def check_standard(self, passw, user, options=None): ''' do a standard verification, as we are not in a challengeResponse mode the upper interfaces expect in the success the otp counter or at least 0 if we have a success. A -1 identifies an error :param passw: the password, which should be checked :param options: dict with additional request parameters :return: tuple of matching otpcounter and a potential reply ''' otp_count = -1 pin_match = False reply = None ttype = self.token.getType() ## fallback eg. in case of check_s, which does not provide a user if user is None: user = privacyidea.lib.token.get_token_owner(self.token) Policy = PolicyClass(request, config, c, get_privacyIDEA_config()) support_challenge_response = Policy.get_auth_challenge_response(user, ttype) ## special handling for tokens, who support only challenge modes ## like the sms, email or ocra2 token challenge_mode_only = False mode = self.token.mode if type(mode) == list and len(mode) == 1 and mode[0] == "challenge": challenge_mode_only = True ## the support_challenge_response is overruled, if the token ## supports only challenge processing if challenge_mode_only == True: support_challenge_response = True try: ## call the token authentication (pin_match, otp_count, reply) = self.token.authenticate(passw, user, options=options) except Exception as exx: if (support_challenge_response == True and self.token.is_challenge_request(passw, user, options=options)): LOG.info("Retry on base of a challenge request:") pin_match = False otp_count = -1 else: LOG.error("%s" % (traceback.format_exc())) raise Exception(exx) if otp_count < 0 or pin_match == False: if (support_challenge_response == True and self.token.isActive() and self.token.is_challenge_request(passw, user, options=options)): # we are in createChallenge mode # fix for #12413: # - moved the create_challenge call to the checkTokenList! ## after all tokens are processed and only one is challengeing # (_res, reply) = create_challenge(self.token, options=options) self.challenge_token.append(self.token) if len(self.challenge_token) == 0: if otp_count >= 0: self.valid_token.append(self.token) elif pin_match is True: self.pin_matching_token.append(self.token) else: self.invalid_token.append(self.token) return (otp_count, reply)