14.2.1.2.17. SPass Token

class edumfa.lib.tokens.spasstoken.SpassTokenClass(db_token)[source]

This is a simple pass token. It does have no OTP component. The OTP checking will always succeed. Of course, an OTP PIN can be used.

Create a new token object.

Parameters:

db_token (Token) – A database token object

Returns:

A TokenClass object

authenticate(passw, user=None, options=None)[source]

in case of a wrong passw, we return a bad matching pin, so the result will be an invalid token

check_otp(otpval, counter=None, window=None, options=None)[source]

As we have no otp value we always return true. (counter == 0)

static get_class_info(key=None, ret='all')[source]

returns a subtree of the token definition Is used by lib.token.get_token_info

Parameters:
  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

dict

static get_class_prefix()[source]
static get_class_type()[source]
static is_challenge_request(passw, user, options=None)[source]

The spass token does not support challenge response :param passw: :param user: :param options: :return:

static is_challenge_response(passw, user, options=None, challenges=None)[source]

This method checks, if this is a request that is supposed to be the answer to a previous challenge.

The default behaviour to check if this is the response to a previous challenge is simply by checking if the request contains a parameter state or transactionid i.e. checking if the options parameter contains a key state or transactionid.

This method does not try to verify the response itself! It only determines, if this is a response for a challenge or not. If the challenge still exists, is checked in has_db_challenge_response. The response is verified in check_challenge_response.

Parameters:
  • passw (string) – password, which might be pin or pin+otp

  • user (User object) – the requesting user

  • options (dict) – dictionary of additional request parameters

Returns:

true or false

Return type:

bool

mode = ['authenticate']
update(param)[source]

Update the token object

Parameters:

param – a dictionary with different params like keysize, description, genkey, otpkey, pin

Type:

param: dict