def _bonafide_auth(self, user, password):
srp_provider = Api(self._leap_provider.api_uri)
credentials = Credentials(user, password)
self.bonafide_session = Session(credentials, srp_provider,
self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate()
returnValue(
Authentication(user, self.bonafide_session.token,
self.bonafide_session.uuid, 'session_id',
{'is_admin': False}))
def _get_config_for_all_services(self, session):
if session is None:
provider_cert = self._get_ca_cert_path()
session = Session(Anonymous(), self.api_uri, provider_cert)
services_dict = self._load_provider_configs()
configs_path = self._get_configs_path()
with open(configs_path) as jsonf:
services_dict = Record(**json.load(jsonf)).services
pending = []
base = self._disco.get_base_uri()
for service in self._provider_config.services:
if service in self.SERVICES_MAP.keys():
for subservice in self.SERVICES_MAP[service]:
uri = base + str(services_dict[subservice])
path = self._get_service_config_path(subservice)
d = session.fetch_provider_configs(uri, path, method='GET')
pending.append(d)
return defer.gatherResults(pending)
def _bonafide_auth(self, user, password):
srp_provider = Api(self._leap_provider.api_uri)
credentials = Credentials(user, password)
self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate()
returnValue(Authentication(user,
self.bonafide_session.token,
self.bonafide_session.uuid,
'session_id',
{'is_admin': False}))
def test_recovery_code_creation(self, mock_http_request, mock_cookie_agent,
mock_is_authenticated):
api = Api('https://api.test:4430')
credentials = UsernamePassword('username', 'password')
mock_is_authenticated.return_value = True
session = Session(credentials, api, 'fake path')
session._uuid = '123'
response = yield session.update_recovery_code('RECOVERY_CODE')
mock_http_request.assert_called_with(
ANY,
'https://api.test:4430/1/users/123',
method='PUT',
token=None,
values={
'user[recovery_code_salt]': ANY,
'user[recovery_code_verifier]': ANY
})
def _get_session(self, provider, full_id, password=""):
if full_id in self._sessions:
return self._sessions[full_id]
# TODO if password/username null, then pass AnonymousCreds
username, provider_id = config.get_username_and_provider(full_id)
credentials = UsernamePassword(username, password)
api = self._get_api(provider)
provider_pem = _get_provider_ca_path(provider_id)
session = Session(credentials, api, provider_pem)
self._sessions[full_id] = session
return session
def _get_or_create_session(self, provider, full_id, password=""):
if full_id in self._sessions:
return self._sessions[full_id]
if full_id == ANONYMOUS:
credentials = Anonymous()
provider_id = provider.domain
else:
username, provider_id = config.get_username_and_provider(full_id)
credentials = UsernamePassword(username, password)
api = self._get_api(provider)
provider_pem = config.get_ca_cert_path(_preffix, provider_id)
session = Session(credentials, api, provider_pem)
self._sessions[full_id] = session
return session
class Authenticator(object):
def __init__(self, leap_provider):
self._leap_provider = leap_provider
self.domain = leap_provider.server_name
self.bonafide_session = None
@inlineCallbacks
def authenticate(self, username, password):
username = self.clean_username(username)
auth = yield self._srp_auth(username, password)
returnValue(auth)
@inlineCallbacks
def _srp_auth(self, username, password):
try:
auth = yield self._bonafide_auth(username, password)
except SRPAuthError:
raise UnauthorizedLogin(
"User typed wrong password/username combination.")
returnValue(auth)
@inlineCallbacks
def _bonafide_auth(self, user, password):
srp_provider = Api(self._leap_provider.api_uri)
credentials = Credentials(user, password)
self.bonafide_session = Session(credentials, srp_provider,
self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate()
returnValue(
Authentication(user, self.bonafide_session.token,
self.bonafide_session.uuid, 'session_id',
{'is_admin': False}))
def clean_username(self, username):
if '@' not in username:
return username
extracted_username = self.extract_username(username)
if self.username_with_domain(extracted_username) == username:
return extracted_username
raise UnauthorizedLogin('User typed a wrong domain.')
def extract_username(self, username):
return re.search('^([^@]+)@?.*$', username).group(1)
def username_with_domain(self, username):
return '%s@%s' % (username, self.domain)
class Authenticator(object):
def __init__(self, leap_provider):
self._leap_provider = leap_provider
self.domain = leap_provider.server_name
self.bonafide_session = None
@inlineCallbacks
def authenticate(self, username, password):
username = self.clean_username(username)
auth = yield self._srp_auth(username, password)
returnValue(auth)
@inlineCallbacks
def _srp_auth(self, username, password):
try:
auth = yield self._bonafide_auth(username, password)
except SRPAuthError:
raise UnauthorizedLogin("User typed wrong password/username combination.")
returnValue(auth)
@inlineCallbacks
def _bonafide_auth(self, user, password):
srp_provider = Api(self._leap_provider.api_uri)
credentials = Credentials(user, password)
self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate()
returnValue(Authentication(user,
self.bonafide_session.token,
self.bonafide_session.uuid,
'session_id',
{'is_admin': False}))
def clean_username(self, username):
if '@' not in username:
return username
extracted_username = self.extract_username(username)
if self.username_with_domain(extracted_username) == username:
return extracted_username
raise UnauthorizedLogin('User typed a wrong domain.')
def extract_username(self, username):
return re.search('^([^@]+)@?.*$', username).group(1)
def username_with_domain(self, username):
return '%s@%s' % (username, self.domain)
def _bonafide_session(username, password, provider):
srp_provider = Api(provider.api_uri)
credentials = Credentials(username, password)
return Session(credentials, srp_provider, provider.local_ca_crt)
def _get_leap_session(credentials):
session = Session(credentials)
d = session.authenticate()
d.addCallback(lambda _: session)
return d