15.2.1.2.16. SPass Token¶
-
class
privacyidea.lib.tokens.spasstoken.
SpassTokenClass
(db_token)[source]¶ This is a simple pass token. It does have no OTP component. The OTP checking will always succeed. Of course, an OTP PIN can be used.
-
authenticate
(passw, user=None, options=None)[source]¶ in case of a wrong passw, we return a bad matching pin, so the result will be an invalid token
-
check_otp
(otpval, counter=None, window=None, options=None)[source]¶ As we have no otp value we always return true. (counter == 0)
-
static
get_class_info
(key=None, ret='all')[source]¶ returns a subtree of the token definition Is used by lib.token.get_token_info
- Parameters
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns
subsection if key exists or user defined
- Return type
dict
-
static
is_challenge_request
(passw, user, options=None)[source]¶ The spass token does not support challenge response :param passw: :param user: :param options: :return:
-
static
is_challenge_response
(passw, user, options=None, challenges=None)[source]¶ This method checks, if this is a request that is supposed to be the answer to a previous challenge.
The default behaviour to check if this is the response to a previous challenge is simply by checking if the request contains a parameter
state
ortransactionid
i.e. checking if theoptions
parameter contains a keystate
ortransactionid
.This method does not try to verify the response itself! It only determines, if this is a response for a challenge or not. If the challenge still exists, is checked in has_db_challenge_response. The response is verified in check_challenge_response.
- Parameters
passw (string) – password, which might be pin or pin+otp
user (User object) – the requesting user
options (dict) – dictionary of additional request parameters
- Returns
true or false
- Return type
bool
-