14.2.1.2.8. OCRA Token

The OCRA token is the base OCRA functionality. Usually it is created by importing a CSV or PSKC file.

This code is tested in tests/test_lib_tokens_tiqr.

14.2.1.2.8.1. Implementation

class edumfa.lib.tokens.ocratoken.OcraTokenClass(db_token)[source]

The OCRA Token Implementation

Create a new OCRA Token object from a database object

Parameters:

db_token (DB object) – instance of the orm db object

check_otp(otpval, counter=None, window=None, options=None)[source]

This function is invoked by TokenClass.check_challenge_response and checks if the given password matches the expected response for the given challenge.

Parameters:
  • otpval – the password (pin + otp)

  • counter – ignored

  • window – ignored

  • options – dictionary that must contain “challenge”

Returns:

>=0 if the challenge matches, -1 otherwise

create_challenge(transactionid=None, options=None)[source]

This method creates a challenge, which is submitted to the user. The submitted challenge will be preserved in the challenge database.

If no transaction id is given, the system will create a transaction id and return it, so that the response can refer to this transaction.

Parameters:
  • transactionid – the id of this challenge

  • options (dict) – the request context parameters / data

Returns:

tuple of (bool, message, transactionid, reply_dict)

Return type:

tuple

The return tuple builds up like this: bool if submit was successful; message which is displayed in the JSON response; additional challenge reply_dict, which are displayed in the JSON challenges response.

static get_class_info(key=None, ret='all')[source]

returns a subtree of the token definition

Parameters:
  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

dict or scalar

static get_class_prefix()[source]

Return the prefix, that is used as a prefix for the serial numbers. :return: OCRA :rtype: basestring

static get_class_type()[source]

Returns the internal token type identifier :return: ocra :rtype: basestring

static get_import_csv(l)[source]

Read the list from a csv file and return a dictionary, that can be used to do a token_init.

Parameters:

l (list) – The list of the line of a csv file

Returns:

A dictionary of init params

is_challenge_request(passw, user=None, options=None)[source]

check, if the request would start a challenge In fact every Request that is not a response needs to start a challenge request.

At the moment we do not think of other ways to trigger a challenge.

This function is not decorated with

@challenge_response_allowed

as the OCRA token is always a challenge response token!

Parameters:
  • passw – The PIN of the token.

  • options – dictionary of additional request parameters

Returns:

returns true or false

update(param)[source]

This method is called during the initialization process.

Parameters:

param (dict) – parameters from the token init

Returns:

None

verify_response(passw=None, challenge=None)[source]

This method verifies if the passw is the valid OCRA response to the challenge. In case of success we return a value > 0

Parameters:

passw (string) – the password (pin+otp)

Returns:

return otp_counter. If -1, challenge does not match

Return type:

int