16.2.1.2.4. Email Token¶
- class privacyidea.lib.tokens.emailtoken.EmailTokenClass(aToken)[source]¶
Implementation of the EMail Token Class, that sends OTP values via SMTP. (Similar to SMSTokenClass)
Create a new HOTP Token object
- Parameters
db_token (DB object) – instance of the orm db object
- EMAIL_ADDRESS_KEY = 'email'¶
- can_verify_enrollment = True¶
- check_otp(anOtpVal, counter=None, window=None, options=None)[source]¶
check the otpval of a token against a given counter and the window
- Parameters
anOtpVal (string) – the to be verified passw/pin
- Returns
counter if found, -1 if not found
- Return type
int
- create_challenge(transactionid=None, options=None)[source]¶
create a challenge, which is submitted to the user
- Parameters
transactionid – the id of this challenge
options – the request context parameters / data You can pass
exception=1to raise an exception, if the Email could not be sent.
- Returns
tuple of (success, message, transactionid, attributes)
success: if submit was successful
message: the text submitted to the user
transactionid: the given or generated transactionid
reply_dict: additional dictionary, which is added to the response
- Return type
tuple(bool, str, str, dict)
- classmethod enroll_via_validate(g, content, user_obj, message=None)[source]¶
This class method is used in the policy ENROLL_VIA_MULTICHALLENGE. It enrolls a new token of this type and returns the necessary information to the client by modifying the content.
- Parameters
g – context object
content – The content of a response
user_obj – A user object
message – An alternative message displayed to the user during enrollment
- Returns
None, the content is modified
- enroll_via_validate_2nd_step(passw, options=None)[source]¶
This method is the optional second step of ENROLL_VIA_MULTICHALLENGE. It is used in situations like the email token, sms token or push, when enrollment via challenge response needs two steps.
The passw is entered during the first authentication step and it contains the email address.
So we need to update the token with the email address and we need to create a new challenge for the final authentication.
- Parameters
options –
- Returns
- static get_class_info(key=None, ret='all')[source]¶
returns all or a subtree of the token definition
- Parameters
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns
subsection if key exists or user defined
- Return type
dict
- static get_class_prefix()[source]¶
Return the prefix, that is used as a prefix for the serial numbers. :return: oath
- is_challenge_request(passw, user=None, options=None)[source]¶
check, if the request would start a challenge
We need to define the function again, to get rid of the is_challenge_request-decorator of the HOTP-Token
- Parameters
passw – password, which might be pin or pin+otp
options – dictionary of additional request parameters
- Returns
returns true or false
- mode = ['challenge']¶
- prepare_verify_enrollment(options=None)[source]¶
This is called, if the token should be enrolled in a way, that the user needs to provide a proof, that the server can verify, that the token was successfully enrolled. The email token needs to send an email with OTP.
The returned dictionary is added to the response in “detail” -> “verify”.
- Returns
A dictionary with information that is needed to trigger the verification.
- classmethod test_config(params=None)[source]¶
This method is used to test the token config. Some tokens require some special token configuration like the SMS-Token or the Email-Token. To test this configuration, this classmethod is used.
It takes token specific parameters and returns a tuple of a boolean and a result description.
- Parameters
params (dict) – token specific parameters
- Returns
success, description
- Return type
tuple
