def authenticate(self, session):
'''
@see: IAuthenticationService.authenticate
'''
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self._sessionTimeOut
sql = self.session().query(LoginMapped)
sql = sql.filter(LoginMapped.Session == session)
sql = sql.filter(LoginMapped.AccessedOn > olderThan)
try: login = sql.one()
except NoResultFound: raise InputError(Ref(_('Invalid session'), ref=Login.Session))
assert isinstance(login, LoginMapped), 'Invalid login %s' % login
login.AccessedOn = current_timestamp()
self.session().flush((login,))
self.session().expunge(login)
commitNow()
# We need to fore the commit because if there is an exception while processing the request we need to make
# sure that the last access has been updated.
proc = self._processing
assert isinstance(proc, Processing), 'Invalid processing %s' % proc
solicitation = proc.ctx.solicitation()
assert isinstance(solicitation, Solicitation), 'Invalid solicitation %s' % solicitation
solicitation.userId = login.User
solicitation.types = self.acl.types
chain = Chain(proc)
chain.process(**proc.fillIn(solicitation=solicitation, reply=proc.ctx.reply())).doAll()
reply = chain.arg.reply
assert isinstance(reply, Reply), 'Invalid reply %s' % reply
if reply.gateways is None: return ()
return sorted(reply.gateways, key=lambda gateway: (gateway.Pattern, gateway.Methods))
def authenticate(self, session):
'''
@see: IAuthenticationService.authenticate
'''
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self._sessionTimeOut
sql = self.session().query(LoginMapped)
sql = sql.filter(LoginMapped.Session == session)
sql = sql.filter(LoginMapped.AccessedOn > olderThan)
try: login = sql.one()
except NoResultFound: raise InputError(Ref(_('Invalid session'), ref=Login.Session))
assert isinstance(login, LoginMapped), 'Invalid login %s' % login
login.AccessedOn = current_timestamp()
self.session().flush((login,))
self.session().expunge(login)
commitNow()
# We need to fore the commit because if there is an exception while processing the request we need to make
# sure that the last access has been updated.
userId = str(login.User)
rights = (right.Name for right in self.userRbacService.getRights(login.User))
accesses = self.aclAccessService.accessFor(self.aclAccessService.rightsFor(rights))
allowed = []
for access in accesses:
assert isinstance(access, AclAccess), 'Invalid access %s' % access
for propertyType, mark in access.markers.items():
assert isinstance(propertyType, TypeProperty), 'Invalid property type %s' % propertyType
assert isinstance(propertyType.parent, TypeModel)
if propertyType.parent.clazz == User or issubclass(propertyType.parent.clazz, User):
for k in range(len(access.Filter)): access.Filter[k] = access.Filter[k].replace(mark, userId)
allowed.append(access)
return allowed
def authenticate(self, identifier, attributes, arguments):
'''
@see: IAuthenticationSupport.authenticate
'''
assert isinstance(identifier, str), 'Invalid identifier %s' % identifier
assert isinstance(attributes, dict), 'Invalid attributes %s' % attributes
assert isinstance(arguments, dict), 'Invalid arguments %s' % arguments
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self.sessionTimeOut
sql = self.session().query(LoginMapped)
sql = sql.filter(LoginMapped.Session == identifier)
sql = sql.filter(LoginMapped.AccessedOn > olderThan)
try: login = sql.one()
except NoResultFound: return False
assert isinstance(login, LoginMapped), 'Invalid login %s' % login
login.AccessedOn = current_timestamp()
self.session().flush((login,))
self.session().expunge(login)
commitNow()
# We need to fore the commit because if there is an exception while processing the request we need to make
# sure that the last access has been updated.
for authType in arguments:
assert isinstance(authType, Type), 'Invalid type %s' % authType
if authType == typeFor(User.Id): arguments[authType] = login.User
else: raise DevelError('Invalid authenticated type %s' % authType)
return True
def authenticate(self, identifier, attributes, arguments):
'''
@see: IAuthenticationSupport.authenticate
'''
assert isinstance(identifier,
str), 'Invalid identifier %s' % identifier
assert isinstance(attributes,
dict), 'Invalid attributes %s' % attributes
assert isinstance(arguments, dict), 'Invalid arguments %s' % arguments
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self.sessionTimeOut
sql = self.session().query(LoginMapped)
sql = sql.filter(LoginMapped.Session == identifier)
sql = sql.filter(LoginMapped.AccessedOn > olderThan)
try:
login = sql.one()
except NoResultFound:
return False
assert isinstance(login, LoginMapped), 'Invalid login %s' % login
login.AccessedOn = current_timestamp()
self.session().flush((login, ))
self.session().expunge(login)
commitNow()
