本文整理匯總了Python中linotp.lib.challenges.Challenges.lookup_challenges方法的典型用法代碼示例。如果您正苦於以下問題:Python Challenges.lookup_challenges方法的具體用法?Python Challenges.lookup_challenges怎麽用?Python Challenges.lookup_challenges使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類linotp.lib.challenges.Challenges的用法示例。
在下文中一共展示了Challenges.lookup_challenges方法的8個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: check_by_transactionid
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def check_by_transactionid(self, transid, passw, options=None):
"""
check the passw against the open transaction
:param transid: the transaction id
:param passw: the pass parameter
:param options: the additional optional parameters
:return: tuple of boolean and detail dict
"""
reply = {}
serials = []
challenges = Challenges.lookup_challenges(transid=transid)
for challenge in challenges:
serials.append(challenge.tokenserial)
if not serials:
reply['value'] = False
reply['failure'] = ('No challenge for transaction %r found'
% transid)
return False, reply
reply['failcount'] = 0
reply['value'] = False
reply['token_type'] = ''
for serial in serials:
tokens = getTokens4UserOrSerial(serial=serial)
if not tokens:
raise Exception('tokenmismatch for token serial: %s'
% (unicode(serial)))
# there could be only one
token = tokens[0]
owner = linotp.lib.token.get_token_owner(token)
(ok, opt) = self.checkTokenList(tokens, passw, user=owner,
options=options)
if opt:
reply.update(opt)
reply['token_type'] = token.getType()
reply['failcount'] = token.getFailCount()
reply['value'] = ok
if ok:
break
return ok, reply示例2: statusValidationFail
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def statusValidationFail(self):
'''
statusValidationFail - callback to enable a status change,
will be called if the token verification has failed
:return - nothing
'''
log.debug('[statusValidationFail]')
challenge = None
if self.transId == 0 :
return
try:
challenges = Challenges.lookup_challenges(self.context, self.getSerial(),
transid=self.transId)
if len(challenges) == 1:
challenge = challenges[0]
challenge.setTanStatus(received=True, valid=False)
## still in rollout state??
rolloutState = self.getFromTokenInfo('rollout', '0')
if rolloutState == '1':
log.info('rollout state 1 for token %r not completed' % (self.getSerial()))
elif rolloutState == '2':
if challenge.received_count >= int(getFromConfig("OcraMaxChallengeRequests", '3')):
## after 3 fails in rollout state 2 - reset to rescan
self.addToTokenInfo('rollout', '1')
log.info('rollout for token %r reset to phase 1:' % (self.getSerial()))
log.info('rollout for token %r not completed' % (self.getSerial()))
except Exception as ex:
log.exception('[Ocra2TokenClass:statusValidationFail] Error during validation finalisation for token %r :%r' % (self.getSerial(), ex))
raise Exception(ex)
finally:
if challenge is not None:
challenge.save()
log.debug('[statusValidationFail]')
return示例3: statusValidationSuccess
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def statusValidationSuccess(self):
'''
statusValidationSuccess - callback to enable a status change,
remark: will be called if the token has been succesfull verified
:return: - nothing
'''
log.debug('[statusValidationSuccess]')
if self.transId == 0 :
return
challenges = Challenges.lookup_challenges(self.context, self.getSerial(),
transid=self.transId)
if len(challenges) == 1:
challenge = challenges[0]
challenge.setTanStatus(True, True)
challenge.save()
