linotp.lib.userservice module

logic for the userservice processing

linotp.lib.userservice.add_dynamic_selfservice_enrollment(config, actions)
add_dynamic_actions - load the html of the dynamic tokens

according to the policy definition

Parameters

actions (array of actions names) – the allowd policy actions for the current scope

Returns

hash of {tokentype : html for tab}

linotp.lib.userservice.add_dynamic_selfservice_policies(config, actions)
add_dynamic_actions - load the html of the dynamic tokens

according to the policy definition

Parameters

actions (array of actions names) – the allowd policy actions for the current scope

Returns

hash of {tokentype : html for tab}

linotp.lib.userservice.add_local_policies()

verify that value of the auth_cookie contains the correct user and client

Parameters

  • user – the authenticated user object

  • cookie – the auth_cookie

  • client – the requesting client

Returns

boolean

linotp.lib.userservice.check_session(request, user, client)

check if the user session is ok: - check if the sessionvalue is the same as the cookie - check if the user has been authenticated before by decrypt the cookie val

Parameters

request – the request context

:param user:the authenticated user :param client: the cookie is bouind to the client

Returns

boolean

create and auth_cookie value from the authenticated user and client

Parameters

  • user – the authenticated user

  • client – the requesting client

  • state – the state info for the authentication

Returns

the hmac256digest of the user data the expiration time as datetime the expiration time as string

linotp.lib.userservice.getTokenForUser(user, active=None, exclude_rollout=True)

should be moved to token.py

linotp.lib.userservice.get_context(config, user: User, client: str)

get the user dependend rendering context

Parameters

  • user – the selfservice auth user

  • realm – the selfservice realm

  • client – the selfservice client info - required for pre_context

Returns

context dict, with all rendering attributes

return the authentication data from the cookie, which is the user and the auth state and the optional state_data

Parameters

cookie – the session cookie, which is an hmac256 hash

Returns

triple of user, state and state_data

get the cookie encryption expiry from the config - if the selfservice is dropped from running locally, this

configuration option might not exist anymore

Returns

return the cookie encryption expiry

linotp.lib.userservice.get_pre_context(client)

get the rendering context before the login is shown, so the rendering of the login page could be controlled if realm_box or mfa_login is defined

Parameters

client – the rendering is client dependend, so we need the info

Returns

context dict, with all rendering attributes

linotp.lib.userservice.get_transaction_detail(transactionid)

Provide the information about a transaction.

Parameters

transactionid – the transaction id

Returns

dict with detail about challenge status

verify that value of the auth_cookie contains the correct user and client

Parameters

  • user – the authenticated user object

  • cookie – the auth_cookie

  • client – the requesting client

Returns

boolean