# We need to fore the commit because if there is an exception while processing the request we need to make
# sure that the last access has been updated.
for authType in arguments:
assert isinstance(authType, Type), 'Invalid type %s' % authType
if authType == typeFor(User.Id): arguments[authType] = login.User
else: raise DevelError('Invalid authenticated type %s' % authType)
return True
def performLogin(self, authentication):
'''
@see: IAuthenticationService.performLogin
'''
assert isinstance(authentication, Authentication), 'Invalid authentication %s' % authentication
if authentication.Token is None:
raise InputError(Ref(_('The login token is required'), ref=Authentication.Token))
if authentication.HashedToken is None:
raise InputError(Ref(_('The hashed login token is required'), ref=Authentication.HashedToken))
if authentication.UserName is None:
raise InputError(Ref(_('A user name is required for authentication'), ref=Authentication.UserName))
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self._authenticationTimeOut
sql = self.session().query(TokenMapped)
sql = sql.filter(TokenMapped.Token == authentication.Token)
sql = sql.filter(TokenMapped.requestedOn > olderThan)
if sql.delete() > 0:
commitNow() # We make sure that the delete has been performed
try: user = self.session().query(UserMapped).filter(UserMapped.Name == authentication.UserName).filter(UserMapped.DeletedOn == None).one()
except NoResultFound: user = None
if user is not None:
assert isinstance(user, UserMapped), 'Invalid user %s' % user
hashedToken = hmac.new(bytes(user.Name, 'utf8'),
bytes(user.password, 'utf8'), hashlib.sha512).hexdigest()
hashedToken = hmac.new(bytes(hashedToken, 'utf8'),
bytes(authentication.Token, 'utf8'), hashlib.sha512).hexdigest()
if authentication.HashedToken == hashedToken:
hash = hashlib.sha512()
hash.update(urandom(self.authentication_token_size))
login = LoginMapped()
login.Session = hash.hexdigest()
login.User = user.Id
login.CreatedOn = login.AccessedOn = current_timestamp()
try: self.session().add(login)
except SQLAlchemyError as e: handle(e, login)
return login
raise InputError(_('Invalid credentials'))
def authenticate(self, session):
'''
@see: IAuthenticationService.authenticate
'''
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self._sessionTimeOut
sql = self.session().query(LoginMapped)
sql = sql.filter(LoginMapped.Session == session)
sql = sql.filter(LoginMapped.AccessedOn > olderThan)
try:
login = sql.one()
except NoResultFound:
raise InputError(Ref(_('Invalid session'), ref=Login.Session))
assert isinstance(login, LoginMapped), 'Invalid login %s' % login
login.AccessedOn = current_timestamp()
self.session().flush((login, ))
self.session().expunge(login)
commitNow()
# We need to fore the commit because if there is an exception while processing the request we need to make
# sure that the last access has been updated.
proc = self._processing
assert isinstance(proc, Processing), 'Invalid processing %s' % proc
solicitation = proc.ctx.solicitation()
assert isinstance(
solicitation,
Solicitation), 'Invalid solicitation %s' % solicitation
solicitation.userId = login.User
solicitation.types = self.acl.types
chain = Chain(proc)
chain.process(**proc.fillIn(solicitation=solicitation,
reply=proc.ctx.reply())).doAll()
reply = chain.arg.reply
assert isinstance(reply, Reply), 'Invalid reply %s' % reply
if reply.gateways is None: return ()
return sorted(reply.gateways,
key=lambda gateway: (gateway.Pattern, gateway.Methods))
def performLogin(self, authentication):
'''
@see: IAuthenticationService.performLogin
'''
assert isinstance(
authentication,
Authentication), 'Invalid authentication %s' % authentication
if authentication.Token is None:
raise InputError(
Ref(_('The login token is required'),
ref=Authentication.Token))
if authentication.HashedToken is None:
raise InputError(
Ref(_('The hashed login token is required'),
ref=Authentication.HashedToken))
if authentication.UserName is None:
raise InputError(
Ref(_('A user name is required for authentication'),
ref=Authentication.UserName))
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self._authenticationTimeOut
sql = self.session().query(TokenMapped)
sql = sql.filter(TokenMapped.Token == authentication.Token)
sql = sql.filter(TokenMapped.requestedOn > olderThan)
if sql.delete() > 0:
commitNow() # We make sure that the delete has been performed
try:
user = self.session().query(UserMapped).filter(
UserMapped.Name == authentication.UserName).filter(
UserMapped.DeletedOn == None).one()
except NoResultFound:
user = None
if user is not None:
assert isinstance(user, UserMapped), 'Invalid user %s' % user
hashedToken = hmac.new(bytes(user.Name, 'utf8'),
bytes(user.password, 'utf8'),
hashlib.sha512).hexdigest()
hashedToken = hmac.new(bytes(hashedToken, 'utf8'),
bytes(authentication.Token, 'utf8'),
hashlib.sha512).hexdigest()
if authentication.HashedToken == hashedToken:
hash = hashlib.sha512()
hash.update(urandom(self.authentication_token_size))
login = LoginMapped()
login.Session = hash.hexdigest()
login.User = user.Id
login.CreatedOn = login.AccessedOn = current_timestamp()
try:
self.session().add(login)
except SQLAlchemyError as e:
handle(e, login)
return login
raise InputError(_('Invalid credentials'))