def get_auth(handler: tornado.web.RequestHandler): """Try to authenticate a request.""" auth_header = handler.request.headers.get('Authorization') if auth_header is None or not auth_header.startswith('Basic '): raise ZoeRestAPIException( 'missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8') username, password = auth_decoded.split(':', 2) if get_conf().auth_type == 'text': authenticator = PlainTextAuthenticator() # type: BaseAuthenticator elif get_conf().auth_type == 'ldap': authenticator = LDAPAuthenticator() else: raise ZoeException( 'Configuration error, unknown authentication method: {}'.format( get_conf().auth_type)) uid, role = authenticator.auth(username, password) if uid is None: raise ZoeRestAPIException( 'missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) return uid, role
def get_auth(handler: tornado.web.RequestHandler): """Try to authenticate a request.""" if handler.get_secure_cookie('zoe'): cookie_val = str(handler.get_secure_cookie('zoe')) uid, role = cookie_val[2:-1].split('.') log.debug( 'Authentication done using cookie (user {} from {} for {})'.format( uid, handler.request.remote_ip, handler.request.path)) if role == "guest": raise ZoeRestAPIException( 'Guest users cannot use the API, ask for a role upgrade', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) return uid, role auth_header = handler.request.headers.get('Authorization') if auth_header is None or not (auth_header.startswith('Basic ') or auth_header.startswith('Bearer ')): raise ZoeRestAPIException( 'missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) # Process for authentication with username, password else: auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8') username, password = auth_decoded.split(':', 2) if get_conf().auth_type == 'text': authenticator = PlainTextAuthenticator() # type: BaseAuthenticator elif get_conf().auth_type == 'ldap': authenticator = LDAPAuthenticator( sasl=False) # type: BaseAuthenticator elif get_conf().auth_type == 'ldapsasl': authenticator = LDAPAuthenticator(sasl=True) # type: BaseAuthenticator else: raise ZoeException( 'Configuration error, unknown authentication method: {}'.format( get_conf().auth_type)) uid, role = authenticator.auth(username, password) if uid is None: raise ZoeRestAPIException( 'missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) log.debug( 'Authentication done using auth-mechanism (user {} from {} for {})'. format(uid, handler.request.remote_ip, handler.request.path)) if role == "guest": raise ZoeRestAPIException( 'Guest users cannot use the API, ask for a role upgrade', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) return uid, role
def get_auth(handler: tornado.web.RequestHandler): """Try to authenticate a request.""" auth_header = handler.request.headers.get('Authorization') if auth_header is None or not auth_header.startswith('Basic '): raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8') username, password = auth_decoded.split(':', 2) if get_conf().auth_type == 'text': authenticator = PlainTextAuthenticator() # type: BaseAuthenticator elif get_conf().auth_type == 'ldap': authenticator = LDAPAuthenticator() else: raise ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type)) uid, role = authenticator.auth(username, password) if uid is None: raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) return uid, role
def get_auth(handler: ZoeRequestHandler): """Try to authenticate a request.""" auth_header = handler.request.headers.get('Authorization') if auth_header is None or not auth_header.startswith('Basic '): raise zoe_api.exceptions.ZoeAuthException auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8') username, password = auth_decoded.split(':', 2) if get_conf().auth_type == 'text': authenticator = PlainTextAuthenticator() # type: BaseAuthenticator elif get_conf().auth_type == 'ldap': authenticator = LDAPAuthenticator() else: raise zoe_api.exceptions.ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type)) uid, role = authenticator.auth(username, password) if uid is None: raise zoe_api.exceptions.ZoeAuthException return uid, role
def get_auth_login(username, password): """Authenticate username and password against the configured user store.""" # First of all try to authenticate against a fixed list of users in a text file try: authenticator = PlainTextAuthenticator() # type: BaseAuthenticator uid, role = authenticator.auth(username, password) return uid, role except zoe_api.exceptions.ZoeAuthException: pass except zoe_api.exceptions.ZoeNotFoundException: pass # It it fails, continue with the normal authentication if get_conf().auth_type == 'ldap': authenticator = LDAPAuthenticator( sasl=False) # type: BaseAuthenticator elif get_conf().auth_type == 'ldapsasl': authenticator = LDAPAuthenticator(sasl=True) # type: BaseAuthenticator else: raise zoe_api.exceptions.ZoeException( 'Configuration error, unknown authentication method: {}'.format( get_conf().auth_type)) uid, role = authenticator.auth(username, password) if uid is None: raise zoe_api.exceptions.ZoeAuthException return uid, role
def get_auth(handler: ZoeRequestHandler): """Try to authenticate a request.""" auth_header = handler.request.headers.get('Authorization') if auth_header is None or not auth_header.startswith('Basic '): raise zoe_api.exceptions.ZoeAuthException auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8') username, password = auth_decoded.split(':', 2) if get_conf().auth_type == 'text': authenticator = PlainTextAuthenticator() # type: BaseAuthenticator elif get_conf().auth_type == 'ldap': authenticator = LDAPAuthenticator() else: raise zoe_api.exceptions.ZoeException( 'Configuration error, unknown authentication method: {}'.format( get_conf().auth_type)) uid, role = authenticator.auth(username, password) if uid is None: raise zoe_api.exceptions.ZoeAuthException return uid, role
def full_auth(self, username: str, password: str) -> Union[None, User]: # pylint: disable=too-many-return-statements """This method verifies the username and the password against one of the external auth sources.""" user = self.state.user.select(only_one=True, **{"username": username}) if user is None or not user.enabled: return None if user.auth_source == "textfile" and PlainTextAuthenticator(get_conf().auth_file).auth(username, password): log.info('User {} authenticated via textfile'.format(user.username)) return user elif user.auth_source == "ldap" and LDAPAuthenticator(get_conf(), sasl=False).auth(username, password): log.info('User {} authenticated via ldap'.format(user.username)) return user elif user.auth_source == "ldap+sasl" and LDAPAuthenticator(get_conf(), sasl=True).auth(username, password): log.info('User {} authenticated via ldap+sasl'.format(user.username)) return user elif user.auth_source == "internal" and user.check_password(password): log.info('User {} authenticated via internal db'.format(user.username)) return user elif user.auth_source == "pam" and pam_authenticate(username, password): log.info('User {} authenticated via PAM'.format(user.username)) return user else: return None