def trigger_challenge():
"""
An administrator can call this endpoint if he has the right of
``triggerchallenge`` (scope: admin).
He can pass a ``user`` name and or a ``serial`` number.
privacyIDEA will trigger challenges for all native challenges response
tokens, possessed by this user or only for the given serial number.
The request needs to contain a valid PI-Authorization header.
:param user: The loginname/username of the user, who tries to authenticate.
:param realm: The realm of the user, who tries to authenticate. If the
realm is omitted, the user is looked up in the default realm.
:param serial: The serial number of the token.
:param type: The tokentype of the tokens, that are taken into account during
authentication. Requires authz policy application_tokentype.
Is ignored when a distinct serial is given.
:return: a json result with a "result" of the number of matching
challenge response tokens
**Example response** for a successful triggering of challenge:
.. sourcecode:: http
HTTP/1.1 200 OK
Content-Type: application/json
{
"detail": {
"client_mode": "interactive",
"message": "please enter otp: , please enter otp: ",
"messages": [
"please enter otp: ",
"please enter otp: "
],
"multi_challenge": [
{
"client_mode": "interactive",
"message": "please enter otp: ",
"serial": "TOTP000026CB",
"transaction_id": "11451135673179897001",
"type": "totp"
},
{
"client_mode": "interactive",
"message": "please enter otp: ",
"serial": "OATH0062752C",
"transaction_id": "11451135673179897001",
"type": "hotp"
}
],
"serial": "OATH0062752C",
"threadid": 140329819764480,
"transaction_id": "11451135673179897001",
"transaction_ids": [
"11451135673179897001",
"11451135673179897001"
],
"type": "hotp"
},
"id": 2,
"jsonrpc": "2.0",
"result": {
"status": true,
"value": 2
}
**Example response** for response, if the user has no challenge token:
.. sourcecode:: http
HTTP/1.1 200 OK
Content-Type: application/json
{
"detail": {"messages": [],
"threadid": 140031212377856,
"transaction_ids": []},
"id": 1,
"jsonrpc": "2.0",
"result": {"status": true,
"value": 0},
"signature": "205530282...54508",
"time": 1484303812.346576,
"version": "privacyIDEA 2.17",
"versionnumber": "2.17"
}
**Example response** for a failed triggering of a challenge. In this case
the ``status`` will be ``false``.
.. sourcecode:: http
HTTP/1.1 200 OK
Content-Type: application/json
{
"detail": null,
"id": 1,
"jsonrpc": "2.0",
"result": {"error": {"code": 905,
"message": "ERR905: The user can not be
found in any resolver in this realm!"},
"status": false},
"signature": "14468...081555",
"time": 1484303933.72481,
"version": "privacyIDEA 2.17"
}
"""
user = request.User
serial = getParam(request.all_data, "serial")
token_type = getParam(request.all_data, "type")
details = {"messages": [], "transaction_ids": []}
options = {"g": g, "clientip": g.client_ip, "user": user}
# Add all params to the options
for key, value in request.all_data.items():
if value and key not in ["g", "clientip", "user"]:
options[key] = value
token_objs = get_tokens(serial=serial,
user=user,
active=True,
revoked=False,
locked=False,
tokentype=token_type)
# Only use the tokens, that are allowed to do challenge response
chal_resp_tokens = [
token_obj for token_obj in token_objs if "challenge" in token_obj.mode
]
create_challenges_from_tokens(chal_resp_tokens, details, options)
result_obj = len(details.get("multi_challenge"))
challenge_serials = [
challenge_info["serial"]
for challenge_info in details["multi_challenge"]
]
g.audit_object.log({
"user":
user.login,
"resolver":
user.resolver,
"realm":
user.realm,
"success":
result_obj > 0,
"info":
log_used_user(user, "triggered {0!s} challenges".format(result_obj)),
"serial":
",".join(challenge_serials),
})
return send_result(result_obj, rid=2, details=details)
def trigger_challenge():
"""
An administrator can call this endpoint if he has the right of
``triggerchallenge`` (scope: admin).
He can pass a ``user`` name and or a ``serial`` number.
privacyIDEA will trigger challenges for all native challenges response
tokens, possessed by this user or only for the given serial number.
The request needs to contain a valid PI-Authorization header.
:param user: The loginname/username of the user, who tries to authenticate.
:param realm: The realm of the user, who tries to authenticate. If the
realm is omitted, the user is looked up in the default realm.
:param serial: The serial number of the token.