## still in rollout state??
rolloutState = self.getFromTokenInfo('rollout', '0')
if rolloutState == '2':
t_info = self.getTokenInfo()
if t_info.has_key('rollout'):
del t_info['rollout']
if t_info.has_key('sharedSecret'):
del t_info['sharedSecret']
if t_info.has_key('nonce'):
del t_info['nonce']
self.setTokenInfo(t_info)
log.info('rollout for token %r completed' % (self.getSerial()))
elif rolloutState == '1':
raise Exception('unable to complete the rollout ')
log.debug('[statusValidationSuccess]:')
return示例4: getStatus
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def getStatus(self, transactionId):
'''
getStatus - assembles the status of a transaction / challenge in a dict
{ "serial": SERIENNUMMER1,
"transactionid": TRANSACTIONID1,
"received_tan": true,
"valid_tan": true,
"failcount": 0
}
:param transactionId: the transaction / challenge id
:type transactionId: string
:return: status dict
:rtype: dict
'''
log.debug('[getStatus] %r' % (transactionId))
statusDict = {}
challenge = Challenges.lookup_challenges(self.context, self.getSerial(),
transid=transactionId)
if challenge is not None:
statusDict['serial'] = challenge.tokenserial
statusDict['transactionid'] = challenge.transid
statusDict['received_tan'] = challenge.received_tan
statusDict['valid_tan'] = challenge.valid_tan
statusDict['failcount'] = self.getFailCount()
statusDict['id'] = challenge.id
statusDict['timestamp'] = unicode(challenge.timestamp)
statusDict['active'] = unicode(self.isActive())
log.debug('[getStatus]: %r' % (statusDict))
return statusDict示例5: checkOtp
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def checkOtp(self, passwd, counter, window, options=None):
valid_states = ['pairing_challenge_sent',
'pairing_complete']
self.ensure_state_is_in(valid_states)
# ----------------------------------------------------------------------
filtered_challenges = []
serial = self.getSerial()
if options is None:
options = {}
max_fail = int(getFromConfig('QRMaxChallenges', '3'))
# ----------------------------------------------------------------------
# TODO: from which point is checkOtp called, when there
# is no challenge response in the request?
if 'transactionid' in options:
# ------------------------------------------------------------------
# fetch all challenges that match the transaction id or serial
transaction_id = options.get('transaction_id')
challenges = Challenges.lookup_challenges(serial, transaction_id)
# ------------------------------------------------------------------
# filter into filtered_challenges
for challenge in challenges:
(received_tan, tan_is_valid) = challenge.getTanStatus()
fail_counter = challenge.getTanCount()
# if we iterate over matching challenges (that is: challenges
# with the correct transaction id) we either find a fresh
# challenge, that didn't receive a TAN at all (first case)
# or a challenge, that already received a number of wrong
# TANs but still has tries left (second case).
if not received_tan:
filtered_challenges.append(challenge)
elif not tan_is_valid and fail_counter <= max_fail:
filtered_challenges.append(challenge)
# ------------------------------------------------------------------
if not filtered_challenges:
return -1
for challenge in filtered_challenges:
data = challenge.getData()
correct_passwd = data['user_sig']
# compare values with python's native constant
# time comparison
if compare_digest(correct_passwd, passwd):
return 1
else:
# maybe we got a tan instead of a signature
correct_passwd_as_bytes = decode_base64_urlsafe(correct_passwd)
tan_length = 8 # TODO fetch from policy
correct_tan = extract_tan(correct_passwd_as_bytes, tan_length)
# TODO PYLONS-HACK pylons silently converts integers in
# incoming json to unicode. since extract_tan returns
# an integer, we have to convert it here
correct_tan = unicode(correct_tan)
if compare_digest(correct_tan, passwd):
return 1
return -1 # TODO: ??? semantics of this ret val?示例6: checkOtp
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def checkOtp(self, passwd, counter, window, options=None):
"""
checks if the supplied challenge response is correct.
:param passwd: The challenge response
:param options: A dictionary of parameters passed by the upper
layer (used for transaction_id in this context)
:param counter: legacy API (unused)
:param window: legacy API (unused)
:raises TokenStateError: If token state is not 'active' or
'pairing_challenge_sent'
:returns: -1 for failure, 1 for success
"""
valid_states = ['pairing_challenge_sent',
'active']
self.ensure_state_is_in(valid_states)
