def authenticate( self, email: str, password: str, ldap_connector: 'Connector' = None, ) -> User: """ Authenticate user with email and password, raise AuthenticationFailed if uncorrect. try all auth available in order and raise issue of last auth if all auth failed. :param email: email of the user :param password: cleartext password of the user :param ldap_connector: ldap connector, enable ldap auth if provided :return: User who was authenticated. """ user_auth_type_not_available = AuthenticationFailed( 'Auth mecanism for this user is not activated') for auth_type in self._config.AUTH_TYPES: try: return self._authenticate(email, password, ldap_connector, auth_type=auth_type) except AuthenticationFailed as exc: raise exc except WrongAuthTypeForUser: pass raise user_auth_type_not_available
def authenticate( self, password: str, login: str, ldap_connector: "Connector" = None, ) -> User: """ Authenticate user with email/username and password, raise AuthenticationFailed if incorrect. try all auth available in order and raise issue of last auth if all auth failed. :param login: login or username of the user :param password: cleartext password of the user :param ldap_connector: ldap connector, enable ldap auth if provided :return: User who was authenticated. """ for auth_type in self._config.AUTH_TYPES: try: return self._authenticate( login=login, password=password, ldap_connector=ldap_connector, auth_type=auth_type, ) except AuthenticationFailed as exc: raise exc except WrongAuthTypeForUser: pass raise AuthenticationFailed( "Auth mechanism for this user is not activated")
def _remote_authenticate(self, login: str): """ Authenticate user with login given using remote mechanism, raise AuthenticationFailed if uncorrect. :param login: login of the user :return: User who was authenticated. """ # get existing user user = None if login: try: user = self.get_one_by_login(login) except UserDoesNotExist: pass # try auth try: return self._remote_user_authenticate(user, login) except ( UserDoesNotExist, UserAuthenticatedIsDeleted, UserAuthenticatedIsNotActive, TracimValidationFailed, EmailRequired, ) as exc: raise AuthenticationFailed( 'User "{}" authentication failed'.format(login)) from exc
def remote_authenticate(self, email: str) -> User: """ Remote Authenticate user with email (no password check), raise AuthenticationFailed if uncorrect. raise RemoteUserAuthDisabled if auth remote header is not set """ try: if not self._config.REMOTE_USER_HEADER: raise RemoteUserAuthDisabled( 'Remote User Auth mecanism disabled') return self._remote_authenticate(email) except AuthenticationFailed as exc: raise exc except WrongAuthTypeForUser as exc: raise AuthenticationFailed( 'Auth mecanism for this user is not activated') from exc
def _authenticate( self, email: str, password: str, ldap_connector: 'Connector' = None, auth_type: AuthType = AuthType.INTERNAL, ) -> User: """ Authenticate user with email and password, raise AuthenticationFailed if uncorrect. check only one auth :param email: email of the user :param password: cleartext password of the user :param ldap_connector: ldap connector, enable ldap auth if provided :param auth_type: auth type to test. :return: User who was authenticated. """ # get existing user try: user = self.get_one_by_email(email) except UserDoesNotExist: user = None # try auth try: if auth_type == AuthType.LDAP: if ldap_connector: return self._ldap_authenticate(user, email, password, ldap_connector) raise MissingLDAPConnector() elif auth_type == AuthType.INTERNAL: return self._internal_db_authenticate(user, email, password) else: raise UnknownAuthType() except ( WrongUserPassword, WrongLDAPCredentials, UserDoesNotExist, UserAuthenticatedIsDeleted, UserAuthenticatedIsNotActive, TracimValidationFailed, ) as exc: raise AuthenticationFailed( 'User "{}" authentication failed'.format( email)) from exc # nopep8
def _authenticate( self, password: str, login: str, ldap_connector: "Connector" = None, auth_type: AuthType = AuthType.INTERNAL, ) -> User: """ Authenticate user with email/username and password, raise AuthenticationFailed if incorrect. check only one auth :param login: login of the user :param password: cleartext password of the user :param ldap_connector: ldap connector, enable ldap auth if provided :param auth_type: auth type to test. :return: User who was authenticated. """ user = None try: user = self.get_one_by_login(login) except UserDoesNotExist: pass try: if auth_type == AuthType.LDAP: if ldap_connector: return self._ldap_authenticate(user, login, password, ldap_connector) raise MissingLDAPConnector() elif auth_type == AuthType.INTERNAL: return self._internal_db_authenticate(user, login, password) else: raise UnknownAuthType() except ( EmailRequired, WrongUserPassword, WrongLDAPCredentials, UserDoesNotExist, UserAuthenticatedIsDeleted, UserAuthenticatedIsNotActive, TracimValidationFailed, ) as exc: raise AuthenticationFailed( 'User "{}" authentication failed'.format(login)) from exc
def authenticate_user(self, email: str, password: str) -> User: """ Authenticate user with email and password, raise AuthenticationFailed if uncorrect. :param email: email of the user :param password: cleartext password of the user :return: User who was authenticated. """ try: user = self.get_one_by_email(email) if not user.is_active: raise UserAuthenticatedIsNotActive( 'User "{}" is not active'.format(email)) if user.validate_password(password): return user else: raise WrongUserPassword( 'User "{}" password is incorrect'.format(email)) # nopep8 except (WrongUserPassword, UserDoesNotExist) as exc: raise AuthenticationFailed( 'User "{}" authentication failed'.format( email)) from exc # nopep8
def _remote_authenticate(self, email: str): """ Authenticate user with email given using remote mecanism, raise AuthenticationFailed if uncorrect. :param email: email of the user :return: User who was authenticated. """ # get existing user try: user = self.get_one_by_email(email) except UserDoesNotExist: user = None # try auth try: return self._remote_user_authenticate(user, email) except ( UserDoesNotExist, UserAuthenticatedIsDeleted, UserAuthenticatedIsNotActive, TracimValidationFailed, ) as exc: raise AuthenticationFailed( 'User "{}" authentication failed'.format(email)) from exc