16. Code Documentation¶
The code roughly has three levels: API, LIB and DB.
16.1. API level¶
The API level is used to access the system.
For some calls you need to be authenticated as administrator,
for some calls you can be authenticated as normal user.
These are the token
and the audit
endpoint.
For calls to the validate
API you do not need to be authenticated at all.
At this level Authentication
is performed. In the lower levels there is no
authentication anymore.
The object g.logged_in_user
is used to pass the authenticated user.
The client gets a JSON Web Token to authenticate every request.
API functions are decorated with the decorators admin_required
and
user_required
to define access rules.
- 16.1.1. REST API
- 16.1.1.1. Audit endpoint
- 16.1.1.2. Authentication endpoints
- 16.1.1.3. Validate endpoints
- 16.1.1.4. System endpoints
- 16.1.1.5. Tokengroup endpoints
- 16.1.1.6. Service ID endpoints
- 16.1.1.7. Resolver endpoints
- 16.1.1.8. Realm endpoints
- 16.1.1.9. Default Realm endpoints
- 16.1.1.10. Token endpoints
- 16.1.1.11. Container endpoints
- 16.1.1.12. User endpoints
- 16.1.1.13. Policy endpoints
- 16.1.1.14. Event endpoints
- 16.1.1.15. Machine Resolver endpoints
- 16.1.1.16. Machine endpoints
- 16.1.1.17. privacyIDEA Server endpoints
- 16.1.1.18. CA Connector endpoints
- 16.1.1.19. Recover endpoints
- 16.1.1.20. Register endpoints
- 16.1.1.21. Monitoring endpoints
- 16.1.1.22. Periodic Task endpoints
- 16.1.1.23. Application endpoints
- 16.1.1.24. Tokentype endpoints
- 16.1.1.25. SMTP server endpoints
- 16.1.1.26. SMS Gateway endpoints
- 16.1.1.27. RADIUS server endpoints
- 16.1.1.28. Subscriptions endpoints
- 16.1.1.29. Client endpoints
16.2. LIB level¶
At the LIB level all library functions are defined. There is no authentication on this level. Also there is no flask/Web/request code on this level.
Request information and the logged_in_user
need to be passed to the
functions as parameters, if they are needed.
If possible, policies are checked with policy decorators.
- 16.2.1. library functions
- 16.2.1.1. Users
- 16.2.1.2. Token Class
- 16.2.1.2.1. 4 Eyes Token
- 16.2.1.2.2. Certificate Token
- 16.2.1.2.3. Daplug Token
- 16.2.1.2.4. Email Token
- 16.2.1.2.5. HOTP Token
- 16.2.1.2.6. mOTP Token
- 16.2.1.2.7. OCRA Token
- 16.2.1.2.8. Paper Token
- 16.2.1.2.9. PasswordToken
- 16.2.1.2.10. Push Token
- 16.2.1.2.11. Questionnaire Token
- 16.2.1.2.12. RADIUS Token
- 16.2.1.2.13. Registration Code Token
- 16.2.1.2.14. Remote Token
- 16.2.1.2.15. SMS Token
- 16.2.1.2.16. SPass Token
- 16.2.1.2.17. SSHKey Token
- 16.2.1.2.18. TiQR Token
- 16.2.1.2.19. TOTP Token
- 16.2.1.2.20. U2F Token
- 16.2.1.2.21. Vasco Token
- 16.2.1.2.22. WebAuthn Token
- 16.2.1.2.23. Yubico Token
- 16.2.1.2.24. Yubikey Token
- 16.2.1.3. Token Functions
- 16.2.1.4. Container Class
- 16.2.1.5. Container Functions
- 16.2.1.6. Application Class
- 16.2.1.7. Policy Module
- 16.2.1.8. Job Queue
- 16.2.1.9. API Policies
- 16.2.1.10. Policy Decorators
- 16.2.1.11. Event Handler
- 16.2.1.12. SMS Provider
- 16.2.2. UserIdResolvers
- 16.2.3. Audit log
- 16.2.4. Monitoring
- 16.2.5. Machine Resolvers
- 16.2.6. PinHandler
16.3. DB level¶
On the DB level you can simply modify all objects.