Python PolicyClass.get_auth_challenge_response Exemples

Exemple #1

Fichier : validate.py Projet : asifiqbal/privacyidea

    def check_standard(self, passw, user, options=None):
        '''
        do a standard verification, as we are not in a challengeResponse mode

        the upper interfaces expect in the success the otp counter or at
        least 0 if we have a success. A -1 identifies an error

        :param passw: the password, which should be checked
        :param options: dict with additional request parameters

        :return: tuple of matching otpcounter and a potential reply
        '''

        otp_count = -1
        pin_match = False
        reply = None

        ttype = self.token.getType()

        ## fallback eg. in case of check_s, which does not provide a user
        if user is None:
            user = privacyidea.lib.token.get_token_owner(self.token)
            
        Policy = PolicyClass(request, config, c,
                             get_privacyIDEA_config())
        support_challenge_response = Policy.get_auth_challenge_response(user, ttype)

        ## special handling for tokens, who support only challenge modes
        ## like the sms, email or ocra2 token
        challenge_mode_only = False

        mode = self.token.mode
        if type(mode) == list and len(mode) == 1 and mode[0] == "challenge":
            challenge_mode_only = True

        ## the support_challenge_response is overruled, if the token
        ## supports only challenge processing
        if challenge_mode_only == True:
            support_challenge_response = True

        try:
            ## call the token authentication
            (pin_match, otp_count, reply) = self.token.authenticate(passw, user,
                                                                options=options)
        except Exception as exx:
            if (support_challenge_response == True and
                self.token.is_challenge_request(passw, user, options=options)):
                LOG.info("Retry on base of a challenge request:")
                pin_match = False
                otp_count = -1
            else:
                LOG.error("%s" % (traceback.format_exc()))
                raise Exception(exx)

        if otp_count < 0 or pin_match == False:

            if (support_challenge_response == True and
                self.token.isActive() and
                self.token.is_challenge_request(passw, user, options=options)):
                # we are in createChallenge mode
                # fix for #12413:
                # - moved the create_challenge call to the checkTokenList!
                ## after all tokens are processed and only one is challengeing
                # (_res, reply) = create_challenge(self.token, options=options)
                self.challenge_token.append(self.token)

        if len(self.challenge_token) == 0:
            if otp_count >= 0:
                self.valid_token.append(self.token)
            elif pin_match is True:
                self.pin_matching_token.append(self.token)
            else:
                self.invalid_token.append(self.token)

        return (otp_count, reply)