Source code for privacyidea.lib.tokens.passwordtoken
# -*- coding: utf-8 -*-
#
# privacyIDEA is a fork of LinOTP
# 2014-12-05 Cornelius Kölbel <cornelius@privacyidea.org>
# Migration to flask
#
# May 08, 2014 Cornelius Kölbel
# License: AGPLv3
# contact: http://www.privacyidea.org
#
# Copyright (C) 2010 - 2014 LSE Leading Security Experts GmbH
# License: LSE
# contact: http://www.linotp.org
# http://www.lsexperts.de
# linotp@lsexperts.de
"""
This file contains the definition of the password token class
"""
import logging
from privacyidea.lib.crypto import zerome
from privacyidea.lib.tokenclass import TokenClass
from privacyidea.lib.log import log_with
from privacyidea.lib.decorators import check_token_locked
from privacyidea.lib import _
optional = True
required = False
log = logging.getLogger(__name__)
[docs]class PasswordTokenClass(TokenClass):
"""
This Token does use a fixed Password as the OTP value.
In addition, the OTP PIN can be used with this token.
This Token can be used for a scenario like losttoken
"""
[docs] class SecretPassword(object):
def __init__(self, secObj):
self.secretObject = secObj
[docs] def get_password(self):
return self.secretObject.getKey()
[docs] def check_password(self, password):
res = -1
key = self.secretObject.getKey()
if key == password:
res = 0
zerome(key)
del key
return res
def __init__(self, aToken):
TokenClass.__init__(self, aToken)
self.hKeyRequired = True
self.set_type(u"pw")
@staticmethod
[docs] def get_class_type():
return "pw"
@staticmethod
[docs] def get_class_prefix():
return "PW"
@staticmethod
@log_with(log)
[docs] def get_class_info(key=None, ret='all'):
"""
returns a subtree of the token definition
:param key: subsection identifier
:type key: string
:param ret: default return value, if nothing is found
:type ret: user defined
:return: subsection if key exists or user defined
:rtype: dict or scalar
"""
res = {'type': 'pw',
'title': 'Password Token',
'description': _('A token with a fixed password. Can be '
'combined with the OTP PIN. Is used for the '
'lost token scenario.'),
'init': {},
'config': {},
'user': [],
# This tokentype is enrollable in the UI for...
'ui_enroll': [],
'policy': {},
}
# I don't think we need to define the lost token policies here...
if key:
ret = res.get(key)
else:
if ret == 'all':
ret = res
return ret
[docs] def update(self, param):
"""
This method is called during the initialization process.
:param param: parameters from the token init
:type param: dict
:return: None
"""
"""
:param param:
:return:
"""
TokenClass.update(self, param)
self.set_otplen()
@log_with(log)
@check_token_locked
[docs] def set_otplen(self, otplen=0):
"""
sets the OTP length to the length of the password
:param otplen: This is ignored in this class
:type otplen: int
:result: None
"""
secretHOtp = self.token.get_otpkey()
sp = PasswordTokenClass.SecretPassword(secretHOtp)
pw_len = len(sp.get_password())
TokenClass.set_otplen(self, pw_len)
return
@log_with(log, log_entry=False)
@check_token_locked
[docs] def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
This checks the static password
:param anOtpVal: This contains the "OTP" value, which is the static
password
:return: result of password check, 0 in case of success, -1 if fail
:rtype: int
"""
secretHOtp = self.token.get_otpkey()
sp = PasswordTokenClass.SecretPassword(secretHOtp)
res = sp.check_password(anOtpVal)
return res