13.2.1.7. Policy Decorators¶
These are the policy decorator functions for internal (lib) policy decorators. policy decorators for the API (pre/post) are defined in api/lib/policy
The functions of this module are tested in tests/test_lib_policy_decorator.py
-
privacyidea.lib.policydecorators.
auth_otppin
(wrapped_function, *args, **kwds)[source]¶ Decorator to decorate the tokenclass.check_pin function. Depending on the ACTION.OTPPIN it * either simply accepts an empty pin * checks the pin against the userstore * or passes the request to the wrapped_function
Parameters: wrapped_function – In this case the wrapped function should be tokenclass.check_ping :param *args: args[1] is the pin :param **kwds: kwds[“options”] contains the flask g :return: True or False
-
privacyidea.lib.policydecorators.
auth_user_does_not_exist
(wrapped_function, user_object, passw, options=None)[source]¶ This decorator checks, if the user does exist at all. If the user does exist, the wrapped function is called.
The wrapped function is usually token.check_user_pass, which takes the arguments (user, passw, options={})
Parameters: - wrapped_function –
- user_object –
- passw –
- options – Dict containing values for “g” and “clientip”
Returns: Tuple of True/False and reply-dictionary
-
privacyidea.lib.policydecorators.
auth_user_has_no_token
(wrapped_function, user_object, passw, options=None)[source]¶ This decorator checks if the user has a token at all. If the user has a token, the wrapped function is called.
The wrapped function is usually token.check_user_pass, which takes the arguments (user, passw, options={})
Parameters: - wrapped_function –
- user_object –
- passw –
- options – Dict containing values for “g” and “clientip”
Returns: Tuple of True/False and reply-dictionary
-
privacyidea.lib.policydecorators.
auth_user_passthru
(wrapped_function, user_object, passw, options=None)[source]¶ This decorator checks the policy settings of ACTION.PASSTHRU. If the authentication against the userstore is not successful, the wrapped function is called.
The wrapped function is usually token.check_user_pass, which takes the arguments (user, passw, options={})
Parameters: - wrapped_function –
- user_object –
- passw –
- options – Dict containing values for “g” and “clientip”
Returns: Tuple of True/False and reply-dictionary
-
privacyidea.lib.policydecorators.
config_lost_token
(wrapped_function, *args, **kwds)[source]¶ Decorator to decorate the lib.token.lost_token function. Depending on ACTION.LOSTTOKENVALID, ACTION.LOSTTOKENPWCONTENTS, ACTION.LOSTTOKENPWLEN it sets the check_otp parameter, to signal how the lostToken should be generated.
Parameters: - wrapped_function – Usually the function lost_token()
- args – argument “serial” as the old serial number
- kwds – keyword arguments like “validity”, “contents”, “pw_len”
kwds[“options”] contains the flask g
Returns: calls the original function with the modified “validity”, “contents” and “pw_len” argument
-
class
privacyidea.lib.policydecorators.
libpolicy
(decorator_function)[source]¶ This is the decorator wrapper to call a specific function before a library call in contrast to prepolicy and postpolicy, which are to be called in API Calls.
The decorator expects a named parameter “options”. In this options dict it will look for the flask global “g”.
-
privacyidea.lib.policydecorators.
login_mode
(wrapped_function, *args, **kwds)[source]¶ Decorator to decorate the lib.auth.check_webui_user function. Depending on ACTION.LOGINMODE it sets the check_otp parameter, to signal that the authentication should be performed against privacyIDEA.
Parameters: - wrapped_function – Usually the function check_webui_user
- args – arguments user_obj and password
- kwds – keyword arguments like options and !check_otp!
kwds[“options”] contains the flask g :return: calls the original function with the modified “check_otp” argument