linotp.model package¶
Submodules¶
Module contents¶
- wrt. the column name limitations see:
- http://www.gplivna.eu/papers/naming_conventions.htm
Common rules 1. Only letters, numbers, and the underscore are allowed in names. Although
Oracle allows $ and #, they are not necessary and may cause unexpected problems.
- All names are in UPPERCASE. Or at least of no importance which case.
- Ignoring this rule usually leads referencing to tables and columns very clumsy because all names must be included in double quotes.
- The first character in the name must be letter.
- Keep the names meaningful, but in the same time don’t use
- long_names_describing_every_single_detail_of_particular_object.
-
class
linotp.model.
Challenge
(transid, tokenserial, challenge=u'', data=u'', session=u'')[source]¶ Bases:
object
the generic challange handling
-
challenge
¶
-
checkChallengeSignature
(hsm)[source]¶ check the integrity of a challenge
Parameters: hsm – security module Returns: success - boolean
-
close
()[source]¶ close a session and make it invisible to the validation
- remarks:
- we introduce the challenge status ‘closed’. It is set after a first successful authentication. The status is required, as we don’t remove the challenges after validation anymore
-
data
¶
-
get
(key=None, fallback=None, save=False)[source]¶ simulate the dict behaviour to make challenge processing easier, as this will have to deal as well with ‘dict only challenges’
Parameters: - key – the attribute name - in case key is not provided, a dict of all class attributes is returned
- fallback – if the attribute is not found, the fallback is returned
- save – in case of all attributes and save==True, the timestamp is converted to a string representation
-
get_vars
(save=False)[source]¶ return a dictionary of all vars in the challenge class
Returns: dict of vars
-
id
¶
-
ochallenge
¶
-
odata
¶
-
oochallenge
¶
-
ptransid
¶
-
received_count
¶
-
received_tan
¶
-
save
()[source]¶ enforce the saving of a challenge - will guarantee the uniqness of the transaction id
Returns: transaction id of the stored challenge
-
session
¶
-
setSession
(session)[source]¶ set the session state information like open or closed - contains in addition the mac of the whole challenge entry
Parameters: session – dictionary of the session info
-
signChallenge
(hsm)[source]¶ create a challenge signature and preserve it
Parameters: hsm – security module, which is able to calc the signature Returns: - nothing -
-
timestamp
¶
-
tokenserial
¶
-
transid
¶
-
valid_tan
¶
-
-
class
linotp.model.
Config
(Key, Value, Type=u'', Description=u'')[source]¶ Bases:
object
-
Description
¶
-
Key
¶
-
Type
¶
-
Value
¶
-
-
class
linotp.model.
OcraChallenge
(transId, challenge, tokenserial, data, session=u'')[source]¶ Bases:
object
-
challenge
¶
-
data
¶
-
id
¶
-
received_count
¶
-
received_tan
¶
-
session
¶
-
timestamp
¶
-
tokenserial
¶
-
transid
¶
-
valid_tan
¶
-
-
class
linotp.model.
Reporting
(event, realm, parameter=u'', value=u'', count=0, detail=u'', session=u'', description=u'', timestamp=None)[source]¶ Bases:
object
-
count
¶
-
description
¶
-
detail
¶
-
event
¶
-
id
¶
-
parameter
¶
-
realm
¶
-
session
¶
-
timestamp
¶
-
value
¶
-
-
class
linotp.model.
Token
(serial)[source]¶ Bases:
object
-
LinOtpCount
¶
-
LinOtpCountWindow
¶
-
LinOtpCreationDate
¶
-
LinOtpFailCount
¶
-
LinOtpIdResClass
¶
-
LinOtpIdResolver
¶
-
LinOtpIsactive
¶
-
LinOtpKeyEnc
¶
-
LinOtpKeyIV
¶
-
LinOtpLastAuthMatch
¶
-
LinOtpLastAuthSuccess
¶
-
LinOtpMaxFail
¶
-
LinOtpOtpLen
¶
-
LinOtpPinHash
¶
-
LinOtpSeed
¶
-
LinOtpSyncWindow
¶
-
LinOtpTokenDesc
¶
-
LinOtpTokenId
¶
-
LinOtpTokenInfo
¶
-
LinOtpTokenPinSO
¶
-
LinOtpTokenPinSOIV
¶
-
LinOtpTokenPinUser
¶
-
LinOtpTokenPinUserIV
¶
-
LinOtpTokenSerialnumber
¶
-
LinOtpTokenType
¶
-
LinOtpUserid
¶
-
get
(key=None, fallback=None, save=False)[source]¶ simulate the dict behaviour to make challenge processing easier, as this will have to deal as well with ‘dict only challenges’
Parameters: - key – the attribute name - in case key is not provided, a dict of all class attributes is returned
- fallback – if the attribute is not found, the fallback is returned
- save – in case all attributes are returned and save==True, the timestamp is converted to a string representation
-
realms
¶
-
set_encrypted_seed
(encrypted_seed, iv, reset_failcount=True, reset_counter=True)[source]¶ set_encrypted_seed - save the encrypted token seed / secret
Parameters: - encrypted_seed – the encrypted seed / secret
- iv – the initialization value / salt
- reset_failcount – reset the failcount on token update
- reset_counter – reset the otp counter on token update
-