linotp.tokens.passwordtoken module

This file containes PasswordTokenClass

class linotp.tokens.passwordtoken.PasswordTokenClass(aToken)

Bases: HmacTokenClass

This Token does use a static Password as the OTP value. In addition, the OTP PIN can be used with this token. This Token can be used for a scenario like losttoken

checkOtp(anOtpVal, counter, window, options=None)

checks the static password - using the secret object password comparison method

Parameters

  • anOtpVal – the password to be compared

  • counter

    • not used for the password token -

  • window

    • not used for the password token -

  • options

    • not used for the password token -

Returns

counter, which is 0 for success and -1 for failure

check_otp_exist(otp, window=10, user=None, autoassign=False)

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

Parameters

  • otp (string) – the to be verified otp value

  • window (int) – the lookahead window for the counter

Returns

counter or -1 if otp does not exist

Return type

int

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters

  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns

subsection if key exists or user defined

Return type

s.o.

classmethod getClassPrefix()
classmethod getClassType()

getClassType - return the token type shortname

Returns

‘hmac’

Return type

string

setOtpKey(otpKey, reset_failcount=True)

the seed / secret for the password token contains the unix hashed (hmac256) format of the password. the iv is used as indicator that we are using the new format, which is the ‘:1:’ indicator

Parameters

  • otpKey – the token seed / secret

  • reset_failcount – boolean, if the failcounter should be reseted

update(param)

update - the api, which is called during the token enrollment

we have to make sure that the otpkey, which carries our password is encoded as utf-8 to not break the storing

Raises

otpkey contains the password and is required therefore otherewise raises ParameterError

validate_seed(seed)

Accepts every seed because password token has no restrictions. This overrides the hmactoken’s seed validation (only hex).

Parameters

seed – a string that should be checked for

validity as a seed (aka otpkey)