14.2.1.2.8. OCRA Token¶
The OCRA token is the base OCRA functionality. Usually it is created by importing a CSV or PSKC file.
This code is tested in tests/test_lib_tokens_tiqr.
14.2.1.2.8.1. Implementation¶
- class edumfa.lib.tokens.ocratoken.OcraTokenClass(db_token)[source]¶
The OCRA Token Implementation
Create a new OCRA Token object from a database object
- Parameters:
db_token (DB object) – instance of the orm db object
- check_otp(otpval, counter=None, window=None, options=None)[source]¶
This function is invoked by
TokenClass.check_challenge_response
and checks if the given password matches the expected response for the given challenge.- Parameters:
otpval – the password (pin + otp)
counter – ignored
window – ignored
options – dictionary that must contain “challenge”
- Returns:
>=0 if the challenge matches, -1 otherwise
- create_challenge(transactionid=None, options=None)[source]¶
This method creates a challenge, which is submitted to the user. The submitted challenge will be preserved in the challenge database.
If no transaction id is given, the system will create a transaction id and return it, so that the response can refer to this transaction.
- Parameters:
transactionid – the id of this challenge
options (dict) – the request context parameters / data
- Returns:
tuple of (bool, message, transactionid, reply_dict)
- Return type:
tuple
The return tuple builds up like this:
bool
if submit was successful;message
which is displayed in the JSON response; additional challengereply_dict
, which are displayed in the JSON challenges response.
- static get_class_info(key=None, ret='all')[source]¶
returns a subtree of the token definition
- Parameters:
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns:
subsection if key exists or user defined
- Return type:
dict or scalar
- static get_class_prefix()[source]¶
Return the prefix, that is used as a prefix for the serial numbers. :return: OCRA :rtype: basestring
- static get_class_type()[source]¶
Returns the internal token type identifier :return: ocra :rtype: basestring
- static get_import_csv(l)[source]¶
Read the list from a csv file and return a dictionary, that can be used to do a token_init.
- Parameters:
l (list) – The list of the line of a csv file
- Returns:
A dictionary of init params
- is_challenge_request(passw, user=None, options=None)[source]¶
check, if the request would start a challenge In fact every Request that is not a response needs to start a challenge request.
At the moment we do not think of other ways to trigger a challenge.
- This function is not decorated with
@challenge_response_allowed
as the OCRA token is always a challenge response token!
- Parameters:
passw – The PIN of the token.
options – dictionary of additional request parameters
- Returns:
returns true or false
- update(param)[source]¶
This method is called during the initialization process.
- Parameters:
param (dict) – parameters from the token init
- Returns:
None
- verify_response(passw=None, challenge=None)[source]¶
This method verifies if the passw is the valid OCRA response to the challenge. In case of success we return a value > 0
- Parameters:
passw (string) – the password (pin+otp)
- Returns:
return otp_counter. If -1, challenge does not match
- Return type:
int