def autoLogin(key):
user = check(mode='authkey', password=key)
if not user:
return HTTPError(HTTP_FORBIDDEN, 'Forbidden')
if not user.get('enable', False):
return HTTPError(HTTP_FORBIDDEN, 'Account is disabled')
session_module.create(user)
return user
def autoLogin(key):
user = check(mode='authkey', password=key)
if not user:
return HTTPError(HTTP_FORBIDDEN, 'Forbidden')
if not user.get('enable', False):
return HTTPError(HTTP_FORBIDDEN, 'Account is disabled')
session_module.create(user)
return user
def get():
"""
get the beaker session. If a beaker session dis not exist, check if a basic
auth is present in the request. If the authentication succeed, return a
newly created beaker.session with all the info of the suer. If the
authentication header is invalid return a beaker session with no user.
"""
beaker_sess = request.environ.get('beaker.session', None)
if "user" not in beaker_sess:
# Authorization: Basic
try:
auth_header = request.headers["Authorization"]
except KeyError:
return beaker_sess
auth_header = auth_header.replace("Basic ", "")
try:
auth_header = base64.b64decode(auth_header)
except TypeError as exc:
abort(400, "Authorization headers " + exc.message)
credential = auth_header.split(":", 1)
if len(credential) != 2:
return beaker_sess
username = credential[0]
password = credential[1]
user = get_user(username)
user = check(mode="plain", user=user, password=password)
if not user:
abort(403, 'Forbidden')
if not user.get('enable', False):
abort(403, 'Account is disabled')
beaker_sess["user"] = credential[0]
beaker_sess["auth_on"] = True
beaker_sess.save()
return beaker_sess
def get():
"""
get the beaker session. If a beaker session dis not exist, check if a basic
auth is present in the request. If the authentication succeed, return a
newly created beaker.session with all the info of the suer. If the
authentication header is invalid return a beaker session with no user.
"""
beaker_sess = request.environ.get('beaker.session', None)
if "user" not in beaker_sess:
# Authorization: Basic
try:
auth_header = request.headers["Authorization"]
except KeyError:
return beaker_sess
auth_header = auth_header.replace("Basic ", "")
try:
auth_header = base64.b64decode(auth_header)
except TypeError as exc:
abort(400, "Authorization headers " + exc.message)
credential = auth_header.split(":", 1)
if len(credential) != 2:
return beaker_sess
username = credential[0]
password = credential[1]
user = get_user(username)
user = check(mode="plain", user=user, password=password)
if not user:
abort(403, 'Forbidden')
if not user.get('enable', False):
abort(403, 'Account is disabled')
beaker_sess["user"] = credential[0]
beaker_sess["auth_on"] = True
beaker_sess.save()
return beaker_sess
def auth_route(
username=None, password=None, shadow=False, crypted=False,
json_response=False
):
if not username or not password:
redirect('/?logerror=1')
mode = 'plain'
if shadow:
mode = 'shadow'
if crypted:
mode = 'crypted'
# Try to find user in database
user = rights.get_user(username)
# No such user, or it's an external one
if not user or user.get('external', False):
# Try to redirect authentication to the external backend
if mode == 'plain':
response.status = 307
# canopsis only use the default auth backend
if ws.auth_backends.keys() == ['AuthKeyBackend', u'EnsureAuthenticated']:
location = '/auth/internal'
else:
location = '/auth/external'
response.set_header('Location', location)
response_body = 'username={0}&password={1}'.format(
quote_plus(username),
quote_plus(password))
if json_response:
response_body += '&json_response=True'
return response_body
else:
if json_response:
return gen_json_error({
'description': 'Plain authentication required'
}, HTTP_FORBIDDEN)
else:
redirect('/?logerror=3')
# Local authentication: check if account is activated
if not user.get('enable', False):
if json_response:
return gen_json_error({
'description': 'Account disabled'
}, HTTP_FORBIDDEN)
else:
redirect('/?logerror=2')
user = check(mode=mode, user=user, password=password)
if not user:
if json_response:
return gen_json_error({
'description': 'Wrong login or password'
}, HTTP_FORBIDDEN)
else:
redirect('/?logerror=1')
session.create(user)
if json_response:
return json_auth_success(user)
else:
redirect('/')
def auth_route(username=None,
password=None,
shadow=False,
crypted=False,
json_response=False):
if not username or not password:
redirect('/?logerror=1')
mode = 'plain'
if shadow:
mode = 'shadow'
if crypted:
mode = 'crypted'
# Try to find user in database
user = rights.get_user(username)
# No such user, or it's an external one
if not user or user.get('external', False):
# Try to redirect authentication to the external backend
if mode == 'plain':
response.status = 307
# canopsis only use the default auth backend
if ws.auth_backends.keys() == [
'AuthKeyBackend', u'EnsureAuthenticated'
]:
location = '/auth/internal'
else:
location = '/auth/external'
response.set_header('Location', location)
response_body = 'username={0}&password={1}'.format(
quote_plus(username), quote_plus(password))
if json_response:
response_body += '&json_response=True'
return response_body
else:
if json_response:
return gen_json_error(
{'description': 'Plain authentication required'},
HTTP_FORBIDDEN)
else:
redirect('/?logerror=3')
# Local authentication: check if account is activated
if not user.get('enable', False):
if json_response:
return gen_json_error({'description': 'Account disabled'},
HTTP_FORBIDDEN)
else:
redirect('/?logerror=2')
user = check(mode=mode, user=user, password=password)
if not user:
if json_response:
return gen_json_error(
{'description': 'Wrong login or password'}, HTTP_FORBIDDEN)
else:
redirect('/?logerror=1')
session.create(user)
if json_response:
return json_auth_success(user)
else:
redirect('/')