15.2.1.2.16. SPass Token¶
- class privacyidea.lib.tokens.spasstoken.SpassTokenClass(db_token)[source]¶
This is a simple pass token. It does have no OTP component. The OTP checking will always succeed. Of course, an OTP PIN can be used.
Create a new token object.
- Parameters
db_token (Token) – A database token object
- Returns
A TokenClass object
- authenticate(passw, user=None, options=None)[source]¶
in case of a wrong passw, we return a bad matching pin, so the result will be an invalid token
- check_otp(otpval, counter=None, window=None, options=None)[source]¶
As we have no otp value we always return true. (counter == 0)
- static get_class_info(key=None, ret='all')[source]¶
returns a subtree of the token definition Is used by lib.token.get_token_info
- Parameters
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns
subsection if key exists or user defined
- Return type
dict
- static is_challenge_request(passw, user, options=None)[source]¶
The spass token does not support challenge response :param passw: :param user: :param options: :return:
- static is_challenge_response(passw, user, options=None, challenges=None)[source]¶
This method checks, if this is a request that is supposed to be the answer to a previous challenge.
The default behaviour to check if this is the response to a previous challenge is simply by checking if the request contains a parameter
stateortransactionidi.e. checking if theoptionsparameter contains a keystateortransactionid.This method does not try to verify the response itself! It only determines, if this is a response for a challenge or not. If the challenge still exists, is checked in has_db_challenge_response. The response is verified in check_challenge_response.
- Parameters
passw (string) – password, which might be pin or pin+otp
user (User object) – the requesting user
options (dict) – dictionary of additional request parameters
- Returns
true or false
- Return type
bool
