealm=None)¶
Returns the realms, a user belongs to. If the user has no realm but only a useridresolver, than all realms, containing this resolver are returned. This function is used for the policy module
- linotp.lib.user.getUserResolverId(user, report=False)¶
get the resolver id of the user
- linotp.lib.user.get_authenticated_user(username, realm, password=None, realm_box=False, options=None)¶
check the username and password against a userstore.
remark: the method is used for auto_enrollToken/auto_assignToken
- Parameters
username – the user login name
realm – the realm, where the user belongs to
password – the to be checked userstore password
realm_box – take the information, if realmbox is displayed
- Returns
None or authenticated user object
- linotp.lib.user.get_resolvers_of_user(login, realm)¶
get the resolvers of a given user, identified by loginname and realm
- linotp.lib.user.get_user_from_options(options_dict, fallback_user=None, fallback_realm=None)¶
return a tuple of user login and realm considering the options contexts
in the token implementation we often require to make a policy lookup. As the policies are user and realm dependent we require to define for witch user or realm this lookup should be made. The input can be taken from: - the token owner or - options, the request additional parameters which might contain a user
object or a login name or
the token realm, if neither user or owner is given
- Parameters
options_dict – the request options dict with the user
fallback_user – which should be set with the token owner
fallback_realm – which should be set with the token realm
- Returns
the tuple with user login and realm
- linotp.lib.user.get_userinfo(user: User, secure: bool = True) Dict¶
” gather information about a user to be returned for rendering
to ease the rendering process, in case of an error we just return an empty structure and log the errors
- Parameters
user – User class object
secure – defines if the crypted password will be part of the returned structure
- linotp.lib.user.lookup_user_in_resolver(login, user_id, resolver_spec, user_info=None)¶
lookup login or uid in resolver to get userinfo
- Remark
the userinfo should not be part of this api and not be cached
- Parameters
login – login name
user_id – the users unique identifier
resolver_spec – the resolver specifier
user_info – optional parameter, required to fill the cache
- Returns
login, uid, user info
- linotp.lib.user.setRealm(realm, resolvers)¶
- linotp.lib.user.splitUser(username)¶
split the username into the user and realm
- Parameters
username – the given username
- Returns
tuple of (user and group/realm)