14.2.1.2.11. Questionnaire Token

class privacyidea.lib.tokens.questionnairetoken.QuestionnaireTokenClass(db_token)[source]

This is a Questionnaire Token. The token stores a list of questions and answers in the tokeninfo database table. The answers are encrypted. During authentication a random answer is selected and presented as challenge. The user has to remember and pass the right answer.

check_answer(given_answer, challenge_object)[source]

Check if the given answer is the answer to the sent question. The question for this challenge response was stored in the challenge_object.

Then we get the answer from the tokeninfo.

Parameters
  • given_answer – The answer given by the user

  • challenge_object – The challenge object as stored in the database

Returns

in case of success: 1

check_challenge_response(user=None, passw=None, options=None)[source]

This method verifies if there is a matching question for the given passw and also verifies if the answer is correct.

It then returns the the otp_counter = 1

Parameters
  • user (User object) – the requesting user

  • passw (string) – the password - in fact it is the answer to the question

  • options (dict) – additional arguments from the request, which could be token specific. Usually “transaction_id”

Returns

return 1 if the answer to the question is correct, -1 otherwise.

Return type

int

create_challenge(transactionid=None, options=None)[source]

This method creates a challenge, which is submitted to the user. The submitted challenge will be preserved in the challenge database.

The challenge is a randomly selected question of the available questions for this token.

If no transaction id is given, the system will create a transaction id and return it, so that the response can refer to this transaction.

Parameters
  • transactionid – the id of this challenge

  • options (dict) – the request context parameters / data

Returns

tuple of (bool, message, transactionid, attributes)

Return type

tuple

The return tuple builds up like this: bool if submit was successful; message which is displayed in the JSON response; additional attributes, which are displayed in the JSON response.

classmethod get_class_info(key=None, ret='all')[source]

returns a subtree of the token definition

Parameters
  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns

subsection if key exists or user defined

Return type

dict or scalar

static get_class_prefix()[source]

Return the prefix, that is used as a prefix for the serial numbers. :return: QUST :rtype: basestring

static get_class_type()[source]

Returns the internal token type identifier :return: qust :rtype: basestring

static get_setting_type(key)[source]

The setting type of questions is public, so that the user can also read the questions.

Parameters

key – The key of the setting

Returns

“public” string

has_further_challenge(options=None)[source]

Check if there are still more questions to be asked.

Parameters

options – Options dict

Returns

True, if further challenge is required.

is_challenge_request(passw, user=None, options=None)[source]

The questionnaire token is always a challenge response token. The challenge is triggered by providing the PIN as the password.

Parameters
  • passw (string) – password, which might be pin or pin+otp

  • user (User object) – The user from the authentication request

  • options (dict) – dictionary of additional request parameters

Returns

true or false

Return type

bool

update(param)[source]

This method is called during the initialization process.

Parameters

param (dict) – parameters from the token init

Returns

None