# ------------------------------------------------------------------ --
# new pushtoken protocoll supports the keyword based accept or deny.
# the old 'passwd' argument is not supported anymore
try:
signature_accept = passwd.get('accept', None)
signature_reject = passwd.get('reject', None)
except AttributeError: # will be raised with a get() on a str object
raise Exception('Pushtoken version %r requires "accept" or'
' "reject" as parameter' % CHALLENGE_URL_VERSION)
if signature_accept is not None and signature_reject is not None:
raise Exception('Pushtoken version %r requires "accept" or'
' "reject" as parameter' % CHALLENGE_URL_VERSION)
# ------------------------------------------------------------------ --
filtered_challenges = []
serial = self.getSerial()
if options is None:
options = {}
max_fail = int(getFromConfig('PushMaxChallenges', '3'))
# ------------------------------------------------------------------ --
if 'transactionid' in options:
# -------------------------------------------------------------- --
# fetch all challenges that match the transaction id or serial
transaction_id = options.get('transactionid')
challenges = Challenges.lookup_challenges(serial=serial,
transid=transaction_id, filter_open=True)
# -------------------------------------------------------------- --
# filter into filtered_challenges
for challenge in challenges:
(received_tan, tan_is_valid) = challenge.getTanStatus()
fail_counter = challenge.getTanCount()
# if we iterate over matching challenges (that is: challenges
# with the correct transaction id) we either find a fresh
# challenge, that didn't receive a TAN at all (first case)
# or a challenge, that already received a number of wrong
# TANs but still has tries left (second case).
if not received_tan:
filtered_challenges.append(challenge)
elif not tan_is_valid and fail_counter <= max_fail:
filtered_challenges.append(challenge)
# ------------------------------------------------------------------ --
if not filtered_challenges:
return -1
if len(filtered_challenges) > 1:
log.error('multiple challenges for one transaction and for one'
' token found!')
return -1
# for the serial and the transaction id there could always be only
# at max one challenge matching. This is even true for sub transactions
#.........這裏部分代碼省略.........
示例7: checkOtp
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def checkOtp(self, passw , counter, window, options=None):
'''
checkOtp - standard callback of linotp to verify the token
:param passw: the passw / otp, which has to be checked
:type passw: string
:param counter: the start counter
:type counter: int
:param window: the window, in which the token is valid
:type window: int
:param options: options contains the transaction id,
eg. if check_t checks one transaction
this will support assynchreonous otp checks
(when check_t is used)
:type options: dict
:return: verification counter or -1
:rtype: int (-1)
'''
log.debug('[checkOtp] %r: %r: %r' % (passw, counter, window))
ret = -1
challenges = []
serial = self.getSerial()
if options is None:
options = {}
maxRequests = int(getFromConfig("Ocra2MaxChallengeRequests", '3'))
if 'transactionid' in options:
transid = options.get('transactionid', None)
challs = Challenges.lookup_challenges(self.context, serial=serial,
transid=transid)
for chall in challs:
(rec_tan, rec_valid) = chall.getTanStatus()
if rec_tan == False:
challenges.append(chall)
elif rec_valid == False:
## add all touched but failed challenges
if chall.getTanCount() <= maxRequests:
challenges.append(chall)
if 'challenge' in options:
## direct challenge - there might be addtionalget info like
## session data in the options
challenges.append(options)
if len(challenges) == 0:
challs = Challenges.lookup_challenges(self.context, serial=serial)
for chall in challs:
(rec_tan, rec_valid) = chall.getTanStatus()
if rec_tan == False:
## add all untouched challenges
challenges.append(chall)
elif rec_valid == False:
## add all touched but failed challenges
if chall.getTanCount() <= maxRequests:
challenges.append(chall)
if len(challenges) == 0:
err = 'No open transaction found for token %s' % serial
log.error(err) ##TODO should log and fail!!
