def get_authenticated_account(self):
from r2.models import Account, NotFound, register
try:
authorization = request.environ.get("HTTP_AUTHORIZATION")
username, password = parse_http_basic(authorization)
except RequirementException:
return None
try:
account = Account._by_name(username)
except NotFound:
if g.auth_trust_http_authorization:
# note: we're explicitly allowing automatic re-registration of
# _deleted accounts and login of _banned accounts here because
# we're trusting you know what you're doing in an SSO situation
account = register(username, password, request.ip)
else:
return None
# if we're to trust the authorization headers, don't check passwords
if g.auth_trust_http_authorization:
return account
# not all systems support bcrypt in the standard crypt
if account.password.startswith("$2a$"):
expected_hash = bcrypt.hashpw(password, account.password)
else:
expected_hash = crypt.crypt(password, account.password)
if not constant_time_compare(expected_hash, account.password):
return None
return account
def ensure_account(name):
"""Look up or register an account and return it."""
try:
account = Account._by_name(name)
print ">> found /u/{}".format(name)
return account
except NotFound:
print ">> registering /u/{}".format(name)
return register(name, "password", "127.0.0.1")
def ensure_account(name):
"""Look up or register an account and return it."""
try:
account = Account._by_name(name)
print ">> found /u/{}".format(name)
return account
except NotFound:
print ">> registering /u/{}".format(name)
return register(name, "password", "127.0.0.1")