14.2.1.2.5. HOTP Token¶
-
class
privacyidea.lib.tokens.hotptoken.HotpTokenClass(db_token)[source]¶ hotp token class implementation
-
check_otp(anOtpVal, counter=None, window=None, options=None)[source]¶ check if the given OTP value is valid for this token.
Parameters: - anOtpVal (string) – the to be verified otpvalue
- counter (int) – the counter state, that should be verified
- window (int) – the counter +window, which should be checked
- options (dict) – the dict, which could contain token specific info
Returns: the counter state or -1
Return type: int
-
check_otp_exist(otp, window=10, symetric=False, inc_counter=True)[source]¶ checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.
Parameters: - otp (string) – the to be verified otp value
- window (int) – the lookahead window for the counter
Returns: counter or -1 if otp does not exist
Return type: int
-
static
get_class_info(key=None, ret='all')[source]¶ returns a subtree of the token definition Is used by lib.token.get_token_info
Parameters: - key (string) – subsection identifier
- ret (user defined) – default return value, if nothing is found
Returns: subsection if key exists or user defined
Return type: dict
-
static
get_class_prefix()[source]¶ Return the prefix, that is used as a prefix for the serial numbers. :return: oath
-
classmethod
get_default_settings(params, logged_in_user=None, policy_object=None, client_ip=None)[source]¶ This method returns a dictionary with default settings for token enrollment. These default settings are defined in SCOPE.USER and are hotp_hashlib, hotp_otplen. If these are set, the user will only be able to enroll tokens with these values.
The returned dictionary is added to the parameters of the API call. :param params: The call parameters :type params: dict :param logged_in_user: The logged_in_user dictionary with “role”,
“username” and “realm”Parameters: - policy_object (PolicyClass) – The policy_object
- client_ip (basestring) – The client IP address
Returns: default parameters
-
get_init_detail(params=None, user=None)[source]¶ to complete the token initialization some additional details should be returned, which are displayed at the end of the token initialization. This is the e.g. the enrollment URL for a Google Authenticator.
-
get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None, timestamp=None)[source]¶ return a dictionary of multiple future OTP values of the HOTP/HMAC token
- WARNING: the dict that is returned contains a sequence number as key.
- This it NOT the otp counter!
Parameters: count (int) – how many otp values should be returned Epoch_start: Not used in HOTP Epoch_end: Not used in HOTP CurTime: Not used in HOTP Timestamp: not used in HOTP Returns: tuple of status: boolean, error: text and the OTP dictionary
-
get_otp(current_time=None)[source]¶ return the next otp value
Parameters: curTime – Not Used in HOTP Returns: next otp value and PIN if possible Return type: tuple
-
static
get_sync_timeout()[source]¶ get the token sync timeout value
Returns: timeout value in seconds Return type: int
-
hashlib¶
-
is_challenge_request(passw, user=None, options=None)[source]¶ check, if the request would start a challenge
- default: if the passw contains only the pin, this request would
trigger a challenge
- in this place as well the policy for a token is checked
Parameters: - passw – password, which might be pin or pin+otp
- options – dictionary of additional request parameters
Returns: returns true or false
-
is_previous_otp(otp, window=10)[source]¶ Check if the OTP values was previously used.
Parameters: - otp –
- window –
Returns:
-
