def __init__(self,
any=0,
knowledge=False,
inherence=False,
possession=False,
jailbreak_protection=False):
"""
Note that if any is used neither knowledge, inherence, nor possession can be used alongside it.
If all values are left at 0, service defaults will be used.
:param any: Int. Whether to require any x number of factors
:param knowledge: Boolean. Whether to require knowledge factors
:param inherence: Boolean. Whether to require inherence factors
:param possession: Boolean. Whether to require possesion factors
:param jailbreak_protection: Boolean. Whether to allow jailbroken / rooted devices to authenticate
"""
if knowledge not in (True, False, 0, 1) or inherence not in (True, False, 0, 1) \
or possession not in (True, False, 0, 1):
raise InvalidParameters(
"Inherence, knowledge, or possesion input must be a boolean.")
if any != 0 and (knowledge or inherence or possession):
raise InvalidParameters(
"Cannot use \"any\" with other specific factor requirements")
self.geofences = []
self.minimum_requirements = []
self.minimum_amount = 0
self._policy = {"factors": []}
self.set_minimum_requirements(knowledge, inherence, possession, any)
self.require_jailbreak_protection(jailbreak_protection)
def authorize(self, user, context=None, policy=None):
"""
Authorize a transaction for the provided user. This get_service_service method would be utilized if you are
using this as a secondary factor for user login or authorizing a single transaction within your application.
This will NOT begin a user session.
:param user: LaunchKey Username, User Push ID, or Directory User ID for the End User
:param context: Arbitrary string of data up to 400 characters to be presented to the End User during
authorization to provide context regarding the individual request
:param policy: Authorization policy override for this authorization. The policy can only increase the security
level any existing policy in the Service Profile. It can never reduce the security level of the Service
Profile's policy.
:raise: launchkey.exceptions.InvalidParameters - Input parameters were not correct
:raise: launchkey.exceptions.InvalidPolicyInput - Input policy was not valid
:raise: launchkey.exceptions.PolicyFailure - Auth creation failed due to user not passing policy
:raise: launchkey.exceptions.EntityNotFound - Username was invalid or the user does not have any valid devices
:raise: launchkey.exceptions.RateLimited - Too many authorization requests have been created for this user
:raise: launchkey.exceptions.InvalidPolicy - The input policy is not valid. It should be a
launchkey.clients.service.AuthPolicy.
Please wait and try again.
:return: String - Unique identifier for tracking status of the authorization request
"""
kwargs = {'username': user}
if context is not None:
kwargs['context'] = context
if policy is not None:
if not isinstance(policy, AuthPolicy):
raise InvalidParameters(
"Please verify the input policy is a "
"launchkey.clients.service.AuthPolicy class")
kwargs['policy'] = policy.get_policy()
response = self._transport.post("/service/v3/auths", self._subject,
**kwargs)
return self._validate_response(response,
AuthorizeValidator)['auth_request']
def add_geofence(self, latitude, longitude, radius, name=None):
"""
Adds a Geo-Fence requirement
:param latitude: Float. Geographical Latitude
:param longitude: Float. Geographical Longitude
:param radius: Float. Radius of the Geo-Fence in meters
:param name: String. Optional identifier for the Geo-Fence.
"""
self.geofences.append(GeoFence(latitude, longitude, radius, name))
try:
location = {
"radius": float(radius),
"latitude": float(latitude),
"longitude": float(longitude)
}
if name is not None:
location['name'] = str(name)
except TypeError:
raise InvalidParameters(
"Latitude, Longitude, and Radius must all be numbers.")
for i, factor in enumerate(self._policy['factors']):
if factor.get('factor') == "geofence":
self._policy['factors'][i]['attributes']['locations'].append(
location)
return
self._policy['factors'].append({
"factor": "geofence",
"requirement": "forced requirement",
"quickfail": False,
"priority": 1,
"attributes": {
"locations": [location]
}
})
def __init__(self,
any=0,
knowledge=False,
inherence=False,
possession=False,
jailbreak_protection=False):
"""
Note that if any is used neither knowledge, inherence, nor possession
can be used alongside it.
If all values are left at 0, service defaults will be used.
