本文整理匯總了Python中linotp.lib.challenges.Challenges.get_challenges方法的典型用法代碼示例。如果您正苦於以下問題:Python Challenges.get_challenges方法的具體用法?Python Challenges.get_challenges怎麽用?Python Challenges.get_challenges使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類linotp.lib.challenges.Challenges的用法示例。
在下文中一共展示了Challenges.get_challenges方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: checkTokenList
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import get_challenges [as 別名]
def checkTokenList(self, tokenList, passw, user=User(), options=None):
"""
identify a matching token and test, if the token is valid, locked ..
This function is called by checkSerialPass and checkUserPass to
:param tokenList: list of identified tokens
:param passw: the provided passw (mostly pin+otp)
:param user: the identified use - as class object
:param options: additonal parameters, which are passed to the token
:return: tuple of boolean and optional response
"""
log.debug("[__checkTokenList] checking tokenlist: %r" % tokenList)
reply = None
tokenclasses = config['tokenclasses']
# add the user to the options, so that every token could see the user
if not options:
options = {}
options['user'] = user
# if there has been one token in challenge mode, we only handle challenges
# if we got a validation against a sub_challenge, we extend this to
# be a validation to all challenges of the transaction id
import copy
check_options = copy.deepcopy(options)
state = check_options.get('state', check_options.get('transactionid', ''))
if state and '.' in state:
transid = state.split('.')[0]
if 'state' in check_options:
check_options['state'] = transid
if 'transactionid' in check_options:
check_options['transactionid'] = transid
audit_entry = {}
audit_entry['action_detail'] = "no token found!"
challenge_tokens = []
pin_matching_tokens = []
invalid_tokens = []
valid_tokens = []
related_challenges = []
# we have to preserve the result / reponse for token counters
validation_results = {}
for token in tokenList:
log.debug('Found user with loginId %r: %r:\n',
token.getUserId(), token.getSerial())
audit_entry['serial'] = token.getSerial()
audit_entry['token_type'] = token.getType()
# preselect: the token must be in the same realm as the user
if user is not None:
t_realms = token.token.getRealmNames()
u_realm = user.getRealm()
if (len(t_realms) > 0 and len(u_realm) > 0 and
u_realm.lower() not in t_realms):
audit_entry['action_detail'] = ("Realm mismatch for "
"token and user")
continue
# check if the token is the list of supported tokens
# if not skip to the next token in list
typ = token.getType()
if typ.lower() not in tokenclasses:
log.error('token typ %r not found in tokenclasses: %r' %
(typ, tokenclasses))
audit_entry['action_detail'] = "Unknown Token type"
continue
if not token.isActive():
audit_entry['action_detail'] = "Token inactive"
continue
if token.getFailCount() >= token.getMaxFailCount():
audit_entry['action_detail'] = "Failcounter exceeded"
continue
if not token.check_auth_counter():
audit_entry['action_detail'] = "Authentication counter exceeded"
continue
if not token.check_validity_period():
audit_entry['action_detail'] = "validity period mismatch"
continue
# start the token validation
try:
# are there outstanding challenges
(_ex_challenges,
challenges) = Challenges.get_challenges(token,
options=check_options)
(ret, reply) = token.check_token(
passw, user, options=check_options, challenges=challenges)
except Exception as exx:
#.........這裏部分代碼省略.........
