14.2.1.2.20. TOTP Token¶
- class edumfa.lib.tokens.totptoken.TotpTokenClass(db_token)[source]¶
Create a new TOTP token object from a DB Token object
- Parameters:
db_token (orm object) – instance of the orm db object
- check_otp(anOtpVal, counter=None, window=None, options=None)[source]¶
validate the token otp against a given otpvalue
- Parameters:
anOtpVal (string) – the to be verified otpvalue
counter – the counter state, that should be verified. For TOTP
this is the unix system time (seconds) divided by 30/60 :type counter: int :param window: the counter +window (sec), which should be checked :type window: int :param options: the dict, which could contain token specific info :type options: dict :return: the counter or -1 :rtype: int
- check_otp_exist(otp, window=None, options=None, symetric=True, inc_counter=True)[source]¶
checks if the given OTP value is/are values of this very token at all. This is used to autoassign and to determine the serial number of a token. In fact, it is a check_otp with an enhanced window.
- Parameters:
otp (string) – the to be verified otp value
window (int) – the lookahead window for the counter in seconds!!!
- Returns:
counter or -1 if otp does not exist
- Return type:
int
- desc_timestep = 'Specify the time step of the time-based OTP token.'¶
- static get_class_info(key=None, ret='all')[source]¶
returns a subtree of the token definition
- Parameters:
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns:
subsection if key exists or user defined
- Return type:
dict or scalar
- static get_class_prefix()[source]¶
Return the prefix, that is used as a prefix for the serial numbers. :return: TOTP
- static get_class_type()[source]¶
return the token type shortname
- Returns:
‘totp’
- Return type:
string
- classmethod get_default_settings(g, params)[source]¶
This method returns a dictionary with default settings for token enrollment. These default settings are defined in SCOPE.USER or SCOPE.ADMIN and are totp_hashlib, totp_timestep and totp_otplen. If these are set, the user or admin will only be able to enroll tokens with these values.
The returned dictionary is added to the parameters of the API call. :param g: context object, see documentation of
Match
:param params: The call parameters :type params: dict :return: default parameters
- static get_import_csv(l)[source]¶
Read the list from a csv file and return a dictionary, that can be used to do a token_init.
- Parameters:
l (list) – The list of the line of a csv file
- Returns:
A dictionary of init params
- get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None, timestamp=None)[source]¶
return a dictionary of multiple future OTP values of the HOTP/HMAC token
- Parameters:
count (int) – how many otp values should be returned
epoch_start – not implemented
epoch_end – not implemented
curTime (datetime) – Simulate the servertime
timestamp (epoch time) – Simulate the servertime
- Returns:
tuple of status: boolean, error: text and the OTP dictionary
- get_otp(current_time=None, do_truncation=True, time_seconds=None, challenge=None)[source]¶
get the next OTP value
- Parameters:
current_time – the current time, for which the OTP value
should be calculated for. :type current_time: datetime object :param time_seconds: the current time, for which the OTP value should be calculated for (date +%s) :type: time_seconds: int, unix system time seconds :return: next otp value, and PIN, if possible :rtype: tuple
- static get_setting_type(key)[source]¶
This function returns the type of the token specific config/setting. This way a tokenclass can define settings, that can be “public” or a “password”. If this setting is written to the database, the type of the setting is set automatically in set_edumfa_config
The key name needs to start with the token type.
- Parameters:
key – The token specific setting key
- Returns:
A string like “public”
- property hashlib¶
- previous_otp_offset = 0¶
- resync(otp1, otp2, options=None)[source]¶
resync the token based on two otp values external method to do the resync of the token
- Parameters:
otp1 (string) – the first otp value
otp2 (string) – the second otp value
options (dict or None) – optional token specific parameters
- Returns:
counter or -1 if otp does not exist
- Return type:
int
- property timeshift¶
- property timestep¶
- property timewindow¶