user.auth.second_factor

Attributes

SECOND_FACTORS

Classes

YubikeyConfig

dict() -> new empty dictionary

SecondFactor

Base class and registry for secondary auth factors.

SingleStepSecondFactor

Base class for single step secondary auth factors.

TwoStepSecondFactor

Base class for two step secondary auth factors.

YubikeyFactor

Implements a yubikey factor for the Auth class.

MTANFactor

Implements a mTAN factor for the Auth class.

TOTPFactor

Implements a TOTP factor for the Auth class.

Module Contents

class user.auth.second_factor.YubikeyConfig[source]

Bases: TypedDict

dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object’s

(key, value) pairs

dict(iterable) -> new dictionary initialized as if via:

d = {} for k, v in iterable:

d[k] = v

dict(**kwargs) -> new dictionary initialized with the name=value pairs

in the keyword argument list. For example: dict(one=1, two=2)

yubikey_client_id: str | None[source]
yubikey_secret_key: str | None[source]
user.auth.second_factor.SECOND_FACTORS: dict[str, type[AnySecondFactor]][source]
class user.auth.second_factor.SecondFactor[source]

Base class and registry for secondary auth factors.

__slots__ = ()[source]
type: ClassVar[str][source]
self_activation: bool = False[source]
classmethod __init_subclass__(type: str | None = None, **kwargs: Any)[source]
classmethod configure(**cfg: Any) Self | None[source]
Abstractmethod:

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) Mapping[str, Any][source]
Abstractmethod:

Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

start_activation(request: onegov.core.request.CoreRequest, auth: onegov.user.auth.Auth) Response | None[source]

Initiates the activation of the second factor.

complete_activation(user: onegov.user.User, factor: Any) None[source]

Completes the activation of the second factor.

class user.auth.second_factor.SingleStepSecondFactor[source]

Bases: SecondFactor

Base class for single step secondary auth factors.

Second factors may be eagerly available like a TOTP, so we can ask for it in the initial login form, rather than in a second step.

kind: ClassVar[Literal['single_step']] = 'single_step'[source]
abstract is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) bool[source]

Returns true if the given factor is valid for the given user-specific configuration. This is the value stored on the user in the second_factor column.

class user.auth.second_factor.TwoStepSecondFactor[source]

Bases: SecondFactor

Base class for two step secondary auth factors.

Second factors may involve a challenge response step like sending a token to a mobile device.

kind: ClassVar[Literal['two_step']] = 'two_step'[source]
abstract send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth) webob.Response[source]

Sends the authentication challenge.

The response will be checked in a second step using is_valid()

class user.auth.second_factor.YubikeyFactor(yubikey_client_id: str, yubikey_secret_key: str)[source]

Bases: SingleStepSecondFactor

Implements a yubikey factor for the Auth class.

__slots__ = ('yubikey_client_id', 'yubikey_secret_key')[source]
yubikey_client_id[source]
yubikey_secret_key[source]
classmethod configure(**cfg: Any) Self | None[source]

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) YubikeyConfig[source]

Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) bool[source]

Returns true if the given factor is valid for the given user-specific configuration. This is the value stored on the user in the second_factor column.

class user.auth.second_factor.MTANFactor(mtan_automatic_setup: bool)[source]

Bases: TwoStepSecondFactor

Implements a mTAN factor for the Auth class.

__slots__ = ('self_activation',)[source]
self_activation[source]
classmethod configure(**cfg: Any) Self | None[source]

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) MTANConfig[source]

Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

start_activation(request: onegov.core.request.CoreRequest, auth: onegov.user.auth.Auth) Response | None[source]

Initiates the activation of the second factor.

send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth, mobile_number: str | None = None) webob.Response[source]

Sends the authentication challenge.

The response will be checked in a second step using is_valid()

is_valid(request: onegov.core.request.CoreRequest, username: str, mobile_number: str, factor: str) bool[source]
class user.auth.second_factor.TOTPFactor[source]

Bases: TwoStepSecondFactor

Implements a TOTP factor for the Auth class.

classmethod configure(**cfg: Any) Self | None[source]

Initialises the auth factor using a dictionary that may or may not contain the configuration values necessary for the auth factor.

If the configuration is invalid None will be returned, otherwise a new instance is created.

All used configuration values should be popped, not just read.

classmethod args_from_app(app: morepath.App) TOTPConfig[source]

Copies the required configuration values from the app, returning a dictionary with all keys present. The values should be either the ones from the application or None.

send_challenge(request: onegov.core.request.CoreRequest, user: onegov.user.User, auth: onegov.user.auth.Auth, mobile_number: str | None = None) webob.Response[source]

Sends the authentication challenge.

The response will be checked in a second step using is_valid()

is_valid(request: onegov.core.request.CoreRequest, user: onegov.user.User, factor: str) bool[source]