HOTP Token

class privacyidea.lib.tokens.hotptoken.HotpTokenClass(db_token)[source]

hotp token class implementation

check_otp(anOtpVal, counter=None, window=None, options=None)[source]

check if the given OTP value is valid for this token.

  • anOtpVal (string) – the to be verified otpvalue
  • counter (int) – the counter state, that should be verified
  • window (int) – the counter +window, which should be checked
  • options (dict) – the dict, which could contain token specific info

the counter state or -1

Return type:


check_otp_exist(otp, window=10, symetric=False, inc_counter=True)[source]

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

  • otp (string) – the to be verified otp value
  • window (int) – the lookahead window for the counter

counter or -1 if otp does not exist

Return type:


static get_class_info(key=None, ret='all')[source]

returns a subtree of the token definition Is used by lib.token.get_token_info

  • key (string) – subsection identifier
  • ret (user defined) – default return value, if nothing is found

subsection if key exists or user defined

Return type:


static get_class_prefix()[source]

Return the prefix, that is used as a prefix for the serial numbers. :return: oath

static get_class_type()[source]

return the token type shortname

Return type:string
classmethod get_default_settings(params, logged_in_user=None, policy_object=None, client_ip=None)[source]

This method returns a dictionary with default settings for token enrollment. These default settings are defined in SCOPE.USER and are hotp_hashlib, hotp_otplen. If these are set, the user will only be able to enroll tokens with these values.

The returned dictionary is added to the parameters of the API call. :param params: The call parameters :type params: dict :param logged_in_user: The logged_in_user dictionary with “role”,

“username” and “realm”
  • policy_object (PolicyClass) – The policy_object
  • client_ip (basestring) – The client IP address

default parameters

get_init_detail(params=None, user=None)[source]

to complete the token initialization some additional details should be returned, which are displayed at the end of the token initialization. This is the e.g. the enrollment URL for a Google Authenticator.

get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None, timestamp=None)[source]

return a dictionary of multiple future OTP values of the HOTP/HMAC token

WARNING: the dict that is returned contains a sequence number as key.
This it NOT the otp counter!
Parameters:count (int) – how many otp values should be returned
Epoch_start:Not used in HOTP
Epoch_end:Not used in HOTP
CurTime:Not used in HOTP
Timestamp:not used in HOTP
Returns:tuple of status: boolean, error: text and the OTP dictionary

return the next otp value

Parameters:curTime – Not Used in HOTP
Returns:next otp value and PIN if possible
Return type:tuple
static get_sync_timeout()[source]

get the token sync timeout value

Returns:timeout value in seconds
Return type:int
is_challenge_request(passw, user=None, options=None)[source]

check, if the request would start a challenge

  • default: if the passw contains only the pin, this request would

trigger a challenge

  • in this place as well the policy for a token is checked
  • passw – password, which might be pin or pin+otp
  • options – dictionary of additional request parameters

returns true or false

is_previous_otp(otp, window=10)[source]

Check if the OTP values was previously used.

  • otp
  • window

resync(otp1, otp2, options=None)[source]

resync the token based on two otp values

  • otp1 (string) – the first otp value
  • otp2 (string) – the second otp value
  • options (dict or None) – optional token specific parameters

counter or -1 if otp does not exist

Return type:


update(param, reset_failcount=True)[source]

process the initialization parameters

Do we really always need an otpkey? the otpKey is handled in the parent class :param param: dict of initialization parameters :type param: dict