def split_pin_otp(token, passw, user=None, options=None): ''' split the pin and the otp fron the given password :param passw: the to be splitted password :param options: currently not used, but might be forwarded to the token.splitPinPass :return: tuple of (split status, pin and otpval) ''' Policy = PolicyClass(request, config, c, get_privacyIDEA_config()) pin_policies = Policy.get_pin_policies(user) policy = 0 if 1 in pin_policies: LOG.debug("pin policy=1: checking the users password as pin") # split the passw into password and otp value (res, pin, otp) = token.splitPinPass(passw) policy = 1 elif 2 in pin_policies: # NO PIN should be entered atall LOG.debug("pin policy=2: checking no pin") (res, pin, otp) = (0, "", passw) policy = 2 else: # old stuff: We check The fixed OTP PIN LOG.debug("pin policy=0: checkin the PIN") (res, pin, otp) = token.splitPinPass(passw) if res != -1: res = policy return (res, pin, otp)
def check_pin(token, passw, user=None, options=None): ''' check the provided pin w.r.t. the policy definition :param passw: the to be checked pass :param user: if otppin==1, this is the user, which resolver should be checked :param options: the optional request parameters :return: boolean, if pin matched True ''' res = False Policy = PolicyClass(request, config, c, get_privacyIDEA_config()) pin_policies = Policy.get_pin_policies(user) if 1 in pin_policies: # We check the Users Password as PIN LOG.debug("pin policy=1: checking the users" " password as pin") if (user is None): raise Exception("fail for pin policy == 1 with user = None") (uid, _resolver, resolver_class) = getUserId(user) r_obj = getResolverObject(resolver_class) if r_obj.checkPass(uid, passw): LOG.debug("Successfully authenticated user %r." % uid) res = True else: LOG.info("user %r failed to authenticate." % uid) elif 2 in pin_policies: # NO PIN should be entered atall LOG.debug("pin policy=2: checking no pin") if len(passw) == 0: res = True else: # old stuff: We check The fixed OTP PIN LOG.debug("pin policy=0: checkin the PIN") res = token.checkPin(passw, options=options) return res