示例2: check_status
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import get_challenges [as 別名]
def check_status(self, transid=None, user=None, serial=None,
password=None):
"""
check for open transactions - for polling support
:param transid: the transaction id where we request the status from
:param user: the token owner user
:param serial: or the serial we are searching for
:param password: the pin/password for authorization the request
:return: tuple of success and detail dict
"""
expired, challenges = Challenges.get_challenges(None, transid=transid)
# remove all expired challenges
if expired:
Challenges.delete_challenges(None, expired)
if not challenges:
return False, None
# there is only one challenge per transaction id
# if not multiple challenges, where transaction id is the parent one
reply = {}
pin_policies = linotp.lib.policy.get_pin_policies(user)
if 1 in pin_policies:
pin_match = check_pin(None, password, user=user, options=None)
if not pin_match:
return False, None
involved_tokens = []
transactions = {}
for ch in challenges:
# only look for challenges that are not compromised
if not Challenges.verify_checksum(ch):
continue
# is the requester authorized
serial = ch.getTokenSerial()
tokens = getTokens4UserOrSerial(serial=serial)
if not tokens:
continue
involved_tokens.extend(tokens)
if 1 not in pin_policies:
pin_match = check_pin(tokens[0], password, user=user,
options=None)
if not pin_match:
ret = False
continue
ret = True
trans_dict = {}
trans_dict['transactionid'] = ch.transid
trans_dict['received_count'] = ch.received_count
trans_dict['received_tan'] = ch.received_tan
trans_dict['valid_tan'] = ch.valid_tan
trans_dict['linotp_tokenserial'] = serial
trans_dict['linotp_tokentype'] = tokens[0].type
trans_dict['message'] = ch.challenge
transactions[serial] = trans_dict
if transactions:
reply['transactions'] = transactions
return ret, reply示例3: checkTokenList
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import get_challenges [as 別名]
def checkTokenList(self, tokenList, passw, user=User(), options=None):
"""
identify a matching token and test, if the token is valid, locked ..
This function is called by checkSerialPass and checkUserPass to
:param tokenList: list of identified tokens
:param passw: the provided passw (mostly pin+otp)
:param user: the identified use - as class object
:param options: additional parameters, which are passed to the token
:return: tuple of boolean and optional response
"""
reply = None
# add the user to the options, so that every token could see the user
if not options:
options = {}
options['user'] = user
# if there has been one token in challenge mode, we only handle
# challenges
# if we got a validation against a sub_challenge, we extend this to
# be a validation to all challenges of the transaction id
import copy
check_options = copy.deepcopy(options)
state = check_options.get(
'state', check_options.get('transactionid', ''))
if state and '.' in state:
transid = state.split('.')[0]
if 'state' in check_options:
check_options['state'] = transid
if 'transactionid' in check_options:
check_options['transactionid'] = transid
# -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
# transaction id optimization - part 1:
#
# if we have a transaction id, we check only those tokens
# that belong to this transaction id:
challenges = []
transaction_serials = []
transid = check_options.get('state',
check_options.get('transactionid', ''))
if transid:
expired, challenges = Challenges.get_challenges(transid=transid,
filter_open=True)
for challenge in challenges:
serial = challenge.tokenserial
transaction_serials.append(serial)
# -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
audit_entry = {}
audit_entry['action_detail'] = "no token found!"
challenge_tokens = []
pin_matching_tokens = []
invalid_tokens = []
valid_tokens = []
related_challenges = []
# we have to preserve the result / reponse for token counters
validation_results = {}
for token in tokenList:
# transaction id optimization - part 2:
if transid:
if token.getSerial() not in transaction_serials:
continue
audit_entry['serial'] = token.getSerial()
audit_entry['token_type'] = token.getType()
# preselect: the token must be in the same realm as the user
if user is not None:
t_realms = token.token.getRealmNames()
u_realm = user.realm
if (len(t_realms) > 0 and len(u_realm) > 0 and
u_realm.lower() not in t_realms):
audit_entry['action_detail'] = ("Realm mismatch for "
"token and user")
continue
# check if the token is the list of supported tokens
# if not skip to the next token in list
typ = token.getType()
if typ.lower() not in tokenclass_registry:
log.error('token typ %r not found in tokenclasses: %r' %
(typ, tokenclass_registry.keys()))
audit_entry['action_detail'] = "Unknown Token type"
continue
if not token.isActive():
#.........這裏部分代碼省略.........
