def login_receiver(store, username, password):
"""
This login receiver need to collect also the amount of unsuccessful
consecutive logins, because this element may bring to password lockdown.
"""
receiver_user = store.find(User, User.username == username).one()
if not receiver_user or receiver_user.role != 'receiver':
log.debug("Receiver: Fail auth, username %s do not exists" % username)
return False
if not security.check_password(password, receiver_user.password, receiver_user.salt):
receiver_user.failed_login_count += 1
log.debug("Receiver login: Invalid password (failed: %d)" % receiver_user.failed_login_count)
if username in GLSetting.failed_login_attempts:
GLSetting.failed_login_attempts[username] += 1
else:
GLSetting.failed_login_attempts[username] = 1
return False
else:
log.debug("Receiver: Authorized receiver %s" % username)
receiver_user.last_login = datetime_now()
receiver = store.find(Receiver, (Receiver.user_id == receiver_user.id)).one()
return receiver.id
def login(store, username, password, using_tor2web):
"""
login returns a tuple (user_id, state, pcn)
"""
user = store.find(
User, And(User.username == username, User.state != u'disabled')).one()
if not user or not security.check_password(password, user.salt,
user.password):
log.debug("Login: Invalid credentials")
GLSettings.failed_login_attempts += 1
raise errors.InvalidAuthentication
if using_tor2web and not GLSettings.memory_copy.accept_tor2web_access[
user.role]:
log.err("Denied login request on Tor2web for role '%s'" % user.role)
raise errors.TorNetworkRequired
else:
log.debug("Accepted login request on Tor2web for role '%s'" %
user.role)
log.debug("Login: Success (%s)" % user.role)
user.last_login = datetime_now()
store.commit(
) # the transact was read only! on success we apply the commit()
return user.id, user.state, user.role, user.password_change_needed
def test_valid_password(self):
dummy_password = dummy_salt_input = \
"http://blog.transparency.org/wp-content/uploads/2010/05/A2_Whistelblower_poster.jpg"
dummy_salt = get_salt(dummy_salt_input)
hashed_once = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
hashed_twice = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
self.assertTrue(hashed_once, hashed_twice)
self.assertTrue(check_password(dummy_password, hashed_once, dummy_salt_input))
def test_003_valid_password(self):
dummy_password = dummy_salt_input = \
"http://blog.transparency.org/wp-content/uploads/2010/05/A2_Whistelblower_poster.jpg"
dummy_salt = get_salt(dummy_salt_input)
hashed_once = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
hashed_twice = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
self.assertTrue(hashed_once, hashed_twice)
self.assertTrue(check_password(dummy_password, hashed_once, dummy_salt_input))
def login(store, username, password, role):
"""
login returns a tuple (user_id, state, pcn)
"""
user = store.find(User, And(User.username == username,
User.role == role,
User.state != u'disabled')).one()
if not user or not security.check_password(password, user.password, user.salt):
log.debug("Login: Invalid credentials (%s)" % role)
return None, None, None
log.debug("Login: Success (%s)" % role)
user.last_login = utility.datetime_now()
store.commit() # the transact was read only! on success we apply the commit()
return user.id, user.state, user.password_change_needed
def login_admin(store, username, password):
"""
login_admin returns a tuple (user_id, state, pcn)
"""
user = store.find(
User,
And(User.username == username, User.role == u'admin',
User.state != u'disabled')).one()
if not user or not security.check_password(password, user.password,
user.salt):
log.debug("Admin login: Invalid credentials")
return False, None, None
log.debug("Admin login: Authorized admin")
user.last_login = utility.datetime_now()
store.commit(
) # the transact was read only! on success we apply the commit()
return user.id, user.state, user.password_change_needed
def login_admin(store, username, password):
"""
login_admin return the 'username' of the administrator
"""
admin_user = store.find(User, User.username == username).one()
if not admin_user or admin_user.role != 'admin':
log.debug("Receiver: Fail auth, username %s do not exists" % username)
return False
if not security.check_password(password, admin_user.password, admin_user.salt):
log.debug("Admin login: Invalid password")
return False
else:
log.debug("Admin: Authorized admin %s" % username)
admin_user.last_login = utility.datetime_now()
store.commit() # the transact was read only! on success we apply the commit()
return username
def login_admin(store, username, password):
admin_user = store.find(User, User.username == username).one()
