linotp.useridresolver.SQLIdResolver module

This module implements the communication and data mapping to SQL servers. The LinOTP server imports this module to use SQL databases as a userstore.

Dependencies: UserIdResolver

class linotp.useridresolver.SQLIdResolver.IdResolver

Bases: UserIdResolver

A resolver class for userIds

Attributes

managed: means it uses the linotp DB [session] for storing and retrieving user information.

checkMapping()

check the given sql field map against the sql table definition

Returns

checkPass(uid, password)

checkPass - checks the password for a given uid.

Parameters

  • uid (string) – userid to be checked

  • password (string) – user password

:return : true in case of success, false if password does not match :rtype : boolean

Todo

extend to support htpasswd passwords: http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

close()

close the db connection - will be called at the end of the request

connect(sqlConnect=None)

create a db connection and preserve session in self.dbObj

Parameters

sqlConnect – the sql connection string

critical_parameters: List[str] = ['Driver', 'Server', 'Port', 'Database', 'User', 'Table']
crypted_parameters: List[str] = ['Password']
db_prefix = 'useridresolver.SQLIdResolver.IdResolver'
classmethod getResolverClassDescriptor()

return the descriptor of the resolver, which is - the class name and - the config description

Returns

resolver description dict

Return type

dict

classmethod getResolverClassType()

provide the resolver type for registration

getResolverDescriptor()

return the descriptor of the resolver, which is - the class name and - the config description

Returns

resolver description dict

Return type

dict

getResolverId()

getResolverId - provide the resolver identifier

Returns

returns the resolver identifier string or empty string if not exist

:rtype : string

getResolverType()

getResolverType - return the type of the resolver

Returns

returns the string ‘sqlresolver’

Return type

string

getSearchFields()

return all fields on which a search could be made

Returns

dictionary of the search fields and their types

Return type

dict

getUserId(loginName)

return the userId which mappes to a loginname

Parameters

loginName (string) – login name of the user

Returns

userid - unique idenitfier for this unser

Return type

string

getUserInfo(userId, suppress_password=True)

return all user related information

@param userId: specified user @type userId: string @return: dictionary, containing all user related info @rtype: dict

getUserList(searchDict)

retrieve a list of users

Parameters

searchDict (dict) – dictionary of the search criteria

Returns

list of user descriptions (as dict)

getUsername(userId)

get the loginname from the given userid

Parameters

userId (string) – userid descriptor

Returns

loginname

Return type

string

loadConfig(config, conf='')

loadConfig - load the config for the resolver

Parameters

  • config (dict) – configuration for the sqlresolver

  • conf (string) – configuration postfix

classmethod primary_key_changed(new_params, previous_params)

check if during the parameter update the primary key has changed

Parameters

  • new_params – the set of new parameters

  • previous_params – the set of previous parameters

Returns

boolean

resolver_parameters: Dict[str, Tuple[bool, Optional[Union[str, bool, int]], Callable[[Any], Any]]] = {'Connect': (False, '', <class 'str'>), 'Database': (False, '', <class 'str'>), 'Driver': (False, None, <class 'str'>), 'Encoding': (False, 'utf-8', <class 'str'>), 'Limit': (False, '1000', <class 'int'>), 'Map': (False, '', <class 'str'>), 'Password': (True, '', <function encrypted_data>), 'Port': (False, '', <class 'str'>), 'Server': (False, '', <class 'str'>), 'Table': (False, '', <class 'str'>), 'User': (False, '', <class 'str'>), 'Where': (False, '', <class 'str'>), 'conParams': (False, '', <class 'str'>), 'readonly': (False, False, <function boolean>)}
classmethod setup(config=None, cache_dir=None)

this setup hook is triggered, when the server starts to serve the first request

Parameters

config (the linotp config dict) – the linotp config

classmethod testconnection(parameters)

This is used to test if the given parameter set will do a successful SQL connection and return the number of found users params are:

  • Driver

  • Server

  • Port

  • Database

  • User

  • Password

  • Table

linotp.useridresolver.SQLIdResolver.build_simple_connect(driver, user=None, pass_=None, server=None, port=None, db=None, conParams=None)

build from the parameters the sql connect url

Parameters

  • driver – the url protocol / prefix

  • user – the database accessing user

  • pass – the password of database accessing user

  • server – the hostname for the server could be empty

  • port – the port on th server host, could be empty

  • db – the database on the server

  • conParams – additional and optional database parameter

return the connection string

linotp.useridresolver.SQLIdResolver.call_on_connect(dbapi_con, connection_record)
linotp.useridresolver.SQLIdResolver.check_password(password, crypted_password, salt=None)

check the crypted password and the optional salt for various password schemes defining a passlib crypto context

  • {id}pwdata - LDAP format

  • $id$pwdata - modular crypt format

  • other format like the Atlassian or PHP passwords

  • support db format

  • support for archaic formats like Des

the definitions of the crypto context is made above in the schema lists

the algorithm iterates over the crypto contexts to identify the type of the password and, if salt is provided, tries to verify with or without salt.

Parameters

  • password – plaintext password

  • crypted_password – the crypted password

  • salt – optional

Returns

boolean

class linotp.useridresolver.SQLIdResolver.dbObject

Bases: object

close()
connect(sqlConnect, db=None, timeout=5)

create a db session with the sqlConnect string or with the flask sqlalchemy db object

Parameters

  • sqlConnect – sql url for the connection

  • db – the configured flask-sqlalchemy db object (this overrides the sqlConnect parameter)

count(table, where='')
getTable(tableName)
query(select)
linotp.useridresolver.SQLIdResolver.make_connect(driver, user, pass_, server, port, db, conParams='')

create a connect string from separate parts - to build a SQLAlchemy Uri

Parameters

  • driver (string) – mysql, postgres, …

  • user (string) – database connection user

  • pass (string) – password of the database user

  • server (string) – servername

  • port (string or int) – database connection port

  • db (string) – database name

  • conParams (string) – additional connection parameters

linotp.useridresolver.SQLIdResolver.testconnection(params)

provide the old interface for backward compatibility