def validate_userpass(username, password, storage):
# This function uses the internal authenticator to identify the user
# You can overload this to pass username/password to an LDAP server for exemple
if config.auth.internal.enabled and username and password:
user = storage.user.get(username)
if user:
if verify_password(password, user.password):
return username, ["R", "W", "E"]
raise AuthenticationException("Wrong username or password")
return None, None
def validate_apikey(username, apikey, storage):
# This function identifies the user via the internal API key functionality
# NOTE: It is not recommended to overload this function but you can still do it
if config.auth.allow_apikeys and apikey:
user_data = storage.user.get(username)
if user_data:
name, apikey_password = apikey.split(":", 1)
key = user_data.apikeys.get(name, None)
if key is not None:
if verify_password(apikey_password, key.password):
return username, key.acl
raise AuthenticationException("Invalid apikey")
return None, None
def test_security():
passwd = get_random_password()
p_hash = get_password_hash(passwd)
assert verify_password(passwd, p_hash)