linotp.tokens.passwordtoken module

This file containes PasswordTokenClass

class linotp.tokens.passwordtoken.PasswordTokenClass(aToken)

Bases: HmacTokenClass

This Token does use a static Password as the OTP value. In addition, the OTP PIN can be used with this token. This Token can be used for a scenario like losttoken

checkOtp(anOtpVal, counter, window, options=None)

checks the static password - using the secret object password comparison method

Parameters:

  • anOtpVal – the password to be compared

  • counter

    • not used for the password token -

  • window

    • not used for the password token -

  • options

    • not used for the password token -

Returns:

counter, which is 0 for success and -1 for failure

check_otp_exist(otp, window=10, user=None, autoassign=False)

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

Parameters:

  • otp (string) – the to be verified otp value

  • window (int) – the lookahead window for the counter

Returns:

counter or -1 if otp does not exist

Return type:

int

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters:

  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

s.o.

classmethod getClassPrefix()
classmethod getClassType()

getClassType - return the token type shortname

Returns:

‘hmac’

Return type:

string

setOtpKey(otpKey, reset_failcount=True)

the seed / secret for the password token contains the unix hashed (hmac256) format of the password. the iv is used as indicator that we are using the new format, which is the ‘:1:’ indicator

Parameters:

  • otpKey – the token seed / secret

  • reset_failcount – boolean, if the failcounter should be reseted

update(param)

update - the api, which is called during the token enrollment

we have to make sure that the otpkey, which carries our password is encoded as utf-8 to not break the storing

Raises:

otpkey contains the password and is required therefore otherewise raises ParameterError

validate_seed(seed)

Accepts every seed because password token has no restrictions. This overrides the hmactoken’s seed validation (only hex).

Parameters:

seed – a string that should be checked for

validity as a seed (aka otpkey)