if not admin_user or admin_user.role != 'admin':
log.debug("Receiver: Fail auth, username %s do not exists" % username)
return False
if not security.check_password(password, admin_user.password, admin_user.salt):
admin_user.failed_login_count += 1
log.debug("Admin login: Invalid password (failed: %d)" % admin_user.failed_login_count)
if username in GLSetting.failed_login_attempts:
GLSetting.failed_login_attempts[username] += 1
else:
GLSetting.failed_login_attempts[username] = 1
return False
else:
log.debug("Admin: Authorized receiver %s" % username)
admin_user.last_login = datetime_now()
return username
def login(store, username, password, using_tor2web):
"""
login returns a tuple (user_id, state, pcn)
"""
user = store.find(User, And(User.username == username,
User.state != u'disabled')).one()
if not user or not security.check_password(password, user.salt, user.password):
log.debug("Login: Invalid credentials")
GLSettings.failed_login_attempts += 1
raise errors.InvalidAuthentication
if using_tor2web and not GLSettings.memory_copy.accept_tor2web_access[user.role]:
log.err("Denied login request on Tor2web for role '%s'" % user.role)
raise errors.TorNetworkRequired
else:
log.debug("Accepted login request on Tor2web for role '%s'" % user.role)
log.debug("Login: Success (%s)" % user.role)
user.last_login = datetime_now()
return user.id, user.state, user.role, user.password_change_needed
def login(store, username, password, client_using_tor):
"""
login returns a tuple (user_id, state, pcn)
"""
user = store.find(
User, And(User.username == username, User.state != u'disabled')).one()
if not user or not security.check_password(password, user.salt,
user.password):
log.debug("Login: Invalid credentials")
Settings.failed_login_attempts += 1
raise errors.InvalidAuthentication
if not client_using_tor and not State.tenant_cache[
1].accept_tor2web_access[user.role]:
log.err("Denied login request over Web for role '%s'" % user.role)
raise errors.TorNetworkRequired
log.debug("Login: Success (%s)" % user.role)
user.last_login = datetime_now()
return user.id, user.state, user.role, user.password_change_needed
def login_receiver(store, username, password):
"""
This login receiver need to collect also the amount of unsuccessful
consecutive logins, because this element may bring to password lockdown.
login_receiver return the receiver.id
"""
receiver_user = store.find(User, User.username == username).one()
if not receiver_user or receiver_user.role != 'receiver':
log.debug("Receiver: Fail auth, username %s do not exists" % username)
return False
if not security.check_password(password, receiver_user.password, receiver_user.salt):
log.debug("Receiver login: Invalid password")
return False
else:
log.debug("Receiver: Authorized receiver %s" % username)
receiver_user.last_login = utility.datetime_now()
receiver = store.find(Receiver, (Receiver.user_id == receiver_user.id)).one()
store.commit() # the transact was read only! on success we apply the commit()
return receiver.id
def login_receiver(store, receiver_id, password):
"""
This login receiver need to collect also the amount of unsuccessful
consecutive logins, because this element may bring to password lockdown.
login_receivers returns a tuple (receiver_id, state, pcn)
"""
receiver = store.find(Receiver, (Receiver.id == receiver_id)).one()
if not receiver or \
receiver.user.role != u'receiver' or \
receiver.user.state == u'disabled' or \
not security.check_password(password,
receiver.user.password,
receiver.user.salt):
log.debug("Receiver login: Invalid credentials")
return False, None, None
log.debug("Receiver login: Authorized receiver")
receiver.user.last_login = utility.datetime_now()
store.commit() # the transact was read only! on success we apply the commit()
return receiver.id, receiver.user.state, receiver.user.password_change_needed
def login_receiver(store, receiver_id, password):
"""
This login receiver need to collect also the amount of unsuccessful
consecutive logins, because this element may bring to password lockdown.
login_receivers returns a tuple (receiver_id, state, pcn)
"""
receiver = store.find(Receiver, (Receiver.id == receiver_id)).one()
if not receiver or \
receiver.user.role != u'receiver' or \
receiver.user.state == u'disabled' or \
not security.check_password(password,
receiver.user.password,
receiver.user.salt):
log.debug("Receiver login: Invalid credentials")
return False, None, None
log.debug("Receiver login: Authorized receiver")
receiver.user.last_login = utility.datetime_now()
store.commit(
) # the transact was read only! on success we apply the commit()
return receiver.id, receiver.user.state, receiver.user.password_change_needed
