linotp.useridresolver.SQLIdResolver module

This module implements the communication and data mapping to SQL servers. The LinOTP server imports this module to use SQL databases as a userstore.

Dependencies: UserIdResolver

class linotp.useridresolver.SQLIdResolver.IdResolver[source]

Bases: linotp.useridresolver.UserIdResolver.UserIdResolver


check the given sql field map against the sql table definition

checkPass(uid, password)[source]

checkPass - checks the password for a given uid.

  • uid (string) – userid to be checked
  • password (string) – user password

:return : true in case of success, false if password does not match :rtype : boolean

Todo:extend to support htpasswd passwords:

close the db connection - will be called at the end of the request


create a db connection and preserve session in self.dbObj

Parameters:sqlConnect – the sql connection string
critical_parameters = ['Driver', 'Server', 'Port', 'Database', 'User', 'Table']
crypted_parameters = ['Password']
db_prefix = 'useridresolver.SQLIdResolver.IdResolver'
classmethod getResolverClassDescriptor()[source]

return the descriptor of the resolver, which is - the class name and - the config description

Returns:resolver description dict
Return type:dict
classmethod getResolverClassType()[source]

provide the resolver type for registration


return the descriptor of the resolver, which is - the class name and - the config description

Returns:resolver description dict
Return type:dict

getResolverId - provide the resolver identifier

Returns:returns the resolver identifier string or empty string if not exist

:rtype : string


getResolverType - return the type of the resolver

Returns:returns the string ‘sqlresolver’
Return type:string

return all fields on which a search could be made

Returns:dictionary of the search fields and their types
Return type:dict

return the userId which mappes to a loginname

Parameters:loginName (string) – login name of the user
Returns:userid - unique idenitfier for this unser
Return type:string
getUserInfo(userId, suppress_password=True)[source]

return all user related information

@param userId: specied user @type userId: string @return: dictionary, containing all user related info @rtype: dict


retrieve a list of users

Parameters:searchDict (dict) – dictionary of the search criterias
Returns:list of user descriptions (as dict)

get the loginname from the given userid

Parameters:userId (string) – userid descriptor
Return type:string
loadConfig(config, conf='')[source]

loadConfig - load the config for the resolver

  • config (dict) – configuration for the sqlresolver
  • conf (string) – configuration postfix
classmethod primary_key_changed(new_params, previous_params)[source]

check if during the parameter update the primary key has changed

  • new_params – the set of new parameters
  • previous_params – the set of previous parameters


resolver_parameters = {'Connect': (False, '', <function text>), 'Database': (False, '', <function text>), 'Driver': (False, None, <function text>), 'Encoding': (False, 'utf-8', <function text>), 'Limit': (False, '1000', <type 'int'>), 'Map': (False, '', <function text>), 'Password': (True, '', <function encrypted_data>), 'Port': (False, '', <function text>), 'Server': (False, '', <function text>), 'Table': (False, '', <function text>), 'User': (False, '', <function text>), 'Where': (False, '', <function text>), 'conParams': (False, '', <function text>), 'readonly': (False, False, <function boolean>)}
classmethod setup(config=None, cache_dir=None)[source]

this setup hook is triggered, when the server starts to serve the first request

Parameters:config (the linotp config dict) – the linotp config
classmethod testconnection(parameters)[source]

This is used to test if the given parameter set will do a successful SQL connection and return the number of found users params are:

  • Driver
  • Server
  • Port
  • Database
  • User
  • Password
  • Table
linotp.useridresolver.SQLIdResolver.build_simple_connect(driver, user=None, pass_=None, server=None, port=None, db=None, conParams=None)[source]

build from the parameters the sql connect url

  • driver – the url protocoll / prefix
  • user – the database accessing user
  • pass – the password of database accessing user
  • server – the hostname for the server could be empty
  • port – the port on th server host, could be empty
  • db – the database on the server
  • conParams – additional and otpional database parameter

return the connection string

linotp.useridresolver.SQLIdResolver.call_on_connect(dbapi_con, connection_record)[source]
linotp.useridresolver.SQLIdResolver.check_bcypt_password(password, stored_hash)[source]

check bcrypt passwords, which starts with $2$, $2a$, $2b$, $2x$ or $2y$

  • password – the new, to be verified password
  • stored_hash – the previously used password in a hashed form


linotp.useridresolver.SQLIdResolver.check_php_password(password, stored_hash)[source]

from phppass: check certain kinds of phppassowrds

  • password – the new, to be verified password
  • stored_hash – the previously used password in a hashed form


class linotp.useridresolver.SQLIdResolver.dbObject[source]
connect(sqlConnect, timeout=5, verify=True)[source]

create a db session with the sqlConnect string

Parameters:sqlConnect – sql url for the connection
count(table, where='')[source]
linotp.useridresolver.SQLIdResolver.make_connect(driver, user, pass_, server, port, db, conParams='')[source]

create a connect string from decicated parts - to build a SQLAlchemy Uri

  • driver (string) – mysql, postgres, …
  • user (string) – database connection user
  • pass (string) – password of the database user
  • server (string) – servername
  • port (string or int) – database connection port
  • db (string) – database name
  • conParams (string) – additional connection parameters

provide the old interface for backward compatibility