linotp.tokens.emailtoken module¶
- This file contains the e-mail token implementation:
EmailTokenClass (HOTP)
- class linotp.tokens.emailtoken.EmailTokenClass(aToken)¶
Bases:
HmacTokenClassE-mail token (similar to SMS token)
- DEFAULT_EMAIL_BLOCKING_TIMEOUT = 120¶
- DEFAULT_EMAIL_PROVIDER = 'linotp.provider.emailprovider.SMTPEmailProvider'¶
- EMAIL_ADDRESS_KEY = 'email_address'¶
- authenticate(passw, user, options=None)¶
The e-mail token only supports challenge response mode therefore when a ‘normal’ authenticate’ request arrives we return false.
- Returns
pin_match, otp_counter, reply
- Return type
bool, int, string
- checkResponse4Challenge(user, passw, options=None, challenges=None)¶
verify the response of a previous challenge
There are two possible cases:
The ‘transaction_id’ (also know as ‘state’, which has the same value) is available in options
No ‘transaction_id’
In the first case we can safely assume that the passw only contains the OTP (no pin). In the second case passw will contain both and we split to get the OTP.
- Parameters
user – the requesting user
passw – the to be checked pass (pin+otp)
options – options an additional argument, which could be token specific
challenges – the list of challenges, where each challenge is described as dict
- Returns
tuple of (otpcounter and the list of matching challenges)
- createChallenge(transactionid, options=None)¶
create a challenge, which is submitted to the user
- Parameters
transactionid – the id of this challenge
options – the request context parameters / data
- Returns
tuple of (bool, message, data and attributes) bool, if submit was successful message is status-info submitted to the user data is preserved in the challenge attributes - additional attributes, which are displayed in the
output
- Return type
bool, string, dict, dict
- Raises
Exceptions will not be catched therefore any exception will be passed
to the upper calling method
- classmethod getClassInfo(key=None, ret='all')¶
getClassInfo - returns a subtree of the token definition
- Parameters
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns
subsection if key exists or user defined
- Return type
s.o.
- classmethod getClassPrefix()¶
- classmethod getClassType()¶
getClassType - return the token type shortname
- Returns
‘hmac’
- Return type
string
- getInitDetail(params, user=None)¶
to complete the token normalisation, the response of the initialiastion should be build by the token specific method, the getInitDetails
- initChallenge(transactionid, challenges=None, options=None)¶
initialize the challenge - This method checks if the creation of a new challenge (identified by transactionid) should proceed or if an old challenge should be used instead.
- Parameters
transactionid – the id of the new challenge
options – the request parameters
- Returns
tuple of success - bool transactionid_to_use - the best transaction id for this
request context
message - which is shown to the user attributes - further info (dict) shown to the user
- is_challenge_response(passw, user, options=None, challenges=None)¶
Checks if the request is a challenge response.
With the e-mail token every request has to be either a challenge request or a challenge response.
Normally the client is unable to generate OTP values for this token himself (because the seed is generated on the server and not published) and has to wait to get it by e-mail. Therefore he either makes a challenge-request (triggering the e-mail) or he makes a challenge- response (sending the OTP value he received).
- Returns
Is this a challenge response?
- Return type
bool
- update(param, reset_failcount=True)¶
update - process initialization parameters
- Parameters
param (dict) – dict of initialization parameters
- Returns
nothing
- linotp.tokens.emailtoken.is_email_editable(user='')¶
this function checks the policy scope=selfservice, action=edit_email This is a int policy, while the ‘0’ is a deny