class Authenticator(object):
def __init__(self, leap_provider):
self._leap_provider = leap_provider
self.domain = leap_provider.server_name
self.bonafide_session = None
@inlineCallbacks
def authenticate(self, username, password):
username = self.clean_username(username)
auth = yield self._srp_auth(username, password)
returnValue(auth)
@inlineCallbacks
def _srp_auth(self, username, password):
try:
auth = yield self._bonafide_auth(username, password)
except SRPAuthError:
raise UnauthorizedLogin(
"User typed wrong password/username combination.")
returnValue(auth)
@inlineCallbacks
def _bonafide_auth(self, user, password):
srp_provider = Api(self._leap_provider.api_uri)
credentials = Credentials(user, password)
self.bonafide_session = Session(credentials, srp_provider,
self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate()
returnValue(
Authentication(user, self.bonafide_session.token,
self.bonafide_session.uuid, 'session_id',
{'is_admin': False}))
def clean_username(self, username):
if '@' not in username:
return username
extracted_username = self.extract_username(username)
if self.username_with_domain(extracted_username) == username:
return extracted_username
raise UnauthorizedLogin('User typed a wrong domain.')
def extract_username(self, username):
return re.search('^([^@]+)@?.*$', username).group(1)
def username_with_domain(self, username):
return '%s@%s' % (username, self.domain)
class Authenticator(object):
def __init__(self, leap_provider):
self._leap_provider = leap_provider
self.domain = leap_provider.server_name
self.bonafide_session = None
@inlineCallbacks
def authenticate(self, username, password):
username = self.clean_username(username)
auth = yield self._srp_auth(username, password)
returnValue(auth)
@inlineCallbacks
def _srp_auth(self, username, password):
try:
auth = yield self._bonafide_auth(username, password)
except SRPAuthError:
raise UnauthorizedLogin("User typed wrong password/username combination.")
returnValue(auth)
@inlineCallbacks
def _bonafide_auth(self, user, password):
srp_provider = Api(self._leap_provider.api_uri)
credentials = Credentials(user, password)
self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate()
returnValue(Authentication(user,
self.bonafide_session.token,
self.bonafide_session.uuid,
'session_id',
{'is_admin': False}))
def clean_username(self, username):
if '@' not in username:
return username
extracted_username = self.extract_username(username)
if self.username_with_domain(extracted_username) == username:
return extracted_username
raise UnauthorizedLogin('User typed a wrong domain.')
def extract_username(self, username):
return re.search('^([^@]+)@?.*$', username).group(1)
def username_with_domain(self, username):
return '%s@%s' % (username, self.domain)
def _get_leap_session(credentials):
session = Session(credentials)
d = session.authenticate()
d.addCallback(lambda _: session)
return d
def _bonafide_auth(self, user, password):
srp_provider = Api(self._leap_provider.api_uri)
credentials = Credentials(user, password)
srp_auth = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
yield srp_auth.authenticate()
returnValue(Authentication(user, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False}))