def authenticate(self, request):
user = self._internal_auth(request)
is_bootstrap_admin = user and user.is_bootstrap_admin
if self.external_auth_configured \
and not is_bootstrap_admin \
and not self.token_based_auth:
self.logger.debug('using external auth')
user = user_handler.get_user_from_auth(request.authorization)
response = self.external_auth.authenticate(request, user)
if isinstance(response, Response):
return response
user = response
if not user:
raise NoAuthProvided()
self.logger.debug('Authenticated user: {0}'.format(user))
if request.authorization:
# Reset the counter only when using basic authentication
# (User + Password), otherwise the counter will be reset on
# every UI refresh (every 4 sec) and accounts won't be locked.
user.failed_logins_counter = 0
now = datetime.now()
if not user.last_login_at:
user.first_login_at = now
user.last_login_at = now
user_datastore.commit()
return user
def _internal_auth(self, request):
user = None
auth = request.authorization
token = user_handler.get_token_from_request(request)
api_token = user_handler.get_api_token_from_request(request)
execution_token = get_execution_token_from_request(request)
self.token_based_auth = token or api_token or execution_token
if auth: # Basic authentication (User + Password)
user = user_handler.get_user_from_auth(auth)
self._check_if_user_is_locked(user, auth)
user = self._authenticate_password(user, auth)
elif execution_token: # Execution Token authentication
user = self._authenticate_execution_token()
elif token: # Token authentication
user = self._authenticate_token(token)
elif api_token: # API token authentication
user, user_token_key = user_handler.extract_api_token(api_token)
if not user or user.api_token_key != user_token_key:
raise UnauthorizedError('API token authentication failed')
return user
def _internal_auth(self, request):
user = None
auth = request.authorization
token = user_handler.get_token_from_request(request)
api_token = user_handler.get_api_token_from_request(request)
execution_token = get_execution_token_from_request(request)
self.token_based_auth = token or api_token or execution_token
if auth: # Basic authentication (User + Password)
user = user_handler.get_user_from_auth(auth)
self._check_if_user_is_locked(user, auth)
user = self._authenticate_password(user, auth)
elif execution_token: # Execution Token authentication
user = self._authenticate_execution_token()
elif token: # Token authentication
user = self._authenticate_token(token)
elif api_token: # API token authentication
user, user_token_key = user_handler.extract_api_token(api_token)
if not user or user.api_token_key != user_token_key:
raise_unauthorized_user_error(
'API token authentication failed')
return user
def authenticate(self, request):
user = self._internal_auth(request)
is_bootstrap_admin = user and user.is_bootstrap_admin
if self.external_auth_configured \
and not is_bootstrap_admin \
and not self.token_based_auth:
self.logger.debug('using external auth')
user = user_handler.get_user_from_auth(request.authorization)
response = self.external_auth.authenticate(request, user)
if isinstance(response, Response):
return response
user = response
if not user:
raise_unauthorized_user_error('No authentication info provided')
self.logger.debug('Authenticated user: {0}'.format(user))
if request.authorization:
# Reset the counter only when using basic authentication
# (User + Password), otherwise the counter will be reset on
# every UI refresh (every 4 sec) and accounts won't be locked.
user.failed_logins_counter = 0
user.last_login_at = datetime.now()
user_datastore.commit()
return user