:param any: Int. Whether to require any x number of factors
:param knowledge: Boolean. Whether to require knowledge factor
:param inherence: Boolean. Whether to require inherence factor
:param possession: Boolean. Whether to require possesion factor
:param jailbreak_protection: Boolean. Whether to allow jailbroken /
rooted devices to authenticate
"""
warnings.warn(
"This object has been deprecated and will be removed in "
"the next major version. "
"Please use one of the new Policy objects in the "
"policy submodule",
category=DeprecationWarning)
if knowledge not in (True, False, 0, 1) \
or inherence not in (True, False, 0, 1) \
or possession not in (True, False, 0, 1):
raise InvalidParameters("Inherence, knowledge, or possesion "
"]input must be a boolean.")
if any != 0 and (knowledge or inherence or possession):
raise InvalidParameters("Cannot use \"any\" with other specific "
"factor requirements")
self.geofences = []
self.minimum_requirements = []
self.minimum_amount = 0
self._policy = {"factors": []}
self.set_minimum_requirements(knowledge, inherence, possession, any)
self.jailbreak_protection = jailbreak_protection
self.require_jailbreak_protection(jailbreak_protection)
def to_dict(self):
"""
returns the JSON representation of the policy object
"""
try:
dumps(self._policy)
except TypeError:
raise InvalidParameters("Policy input was not JSON serializable. "
"Please verify it is correct.")
return self._policy
def get_policy(self):
"""
Retrieves json representation of the policy
:return: Valid policy dict
"""
try:
dumps(self._policy)
except TypeError:
raise InvalidParameters(
"Policy input was not JSON serializable. Please verify it is correct."
)
return self._policy
def authorization_request(self,
user,
context=None,
policy=None,
title=None,
ttl=None,
push_title=None,
push_body=None,
denial_reasons=None):
"""
Authorize a transaction for the provided user. This get_service_service
method would be utilized if you are using this as a secondary factor
for user login or authorizing a single transaction within your
application. This will NOT begin a user session.
:param user: LaunchKey Username, User Push ID, or Directory User ID
for the End User
:param context: Arbitrary string of data up to 400 characters to be
presented to the End User during authorization to provide context
regarding the individual request
:param policy: Authorization policy override for this authorization.
The policy can only increase the security
level any existing policy in the Service Profile. It can never reduce
the security level of the Service Profile's policy.
:param title: String of data up to 200 characters to be presented to
the End User during authorization as the title of the individual
authorization request
:param ttl: Time for this authorization request to be valid. If no
value is provided, the system default will be used.
:param push_title: Title that will appear in the mobile authenticator's
push message. This feature is only available for Directory Services
that have push credentials configured.
:param push_body: Body that will appear in the mobile authenticator's
push message. This feature is only available for Directory Services
that have push credentials configured.
:param denial_reasons: List of denial reasons to present to the user if
they deny the request. This list must include at least two items. At
least one of the items must have a fraud value of false and at least
one of the items must have a fraud value of true. If no denial_reasons
are given the defaults will be used. If a list is provided and denial
context inquiry is not enabled for the Directory, this request will
error. This feature is only available for Directory Services.
:raise: launchkey.exceptions.InvalidParameters - Input parameters were
not correct
:raise: launchkey.exceptions.InvalidPolicyInput - Input policy was not
valid
:raise: launchkey.exceptions.PolicyFailure - Auth creation failed due
to user not passing policy
:raise: launchkey.exceptions.EntityNotFound - Username was invalid or
the user does not have any valid devices
:raise: launchkey.exceptions.RateLimited - Too many authorization
requests have been created for this user
:raise: launchkey.exceptions.InvalidPolicy - The input policy is not
valid. It should be a launchkey.clients.service.AuthPolicy.
Please wait and try again.
:raise: launchkey.exceptions.AuthorizationInProgress - Authorization
request already exists for the requesting user. That request either
needs to be responded to, expire out, or be canceled with
cancel_authorization_request().
:return AuthorizationResponse: Unique identifier for tracking status
of the authorization request
"""
kwargs = {'username': user}
if context is not None:
kwargs['context'] = context
if title is not None:
kwargs['title'] = title
if ttl is not None:
kwargs['ttl'] = ttl
if push_title is not None:
kwargs['push_title'] = push_title
if push_body is not None:
kwargs['push_body'] = push_body
if policy is not None:
if not isinstance(policy, AuthPolicy):
raise InvalidParameters(
"Please verify the input policy is a "
"launchkey.entities.service.AuthPolicy class")
kwargs['policy'] = policy.get_policy()
if denial_reasons is not None:
if not isinstance(denial_reasons, (list, set)):
raise InvalidParameters(
"Please ensure that input denial_reasons are a list of "
"launchkey.entities.service.DenialReason classes.")
parsed_reasons = []
for reason in denial_reasons:
if not isinstance(reason, DenialReason):
raise InvalidParameters(
"Please verify that denial_reasons are "
"launchkey.entities.service.DenialReason classes.")
parsed_reasons.append({
"id": reason.denial_id,
"reason": reason.reason,
"fraud": reason.fraud
})
kwargs['denial_reasons'] = parsed_reasons
response = self._transport.post("/service/v3/auths", self._subject,
**kwargs)
data = self._validate_response(response, AuthorizeValidator)
return AuthorizationRequest(data.get('auth_request'),
data.get('push_package'),
data.get('device_ids'))