16. Code Documentation

The code roughly has three levels: API, LIB and DB.

16.1. API level

The API level is used to access the system. For some calls you need to be authenticated as administrator, for some calls you can be authenticated as normal user. For calls to the validate API you do not need to be authenticated at all.

At this level Authentication is performed. In the lower levels there is no authentication anymore.

The object g.logged_in_user is used to pass the authenticated user. The client gets a JSON Web Token to authenticate every request.

API functions are decorated with the decorators admin_required and user_required to define access rules.

• 16.1.1. REST API
  • 16.1.1.1. Audit endpoint
  • 16.1.1.2. Authentication endpoints
  • 16.1.1.3. Validate endpoints
  • 16.1.1.4. System endpoints
  • 16.1.1.5. Tokengroup endpoints
  • 16.1.1.6. Service ID endpoints
  • 16.1.1.7. Resolver endpoints
  • 16.1.1.8. Realm endpoints
  • 16.1.1.9. Default Realm endpoints
  • 16.1.1.10. Token endpoints
  • 16.1.1.11. Container endpoints
  • 16.1.1.12. User endpoints
  • 16.1.1.13. Policy endpoints
  • 16.1.1.14. Event endpoints
  • 16.1.1.15. Healthcheck endpoints
  • 16.1.1.16. Machine Resolver endpoints
  • 16.1.1.17. Machine endpoints
  • 16.1.1.18. privacyIDEA Server endpoints
  • 16.1.1.19. CA Connector endpoints
  • 16.1.1.20. Recover endpoints
  • 16.1.1.21. Register endpoints
  • 16.1.1.22. Monitoring endpoints
  • 16.1.1.23. Periodic Task endpoints
  • 16.1.1.24. Application endpoints
  • 16.1.1.25. Tokentype endpoints
  • 16.1.1.26. SMTP server endpoints
  • 16.1.1.27. SMS Gateway endpoints
  • 16.1.1.28. RADIUS server endpoints
  • 16.1.1.29. Subscriptions endpoints
  • 16.1.1.30. Client endpoints
  • 16.1.1.31. Info endpoint

16.2. LIB level

At the LIB level all library functions are defined. There is no authentication on this level.

Request information and the logged_in_user need to be passed to the functions as parameters, if they are needed.

If possible, policies are checked with policy decorators.

• 16.2.1. library functions
  • 16.2.1.1. API Policies
  • 16.2.1.2. Application class
  • 16.2.1.3. Audit log
  • 16.2.1.4. CA Connector
  • 16.2.1.5. Container Class
  • 16.2.1.6. Container Functions
  • 16.2.1.7. Event Handler
  • 16.2.1.8. Job Queue
  • 16.2.1.9. Machine Resolvers
  • 16.2.1.10. Monitoring
  • 16.2.1.11. PinHandler
  • 16.2.1.12. Policy Module
  • 16.2.1.13. Policy Decorators
  • 16.2.1.14. SMS Provider
  • 16.2.1.15. Token Class
  • 16.2.1.16. Token Functions
  • 16.2.1.17. UserIdResolvers
  • 16.2.1.18. Users

16.3. DB level

On the DB level you can simply modify all objects.

• 16.3.1. The database model