14.2.1.2.12. Questionnaire Token¶
- class edumfa.lib.tokens.questionnairetoken.QuestionnaireTokenClass(db_token)[source]¶
This is a Questionnaire Token. The token stores a list of questions and answers in the tokeninfo database table. The answers are encrypted. During authentication a random answer is selected and presented as challenge. The user has to remember and pass the right answer.
Create a new QUST Token object from a database token
- Parameters:
db_token (DB object) – instance of the orm db object
- check_answer(given_answer, challenge_object)[source]¶
Check if the given answer is the answer to the sent question. The question for this challenge response was stored in the challenge_object.
Then we get the answer from the tokeninfo.
- Parameters:
given_answer – The answer given by the user
challenge_object – The challenge object as stored in the database
- Returns:
in case of success: 1
- check_challenge_response(user=None, passw=None, options=None)[source]¶
This method verifies if there is a matching question for the given passw and also verifies if the answer is correct.
It then returns the the otp_counter = 1
- Parameters:
user (User object) – the requesting user
passw (string) – the password - in fact it is the answer to the question
options (dict) – additional arguments from the request, which could be token specific. Usually “transaction_id”
- Returns:
return 1 if the answer to the question is correct, -1 otherwise.
- Return type:
int
- create_challenge(transactionid=None, options=None)[source]¶
This method creates a challenge, which is submitted to the user. The submitted challenge will be preserved in the challenge database.
The challenge is a randomly selected question of the available questions for this token.
If no transaction id is given, the system will create a transaction id and return it, so that the response can refer to this transaction.
- Parameters:
transactionid – the id of this challenge
options (dict) – the request context parameters / data
- Returns:
tuple of (bool, message, transactionid, reply_dict)
- Return type:
tuple
The return tuple builds up like this:
bool
if submit was successful;message
which is displayed in the JSON response; additional challengereply_dict
, which are displayed in the JSON challenges response.
- classmethod get_class_info(key=None, ret='all')[source]¶
returns a subtree of the token definition
- Parameters:
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns:
subsection if key exists or user defined
- Return type:
dict or scalar
- static get_class_prefix()[source]¶
Return the prefix, that is used as a prefix for the serial numbers. :return: QUST :rtype: basestring
- static get_class_type()[source]¶
Returns the internal token type identifier :return: qust :rtype: basestring
- static get_setting_type(key)[source]¶
The setting type of questions is public, so that the user can also read the questions.
- Parameters:
key – The key of the setting
- Returns:
“public” string
- has_further_challenge(options=None)[source]¶
Check if there are still more questions to be asked.
- Parameters:
options – Options dict
- Returns:
True, if further challenge is required.
- is_challenge_request(passw, user=None, options=None)[source]¶
The questionnaire token is always a challenge response token. The challenge is triggered by providing the PIN as the password.
- Parameters:
passw (string) – password, which might be pin or pin+otp
user (User object) – The user from the authentication request
options (dict) – dictionary of additional request parameters
- Returns:
true or false
- Return type:
bool