raise Exception(err)
## prepare the challenge check - do the ocra setup
secretHOtp = self.token.getHOtpKey()
ocraSuite = OcraSuite(self.getOcraSuiteSuite(), secretHOtp)
## set the ocra token pin
ocraPin = ''
if ocraSuite.P is not None:
ocraPinObj = self.token.getUserPin()
ocraPin = ocraPinObj.getKey()
if ocraPin is None or len(ocraPin) == 0:
ocraPin = ''
timeShift = 0
if ocraSuite.T is not None:
defTimeWindow = int(getFromConfig("ocra.timeWindow", 180))
window = int(self.getFromTokenInfo('timeWindow', defTimeWindow)) / ocraSuite.T
defTimeShift = int(getFromConfig("ocra.timeShift", 0))
timeShift = int(self.getFromTokenInfo("timeShift", defTimeShift))
default_retry_window = int(getFromConfig("ocra2.max_check_challenge_retry", 0))
retry_window = int(self.getFromTokenInfo("max_check_challenge_retry", default_retry_window))
## now check the otp for each challenge
for ch in challenges:
challenge = {}
## preserve transaction context, so we could use this in the status callback
self.transId = ch.get('transid', None)
challenge['transid'] = self.transId
challenge['session'] = ch.get('session', None)
## we saved the 'real' challenge in the data
#.........這裏部分代碼省略.........
示例8: resync
# 需要導入模塊: from linotp.lib.challenges import Challenges [as 別名]
# 或者: from linotp.lib.challenges.Challenges import lookup_challenges [as 別名]
def resync(self, otp1, otp2, options=None):
'''
- for the resync to work, we take the last two transactions and their challenges
- for each challenge, we search forward the sync window length
'''
log.debug('[resync] %r : %r' % (otp1, otp2))
ret = False
challenges = []
## the challenges are orderd, the first one is the newest
challenges = Challenges.lookup_challenges(self.context, self.getSerial())
## check if there are enough challenges around
if len(challenges) < 2:
return False
challenge1 = {}
challenge2 = {}
if options is None:
## the newer one
ch1 = challenges[0]
challenge1['challenge'] = ch1.get('data').get('challenge')
challenge1['transid'] = ch1.get('transid')
challenge1['session'] = ch1.get('session')
challenge1['id'] = ch1.get('id')
## the elder one
ch2 = challenges[0]
challenge2['challenge'] = ch2.get('data').get('challenge')
challenge2['transid'] = ch2.get('transid')
challenge2['session'] = ch2.get('session')
challenge2['id'] = ch2.get('id')
else:
if options.has_key('challenge1'):
challenge1['challenge'] = options.get('challenge1')
if options.has_key('challenge2'):
challenge2['challenge'] = options.get('challenge2')
if len(challenge1) == 0 or len(challenge2) == 0:
error = "No challeges found!"
log.error('[Ocra2TokenClass:resync] %s' % (error))
raise Exception('[Ocra2TokenClass:resync] %s' % (error))
secretHOtp = self.token.getHOtpKey()
ocraSuite = OcraSuite(self.getOcraSuiteSuite(), secretHOtp)
syncWindow = self.token.getSyncWindow()
if ocraSuite.T is not None:
syncWindow = syncWindow / 10
counter = self.token.getOtpCounter()
## set the ocra token pin
ocraPin = ''
if ocraSuite.P is not None:
ocraPinObj = self.token.getUserPin()
ocraPin = ocraPinObj.getKey()
if ocraPin is None or len(ocraPin) == 0:
ocraPin = ''
timeShift = 0
if ocraSuite.T is not None:
timeShift = int(self.getFromTokenInfo("timeShift", 0))
try:
count_1 = ocraSuite.checkOtp(otp1, counter, syncWindow, challenge1, pin=ocraPin, timeshift=timeShift)
if count_1 == -1:
log.info('[resync] lookup for first otp value failed!')
ret = False
else:
count_2 = ocraSuite.checkOtp(otp2, counter, syncWindow, challenge2, pin=ocraPin, timeshift=timeShift)
if count_2 == -1:
log.info('[resync] lookup for second otp value failed!')
ret = False
else:
if ocraSuite.C is not None:
if count_1 + 1 == count_2:
self.setOtpCount(count_2)
ret = True
if ocraSuite.T is not None:
if count_1 - count_2 <= ocraSuite.T * 2:
## callculate the timeshift
date = datetime.datetime.fromtimestamp(count_2)
log.info('[resync] syncing token to new timestamp: %r' % (date))
now = datetime.datetime.now()
stime = now.strftime("%s")
timeShift = count_2 - int(stime)
#.........這裏部分代碼省略.........