def authenticate(
self,
email: str,
password: str,
ldap_connector: 'Connector' = None,
) -> User:
"""
Authenticate user with email and password, raise AuthenticationFailed
if uncorrect. try all auth available in order and raise issue of
last auth if all auth failed.
:param email: email of the user
:param password: cleartext password of the user
:param ldap_connector: ldap connector, enable ldap auth if provided
:return: User who was authenticated.
"""
user_auth_type_not_available = AuthenticationFailed(
'Auth mecanism for this user is not activated')
for auth_type in self._config.AUTH_TYPES:
try:
return self._authenticate(email,
password,
ldap_connector,
auth_type=auth_type)
except AuthenticationFailed as exc:
raise exc
except WrongAuthTypeForUser:
pass
raise user_auth_type_not_available
def authenticate(
self,
password: str,
login: str,
ldap_connector: "Connector" = None,
) -> User:
"""
Authenticate user with email/username and password, raise AuthenticationFailed
if incorrect. try all auth available in order and raise issue of
last auth if all auth failed.
:param login: login or username of the user
:param password: cleartext password of the user
:param ldap_connector: ldap connector, enable ldap auth if provided
:return: User who was authenticated.
"""
for auth_type in self._config.AUTH_TYPES:
try:
return self._authenticate(
login=login,
password=password,
ldap_connector=ldap_connector,
auth_type=auth_type,
)
except AuthenticationFailed as exc:
raise exc
except WrongAuthTypeForUser:
pass
raise AuthenticationFailed(
"Auth mechanism for this user is not activated")
def _remote_authenticate(self, login: str):
"""
Authenticate user with login given using remote mechanism,
raise AuthenticationFailed if uncorrect.
:param login: login of the user
:return: User who was authenticated.
"""
# get existing user
user = None
if login:
try:
user = self.get_one_by_login(login)
except UserDoesNotExist:
pass
# try auth
try:
return self._remote_user_authenticate(user, login)
except (
UserDoesNotExist,
UserAuthenticatedIsDeleted,
UserAuthenticatedIsNotActive,
TracimValidationFailed,
EmailRequired,
) as exc:
raise AuthenticationFailed(
'User "{}" authentication failed'.format(login)) from exc
def remote_authenticate(self, email: str) -> User:
"""
Remote Authenticate user with email (no password check),
raise AuthenticationFailed if uncorrect.
raise RemoteUserAuthDisabled if auth remote header is not set
"""
try:
if not self._config.REMOTE_USER_HEADER:
raise RemoteUserAuthDisabled(
'Remote User Auth mecanism disabled')
return self._remote_authenticate(email)
except AuthenticationFailed as exc:
raise exc
except WrongAuthTypeForUser as exc:
raise AuthenticationFailed(
'Auth mecanism for this user is not activated') from exc
def _authenticate(
self,
email: str,
password: str,
ldap_connector: 'Connector' = None,
auth_type: AuthType = AuthType.INTERNAL,
) -> User:
"""
Authenticate user with email and password, raise AuthenticationFailed
if uncorrect. check only one auth
:param email: email of the user
:param password: cleartext password of the user
:param ldap_connector: ldap connector, enable ldap auth if provided
:param auth_type: auth type to test.
:return: User who was authenticated.
"""
# get existing user
try:
user = self.get_one_by_email(email)
except UserDoesNotExist:
user = None
# try auth
try:
if auth_type == AuthType.LDAP:
if ldap_connector:
return self._ldap_authenticate(user, email, password,
ldap_connector)
raise MissingLDAPConnector()
elif auth_type == AuthType.INTERNAL:
return self._internal_db_authenticate(user, email, password)
else:
raise UnknownAuthType()
except (
WrongUserPassword,
WrongLDAPCredentials,
UserDoesNotExist,
UserAuthenticatedIsDeleted,
UserAuthenticatedIsNotActive,
TracimValidationFailed,
) as exc:
raise AuthenticationFailed(
'User "{}" authentication failed'.format(
email)) from exc # nopep8
def _authenticate(
self,
password: str,
login: str,
ldap_connector: "Connector" = None,
auth_type: AuthType = AuthType.INTERNAL,
) -> User:
"""
Authenticate user with email/username and password, raise AuthenticationFailed
if incorrect. check only one auth
:param login: login of the user
:param password: cleartext password of the user
:param ldap_connector: ldap connector, enable ldap auth if provided
:param auth_type: auth type to test.
:return: User who was authenticated.
"""
user = None
try:
user = self.get_one_by_login(login)
except UserDoesNotExist:
pass
try:
if auth_type == AuthType.LDAP:
if ldap_connector:
return self._ldap_authenticate(user, login, password,
ldap_connector)
raise MissingLDAPConnector()
elif auth_type == AuthType.INTERNAL:
return self._internal_db_authenticate(user, login, password)
else:
raise UnknownAuthType()
except (
EmailRequired,
WrongUserPassword,
WrongLDAPCredentials,
UserDoesNotExist,
UserAuthenticatedIsDeleted,
UserAuthenticatedIsNotActive,
TracimValidationFailed,
) as exc:
raise AuthenticationFailed(
'User "{}" authentication failed'.format(login)) from exc
def authenticate_user(self, email: str, password: str) -> User:
"""
Authenticate user with email and password, raise AuthenticationFailed
if uncorrect.
:param email: email of the user
:param password: cleartext password of the user
:return: User who was authenticated.
"""
try:
user = self.get_one_by_email(email)
if not user.is_active:
raise UserAuthenticatedIsNotActive(
'User "{}" is not active'.format(email))
if user.validate_password(password):
return user
else:
raise WrongUserPassword(
'User "{}" password is incorrect'.format(email)) # nopep8
except (WrongUserPassword, UserDoesNotExist) as exc:
raise AuthenticationFailed(
'User "{}" authentication failed'.format(
email)) from exc # nopep8
def _remote_authenticate(self, email: str):
"""
Authenticate user with email given using remote mecanism,
raise AuthenticationFailed if uncorrect.
:param email: email of the user
:return: User who was authenticated.
"""
# get existing user
try:
user = self.get_one_by_email(email)
except UserDoesNotExist:
user = None
# try auth
try:
return self._remote_user_authenticate(user, email)
except (
UserDoesNotExist,
UserAuthenticatedIsDeleted,
UserAuthenticatedIsNotActive,
TracimValidationFailed,
) as exc:
raise AuthenticationFailed(
'User "{}" authentication failed'.format(email)) from exc