示例4: check_status
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import get_challenges [as 別名]
def check_status(self, transid=None, user=None, serial=None,
password=None, use_offline=False):
"""
check for open transactions - for polling support
:param transid: the transaction id where we request the status from
:param user: the token owner user
:param serial: or the serial we are searching for
:param password: the pin/password for authorization the request
:param use_offline: on success the offline info is returned
:return: tuple of success and detail dict
"""
expired, challenges = Challenges.get_challenges(None, transid=transid)
# remove all expired challenges
if expired:
Challenges.delete_challenges(None, expired)
if not challenges:
return False, None
# there is only one challenge per transaction id
# if not multiple challenges, where transaction id is the parent one
reply = {}
pin_policies = linotp.lib.policy.get_pin_policies(user)
if 1 in pin_policies:
pin_match = check_pin(None, password, user=user, options=None)
if not pin_match:
return False, None
involved_tokens = []
transactions = {}
for ch in challenges:
# only look for challenges that are not compromised
if not Challenges.verify_checksum(ch):
continue
# is the requester authorized
serial = ch.getTokenSerial()
tokens = getTokens4UserOrSerial(serial=serial)
if not tokens:
continue
involved_tokens.extend(tokens)
# as one challenge belongs exactly to only one token,
# we take this one as the token
token = tokens[0]
if 1 not in pin_policies:
pin_match = check_pin(token, password, user=user,
options=None)
if not pin_match:
ret = False
continue
ret = True
trans_dict = {}
trans_dict['received_count'] = ch.received_count
trans_dict['received_tan'] = ch.received_tan
trans_dict['valid_tan'] = ch.valid_tan
trans_dict['message'] = ch.challenge
trans_dict['status'] = ch.getStatus()
token_dict = {'serial': serial, 'type': token.type}
# 1. check if token supports offline at all
supports_offline_at_all = token.supports_offline_mode
# 2. check if policy allows to use offline authentication
if user is not None and user.login and user.realm:
realms = [user.realm]
else:
realms = token.getRealms()
offline_is_allowed = supports_offline(realms, token)
if not ch.is_open() and ch.valid_tan and \
supports_offline_at_all and \
offline_is_allowed and \
use_offline:
token_dict['offline_info'] = token.getOfflineInfo()
trans_dict['token'] = token_dict
transactions[ch.transid] = trans_dict
if transactions:
reply['transactions'] = transactions
return ret, reply示例5: check_status
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import get_challenges [as 別名]
def check_status(self, transid=None, user=None, serial=None,
password=None, use_offline=False):
"""
check for open transactions - for polling support
:param transid: the transaction id where we request the status from
:param user: the token owner user
:param serial: or the serial we are searching for
:param password: the pin/password for authorization the request
:param use_offline: on success the offline info is returned
:return: tuple of success and detail dict
"""
expired, challenges = Challenges.get_challenges(token=None, transid=transid)
# remove all expired challenges
if expired:
Challenges.delete_challenges(None, expired)
if not challenges:
return False, None
# there is only one challenge per transaction id
# if not multiple challenges, where transaction id is the parent one
reply = {}
involved_tokens = []
transactions = {}
for ch in challenges:
# only look for challenges that are not compromised
if not Challenges.verify_checksum(ch):
continue
# is the requester authorized
challenge_serial = ch.getTokenSerial()
if serial and challenge_serial != serial:
continue
tokens = getTokens4UserOrSerial(serial=challenge_serial)
if not tokens:
continue
involved_tokens.extend(tokens)
# as one challenge belongs exactly to only one token,
# we take this one as the token
token = tokens[0]
owner = get_token_owner(token)
if user and user != owner:
continue
involved_tokens.extend(tokens)
# we only check the user password / token pin if the user
# paranmeter is given
if user and owner:
pin_match = check_pin(token, password, user=owner,
options=None)
else:
pin_match = token.checkPin(password)
if not pin_match:
continue
trans_dict = {}
trans_dict['received_count'] = ch.received_count
trans_dict['received_tan'] = ch.received_tan
trans_dict['valid_tan'] = ch.valid_tan
trans_dict['message'] = ch.challenge
trans_dict['status'] = ch.getStatus()
# -------------------------------------------------------------- --
# extend the check status with the accept or deny of a transaction
challenge_session = ch.getSession()
if challenge_session:
challenge_session_dict = json.loads(challenge_session)
if 'accept' in challenge_session_dict:
trans_dict['accept'] = challenge_session_dict['accept']
if 'reject' in challenge_session_dict:
trans_dict['reject'] = challenge_session_dict['reject']
# -------------------------------------------------------------- --
token_dict = {'serial': token.getSerial(), 'type': token.type}
# 1. check if token supports offline at all
supports_offline_at_all = token.supports_offline_mode
# 2. check if policy allows to use offline authentication
#.........這裏部分代碼省略.........