def change_credentials(self, handler, credentials):
"""
Change credentials. Return true when credentials changed
"""
c = credentials.copy()
for f in self.HIDDEN_FIELDS:
if f in c:
c[f] = "***"
r = False
for method in self.iter_methods():
bc = BaseAuthBackend.get_backend(method)
if not bc:
self.logger.error("Cannot initialize backend '%s'", method)
continue
backend = bc(self)
self.logger.info("Changing credentials %s using method %s", c, method)
try:
backend.change_credentials(**credentials)
r = True
except NotImplementedError:
continue
except backend.LoginError as e:
self.logger.error("Failed to change credentials for %s: %s", c, e)
self.logger.info("Changed user credentials: %s", c)
return r
def authenticate(self, handler, credentials):
"""
Authenticate user. Returns True when user is authenticated
"""
c = credentials.copy()
for f in self.HIDDEN_FIELDS:
if f in c:
c[f] = "***"
le = "No active auth methods"
for method in self.iter_methods():
bc = BaseAuthBackend.get_backend(method)
if not bc:
self.logger.error("Cannot initialize backend '%s'", method)
continue
backend = bc(self)
self.logger.info("Authenticating credentials %s using method %s",
c, method)
try:
user = backend.authenticate(**credentials)
metrics["auth_try", ("method", method)] += 1
except backend.LoginError as e:
self.logger.info("[%s] Login Error: %s", method, e)
metrics["auth_fail", ("method", method)] += 1
le = str(e)
continue
self.logger.info("Authorized credentials %s as user %s", c, user)
metrics["auth_success", ("method", method)] += 1
# Set cookie
handler.set_secure_cookie("noc_user",
user,
expires_days=config.login.session_ttl)
return True
self.logger.error("Login failed for %s: %s", c, le)
return False
def handle(self, backend, user, password, *args, **kwargs):
if not password:
password = getpass.getpass()
backend = BaseAuthBackend.get_backend(backend)
auth = backend(None)
try:
auth.authenticate(user=user, password=password)
except backend.LoginError as e:
self.die("Failed to login: %s" % e)
self.print("Login successful")