linotp.tokens.spasstoken module

This file containes the dynamic SPass token implementation: - SpassTokenClass

class linotp.tokens.spasstoken.SpassTokenClass(aToken)[source]

Bases: linotp.tokens.base.TokenClass

This is a simple pass token. It does have no OTP component. The OTP checking will always succeed. Of course, an OTP PIN can be used.

authenticate(passw, user, options=None)[source]

in case of a wrong passw, we return a bad matching pin, so the result will be an invalid token

classmethod getClassInfo(key=None, ret='all')[source]

getClassInfo - returns a subtree of the token definition

Parameters:
  • key (string) – subsection identifier
  • ret (user defined) – default return value, if nothing is found
Returns:

subsection if key exists or user defined

Return type:

s.o.

classmethod getClassPrefix()[source]
classmethod getClassType()[source]
is_challenge_request(passw, user, options=None)[source]

This method checks, if this is a request, that triggers a challenge.

The default behaviour to trigger a challenge is, if the passw parameter only contains the correct token pin and the request contains a data or a challenge key i.e. if the options parameter contains a key data or challenge.

Each token type can decide on its own under which condition a challenge is triggered by overwriting this method.

please note: in case of pin policy == 2 (no pin is required) the check_pin would always return true! Thus each request containing a data or challenge would trigger a challenge!

Parameters:
  • passw (string) – password, which might be pin or pin+otp
  • user (User object) – The user from the authentication request
  • options (dict) – dictionary of additional request parameters
Returns:

true or false

is_challenge_response(passw, user, options=None, challenges=None)[source]

This method checks, if this is a request, that is the response to a previously sent challenge.

The default behaviour to check if this is the response to a previous challenge is simply by checking if the request contains a parameter state or transactionid i.e. checking if the options parameter contains a key state or transactionid.

This method does not try to verify the response itself! It only determines, if this is a response for a challenge or not.

Parameters:
  • passw (string) – password, which might be pin or pin+otp
  • user (User object) – the requesting user
  • options ((dict)) – dictionary of additional request parameters
  • challenges – A list of challenges for this token. These challenges may be used, to identify if this request is a response for a challenge.
Returns:

true or false

update(param)[source]