def get_auth(handler: tornado.web.RequestHandler):
"""Try to authenticate a request."""
auth_header = handler.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Basic '):
raise ZoeRestAPIException(
'missing or wrong authentication information', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
auth_decoded = base64.decodebytes(bytes(auth_header[6:],
'ascii')).decode('utf-8')
username, password = auth_decoded.split(':', 2)
if get_conf().auth_type == 'text':
authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
elif get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator()
else:
raise ZoeException(
'Configuration error, unknown authentication method: {}'.format(
get_conf().auth_type))
uid, role = authenticator.auth(username, password)
if uid is None:
raise ZoeRestAPIException(
'missing or wrong authentication information', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
return uid, role
def get_auth(handler: tornado.web.RequestHandler):
"""Try to authenticate a request."""
if handler.get_secure_cookie('zoe'):
cookie_val = str(handler.get_secure_cookie('zoe'))
uid, role = cookie_val[2:-1].split('.')
log.debug(
'Authentication done using cookie (user {} from {} for {})'.format(
uid, handler.request.remote_ip, handler.request.path))
if role == "guest":
raise ZoeRestAPIException(
'Guest users cannot use the API, ask for a role upgrade', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
return uid, role
auth_header = handler.request.headers.get('Authorization')
if auth_header is None or not (auth_header.startswith('Basic ')
or auth_header.startswith('Bearer ')):
raise ZoeRestAPIException(
'missing or wrong authentication information', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
# Process for authentication with username, password
else:
auth_decoded = base64.decodebytes(bytes(auth_header[6:],
'ascii')).decode('utf-8')
username, password = auth_decoded.split(':', 2)
if get_conf().auth_type == 'text':
authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
elif get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator(
sasl=False) # type: BaseAuthenticator
elif get_conf().auth_type == 'ldapsasl':
authenticator = LDAPAuthenticator(sasl=True) # type: BaseAuthenticator
else:
raise ZoeException(
'Configuration error, unknown authentication method: {}'.format(
get_conf().auth_type))
uid, role = authenticator.auth(username, password)
if uid is None:
raise ZoeRestAPIException(
'missing or wrong authentication information', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
log.debug(
'Authentication done using auth-mechanism (user {} from {} for {})'.
format(uid, handler.request.remote_ip, handler.request.path))
if role == "guest":
raise ZoeRestAPIException(
'Guest users cannot use the API, ask for a role upgrade', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
return uid, role
def get_auth(handler: tornado.web.RequestHandler):
"""Try to authenticate a request."""
auth_header = handler.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Basic '):
raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8')
username, password = auth_decoded.split(':', 2)
if get_conf().auth_type == 'text':
authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
elif get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator()
else:
raise ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
uid, role = authenticator.auth(username, password)
if uid is None:
raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
return uid, role
def get_auth(handler: ZoeRequestHandler):
"""Try to authenticate a request."""
auth_header = handler.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Basic '):
raise zoe_api.exceptions.ZoeAuthException
auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8')
username, password = auth_decoded.split(':', 2)
if get_conf().auth_type == 'text':
authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
elif get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator()
else:
raise zoe_api.exceptions.ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
uid, role = authenticator.auth(username, password)
if uid is None:
raise zoe_api.exceptions.ZoeAuthException
return uid, role
def get_auth_login(username, password):
"""Authenticate username and password against the configured user store."""
# First of all try to authenticate against a fixed list of users in a text file
try:
authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
uid, role = authenticator.auth(username, password)
return uid, role
except zoe_api.exceptions.ZoeAuthException:
pass
except zoe_api.exceptions.ZoeNotFoundException:
pass
# It it fails, continue with the normal authentication
if get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator(
sasl=False) # type: BaseAuthenticator
elif get_conf().auth_type == 'ldapsasl':
authenticator = LDAPAuthenticator(sasl=True) # type: BaseAuthenticator
else:
raise zoe_api.exceptions.ZoeException(
'Configuration error, unknown authentication method: {}'.format(
get_conf().auth_type))
uid, role = authenticator.auth(username, password)
if uid is None:
raise zoe_api.exceptions.ZoeAuthException
return uid, role
def get_auth(handler: ZoeRequestHandler):
"""Try to authenticate a request."""
auth_header = handler.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Basic '):
raise zoe_api.exceptions.ZoeAuthException
auth_decoded = base64.decodebytes(bytes(auth_header[6:],
'ascii')).decode('utf-8')
username, password = auth_decoded.split(':', 2)
if get_conf().auth_type == 'text':
authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
elif get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator()
else:
raise zoe_api.exceptions.ZoeException(
'Configuration error, unknown authentication method: {}'.format(
get_conf().auth_type))
uid, role = authenticator.auth(username, password)
if uid is None:
raise zoe_api.exceptions.ZoeAuthException
return uid, role
def full_auth(self, username: str, password: str) -> Union[None, User]: # pylint: disable=too-many-return-statements
"""This method verifies the username and the password against one of the external auth sources."""
user = self.state.user.select(only_one=True, **{"username": username})
if user is None or not user.enabled:
return None
if user.auth_source == "textfile" and PlainTextAuthenticator(get_conf().auth_file).auth(username, password):
log.info('User {} authenticated via textfile'.format(user.username))
return user
elif user.auth_source == "ldap" and LDAPAuthenticator(get_conf(), sasl=False).auth(username, password):
log.info('User {} authenticated via ldap'.format(user.username))
return user
elif user.auth_source == "ldap+sasl" and LDAPAuthenticator(get_conf(), sasl=True).auth(username, password):
log.info('User {} authenticated via ldap+sasl'.format(user.username))
return user
elif user.auth_source == "internal" and user.check_password(password):
log.info('User {} authenticated via internal db'.format(user.username))
return user
elif user.auth_source == "pam" and pam_authenticate(username, password):
log.info('User {} authenticated via PAM'.format(user.username))
return user
else:
return None
