user.auth.second_factor ======================= .. py:module:: user.auth.second_factor Attributes ---------- .. autoapisummary:: user.auth.second_factor.SECOND_FACTORS Classes ------- .. autoapisummary:: user.auth.second_factor.YubikeyConfig user.auth.second_factor.SecondFactor user.auth.second_factor.SingleStepSecondFactor user.auth.second_factor.TwoStepSecondFactor user.auth.second_factor.YubikeyFactor user.auth.second_factor.MTANFactor user.auth.second_factor.TOTPFactor Module Contents --------------- .. py:class:: YubikeyConfig Bases: :py:obj:`TypedDict` dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object's (key, value) pairs dict(iterable) -> new dictionary initialized as if via: d = {} for k, v in iterable: d[k] = v dict(**kwargs) -> new dictionary initialized with the name=value pairs in the keyword argument list. For example: dict(one=1, two=2) .. py:attribute:: yubikey_client_id :type: str | None .. py:attribute:: yubikey_secret_key :type: str | None .. py:data:: SECOND_FACTORS :type: dict[str, type[AnySecondFactor]] .. py:class:: SecondFactor Base class and registry for secondary auth factors. .. py:attribute:: __slots__ :value: () .. py:attribute:: type :type: ClassVar[str] .. py:attribute:: self_activation :type: bool :value: False .. py:method:: __init_subclass__(type: str | None = None, **kwargs: Any) :classmethod: .. py:method:: configure(**cfg: Any) -> Self | None :classmethod: :abstractmethod: Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor. If the configuration is invalid None will be returned, otherwise a new instance is created. All used configuration values should be popped, not just read. .. py:method:: args_from_app(app: morepath.App) -> collections.abc.Mapping[str, Any] :classmethod: :abstractmethod: Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None. .. py:method:: start_activation(request: onegov.core.request.CoreRequest, auth: onegov.user.auth.Auth) -> webob.Response | None Initiates the activation of the second factor. .. py:method:: complete_activation(user: onegov.user.User, factor: Any) -> None Completes the activation of the second factor. .. py:class:: SingleStepSecondFactor Bases: :py:obj:`SecondFactor` Base class for single step secondary auth factors. Second factors may be eagerly available like a TOTP, so we can ask for it in the initial login form, rather than in a second step. .. py:attribute:: kind :type: ClassVar[Literal['single_step']] :value: 'single_step' .. py:method:: is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) -> bool :abstractmethod: Returns true if the given factor is valid for the given user-specific configuration. This is the value stored on the user in the `second_factor` column. .. py:class:: TwoStepSecondFactor Bases: :py:obj:`SecondFactor` Base class for two step secondary auth factors. Second factors may involve a challenge response step like sending a token to a mobile device. .. py:attribute:: kind :type: ClassVar[Literal['two_step']] :value: 'two_step' .. py:method:: send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth) -> webob.Response :abstractmethod: Sends the authentication challenge. The response will be checked in a second step using :meth:`is_valid` .. py:class:: YubikeyFactor(yubikey_client_id: str, yubikey_secret_key: str) Bases: :py:obj:`SingleStepSecondFactor` Implements a yubikey factor for the :class:`Auth` class. .. py:attribute:: __slots__ :value: ('yubikey_client_id', 'yubikey_secret_key') .. py:attribute:: yubikey_client_id .. py:attribute:: yubikey_secret_key .. py:method:: configure(**cfg: Any) -> Self | None :classmethod: Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor. If the configuration is invalid None will be returned, otherwise a new instance is created. All used configuration values should be popped, not just read. .. py:method:: args_from_app(app: morepath.App) -> YubikeyConfig :classmethod: Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None. .. py:method:: is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) -> bool Returns true if the given factor is valid for the given user-specific configuration. This is the value stored on the user in the `second_factor` column. .. py:class:: MTANFactor(mtan_automatic_setup: bool) Bases: :py:obj:`TwoStepSecondFactor` Implements a mTAN factor for the :class:`Auth` class. .. py:attribute:: __slots__ :value: ('self_activation',) .. py:attribute:: self_activation .. py:method:: configure(**cfg: Any) -> Self | None :classmethod: Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor. If the configuration is invalid None will be returned, otherwise a new instance is created. All used configuration values should be popped, not just read. .. py:method:: args_from_app(app: morepath.App) -> MTANConfig :classmethod: Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None. .. py:method:: start_activation(request: onegov.core.request.CoreRequest, auth: onegov.user.auth.Auth) -> webob.Response | None Initiates the activation of the second factor. .. py:method:: send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth, mobile_number: str | None = None) -> webob.Response Sends the authentication challenge. The response will be checked in a second step using :meth:`is_valid` .. py:method:: is_valid(request: onegov.core.request.CoreRequest, username: str, mobile_number: str, factor: str) -> bool .. py:class:: TOTPFactor Bases: :py:obj:`TwoStepSecondFactor` Implements a TOTP factor for the :class:`Auth` class. .. py:method:: configure(**cfg: Any) -> Self | None :classmethod: Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor. If the configuration is invalid None will be returned, otherwise a new instance is created. All used configuration values should be popped, not just read. .. py:method:: args_from_app(app: morepath.App) -> TOTPConfig :classmethod: Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None. .. py:method:: send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth, mobile_number: str | None = None) -> webob.Response Sends the authentication challenge. The response will be checked in a second step using :meth:`is_valid` .. py:method:: is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) -> bool