:return: a json result with a "result" of the number of matching
challenge response tokens
**Example response** for a successful triggering of challenge:
.. sourcecode:: http
{"jsonrpc": "2.0",
"signature": "1939...146964",
"detail": {"transaction_ids": ["03921966357577766962"],
"messages": ["Enter the OTP from the SMS:"],
"threadid": 140422378276608},
"versionnumber": "unknown",
"version": "privacyIDEA unknown",
"result": {"status": true,
"value": 1},
"time": 1482223663.517212,
"id": 1}
**Example response** for response, if the user has no challenge token:
.. sourcecode:: http
{"detail": {"messages": [],
"threadid": 140031212377856,
"transaction_ids": []},
"id": 1,
"jsonrpc": "2.0",
"result": {"status": true,
"value": 0},
"signature": "205530282...54508",
"time": 1484303812.346576,
"version": "privacyIDEA 2.17",
"versionnumber": "2.17"}
**Example response** for a failed triggering of a challenge. In this case
the ``status`` will be ``false``.
.. sourcecode:: http
{"detail": null,
"id": 1,
"jsonrpc": "2.0",
"result": {"error": {"code": 905,
"message": "ERR905: The user can not be
found in any resolver in this realm!"},
"status": false},
"signature": "14468...081555",
"time": 1484303933.72481,
"version": "privacyIDEA 2.17"}
"""
user = request.User
serial = getParam(request.all_data, "serial")
details = {"messages": [], "transaction_ids": []}
options = {"g": g, "clientip": g.client_ip, "user": user}
token_objs = get_tokens(serial=serial,
user=user,
active=True,
revoked=False,
locked=False)
# Only use the tokens, that are allowed to do challenge response
chal_resp_tokens = [
token_obj for token_obj in token_objs if "challenge" in token_obj.mode
]
create_challenges_from_tokens(chal_resp_tokens, details, options)
result_obj = len(details.get("multi_challenge"))
challenge_serials = [
challenge_info["serial"]
for challenge_info in details["multi_challenge"]
]
g.audit_object.log({
"user":
user.login,
"resolver":
user.resolver,
"realm":
user.realm,
"success":
result_obj > 0,
"info":
log_used_user(user, "triggered {0!s} challenges".format(result_obj)),
"serial":
",".join(challenge_serials),
})
return send_result(result_obj, details=details)
def trigger_challenge():
"""
An administrator can call this endpoint if he has the right of
``triggerchallenge`` (scope: admin).
He can pass a ``user`` name and or a ``serial`` number.
privacyIDEA will trigger challenges for all native challenges response
tokens, possessed by this user or only for the given serial number.
The request needs to contain a valid PI-Authorization header.
:param user: The loginname/username of the user, who tries to authenticate.
:param realm: The realm of the user, who tries to authenticate. If the
realm is omitted, the user is looked up in the default realm.
:param serial: The serial number of the token.
:return: a json result with a "result" of the number of matching
challenge response tokens
**Example response** for a successful triggering of challenge:
.. sourcecode:: http
{"jsonrpc": "2.0",
"signature": "1939...146964",
"detail": {"transaction_ids": ["03921966357577766962"],
"messages": ["Enter the OTP from the SMS:"],
"threadid": 140422378276608},
"versionnumber": "unknown",
"version": "privacyIDEA unknown",
"result": {"status": true,
"value": 1},
"time": 1482223663.517212,
"id": 1}
**Example response** for response, if the user has no challenge token:
.. sourcecode:: http
{"detail": {"messages": [],
"threadid": 140031212377856,
"transaction_ids": []},
"id": 1,
"jsonrpc": "2.0",
"result": {"status": true,
"value": 0},
"signature": "205530282...54508",
"time": 1484303812.346576,
"version": "privacyIDEA 2.17",
"versionnumber": "2.17"}
**Example response** for a failed triggering of a challenge. In this case
the ``status`` will be ``false``.
.. sourcecode:: http
{"detail": null,
"id": 1,
"jsonrpc": "2.0",
"result": {"error": {"code": 905,
"message": "ERR905: The user can not be
found in any resolver in this realm!"},
"status": false},
"signature": "14468...081555",
"time": 1484303933.72481,
"version": "privacyIDEA 2.17"}
"""
user = request.User
serial = getParam(request.all_data, "serial")
details = {"messages": [],
"transaction_ids": []}
options = {"g": g,
"clientip": g.client_ip,
"user": user}
token_objs = get_tokens(serial=serial, user=user, active=True, revoked=False, locked=False)
# Only use the tokens, that are allowed to do challenge response
chal_resp_tokens = [token_obj for token_obj in token_objs if "challenge" in token_obj.mode]
create_challenges_from_tokens(chal_resp_tokens, details, options)
result_obj = len(details.get("multi_challenge"))
g.audit_object.log({
"user": user.login,
"resolver": user.resolver,
"realm": user.realm,
"success": result_obj > 0,
"info": log_used_user(user, "triggered {0!s} challenges".format(result_obj))
})
return send_result(result_obj, details=details)
