def _authenticate_user(self, login_bundle, max_age):
"""Return user if valid, otherwise raise Fault."""
user = get_user_database().authenticate_user(
login_bundle.get('username'),
login_bundle.get('passdigest'),
login_bundle.get('created'),
login_bundle.get('nonce'),
max_age,
)
if user:
# require atom authentication. authenticate_user will return
# user if correct plaintext password is used, which we don't want
# to allow
if not self.require_atom or qon.atom.valid_password_digest(
user.get_password_hash(),
login_bundle.get('passdigest'),
login_bundle.get('created'),
login_bundle.get('nonce'),
max_age):
# valid user, other access checks
self._attempt_record_ip(user)
if not user.user_agreement_accepted():
raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'Must accept User Agreement')
if user.is_disabled():
raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'Login disabled')
return user
raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'Invalid login')
def _create_login_bundle(self, user):
"""Given a user, return a login_bundle for the user."""
(digest, creation, nonce) = qon.atom.create_password_digest(user.get_password_hash())
atom_tag = atom_id(user)
return dict(
username=user.get_user_id(),
passdigest=digest,
created=creation,
nonce=nonce,
atom_tag=atom_tag,
)
