14.2.1.2.7. OCRA Token¶
The OCRA token is the base OCRA functionality. Usually it is created by importing a CSV or PSKC file.
This code is tested in tests/test_lib_tokens_tiqr.
14.2.1.2.7.1. Implementation¶
-
class
privacyidea.lib.tokens.ocratoken.
OcraTokenClass
(db_token)[source]¶ The OCRA Token Implementation
-
check_otp
(otpval, counter=None, window=None, options=None)[source]¶ This function is invoked by
TokenClass.check_challenge_response
and checks if the given password matches the expected response for the given challenge.Parameters: - otpval – the password (pin + otp)
- counter – ignored
- window – ignored
- options – dictionary that must contain “challenge”
Returns: >=0 if the challenge matches, -1 otherwise
-
create_challenge
(transactionid=None, options=None)[source]¶ This method creates a challenge, which is submitted to the user. The submitted challenge will be preserved in the challenge database.
If no transaction id is given, the system will create a transaction id and return it, so that the response can refer to this transaction.
Parameters: - transactionid – the id of this challenge
- options (dict) – the request context parameters / data
Returns: tuple of (bool, message, transactionid, attributes)
Return type: tuple
The return tuple builds up like this:
bool
if submit was successful;message
which is displayed in the JSON response; additionalattributes
, which are displayed in the JSON response.
-
static
get_class_info
(key=None, ret='all')[source]¶ returns a subtree of the token definition
Parameters: - key (string) – subsection identifier
- ret (user defined) – default return value, if nothing is found
Returns: subsection if key exists or user defined
Return type: dict or scalar
-
static
get_class_prefix
()[source]¶ Return the prefix, that is used as a prefix for the serial numbers. :return: OCRA :rtype: basestring
-
static
get_class_type
()[source]¶ Returns the internal token type identifier :return: ocra :rtype: basestring
-
is_challenge_request
(passw, user=None, options=None)[source]¶ check, if the request would start a challenge In fact every Request that is not a response needs to start a challenge request.
At the moment we do not think of other ways to trigger a challenge.
- This function is not decorated with
- @challenge_response_allowed
as the OCRA token is always a challenge response token!
Parameters: - passw – The PIN of the token.
- options – dictionary of additional request parameters
Returns: returns true or false
-