user.auth.second_factor

Attributes

SECOND_FACTORS

Classes

`YubikeyConfig`	dict() -> new empty dictionary
`SecondFactor`	Base class and registry for secondary auth factors.
`SingleStepSecondFactor`	Base class for single step secondary auth factors.
`TwoStepSecondFactor`	Base class for two step secondary auth factors.
`YubikeyFactor`	Implements a yubikey factor for the `Auth` class.
`MTANFactor`	Implements a mTAN factor for the `Auth` class.
`TOTPFactor`	Implements a TOTP factor for the `Auth` class.

Module Contents

class user.auth.second_factor.YubikeyConfig[source]

Bases: TypedDict

dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object’s

(key, value) pairs

dict(iterable) -> new dictionary initialized as if via:: d = {} for k, v in iterable:

d[k] = v
dict(**kwargs) -> new dictionary initialized with the name=value pairs: in the keyword argument list. For example: dict(one=1, two=2)

yubikey_client_id: str | None[source]

yubikey_secret_key: str | None[source]

user.auth.second_factor.SECOND_FACTORS: dict[str, type[AnySecondFactor]][source]

class user.auth.second_factor.SecondFactor[source]

Base class and registry for secondary auth factors.

__slots__ = ()[source]

type: ClassVar[str][source]

self_activation: bool = False[source]

classmethod __init_subclass__(type: str | None = None, **kwargs: Any)[source]

classmethod configure(**cfg: Any) → Self | None[source]

Abstractmethod:

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) → Mapping[str, Any][source]

Abstractmethod:

Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

start_activation(request: onegov.core.request.CoreRequest, auth: onegov.user.auth.Auth) → Response | None[source]: Initiates the activation of the second factor.

complete_activation(user: onegov.user.User, factor: Any) → None[source]: Completes the activation of the second factor.

class user.auth.second_factor.SingleStepSecondFactor[source]

Bases: SecondFactor

Base class for single step secondary auth factors.

Second factors may be eagerly available like a TOTP, so we can ask for it in the initial login form, rather than in a second step.

kind: ClassVar[Literal['single_step']] = 'single_step'[source]

abstract is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) → bool[source]: Returns true if the given factor is valid for the given user-specific configuration. This is the value stored on the user in the second_factor column.

class user.auth.second_factor.TwoStepSecondFactor[source]

Bases: SecondFactor

Base class for two step secondary auth factors.

Second factors may involve a challenge response step like sending a token to a mobile device.

kind: ClassVar[Literal['two_step']] = 'two_step'[source]

abstract send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth) → webob.Response[source]

Sends the authentication challenge.

The response will be checked in a second step using is_valid()

class user.auth.second_factor.YubikeyFactor(yubikey_client_id: str, yubikey_secret_key: str)[source]

Bases: SingleStepSecondFactor

Implements a yubikey factor for the Auth class.

__slots__ = ('yubikey_client_id', 'yubikey_secret_key')[source]

yubikey_client_id[source]

yubikey_secret_key[source]

classmethod configure(**cfg: Any) → Self | None[source]

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) → YubikeyConfig[source]: Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) → bool[source]: Returns true if the given factor is valid for the given user-specific configuration. This is the value stored on the user in the second_factor column.

class user.auth.second_factor.MTANFactor(mtan_automatic_setup: bool)[source]

Bases: TwoStepSecondFactor

Implements a mTAN factor for the Auth class.

__slots__ = ('self_activation',)[source]

self_activation[source]

classmethod configure(**cfg: Any) → Self | None[source]

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) → MTANConfig[source]: Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

start_activation(request: onegov.core.request.CoreRequest, auth: onegov.user.auth.Auth) → Response | None[source]: Initiates the activation of the second factor.

send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth, mobile_number: str | None = None) → webob.Response[source]

Sends the authentication challenge.

The response will be checked in a second step using is_valid()

is_valid(request: onegov.core.request.CoreRequest, username: str, mobile_number: str, factor: str) → bool[source]

class user.auth.second_factor.TOTPFactor[source]

Bases: TwoStepSecondFactor

Implements a TOTP factor for the Auth class.

classmethod configure(**cfg: Any) → Self | None[source]

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) → TOTPConfig[source]: Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth, mobile_number: str | None = None) → webob.Response[source]

Sends the authentication challenge.

The response will be checked in a second step using is_valid()

is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) → bool[source]