Example #1
0
File: utils.py Project: nuaays/zoe
def get_auth(handler: tornado.web.RequestHandler):
    """Try to authenticate a request."""
    auth_header = handler.request.headers.get('Authorization')
    if auth_header is None or not auth_header.startswith('Basic '):
        raise ZoeRestAPIException(
            'missing or wrong authentication information', 401,
            {'WWW-Authenticate': 'Basic realm="Login Required"'})

    auth_decoded = base64.decodebytes(bytes(auth_header[6:],
                                            'ascii')).decode('utf-8')
    username, password = auth_decoded.split(':', 2)

    if get_conf().auth_type == 'text':
        authenticator = PlainTextAuthenticator()  # type: BaseAuthenticator
    elif get_conf().auth_type == 'ldap':
        authenticator = LDAPAuthenticator()
    else:
        raise ZoeException(
            'Configuration error, unknown authentication method: {}'.format(
                get_conf().auth_type))
    uid, role = authenticator.auth(username, password)
    if uid is None:
        raise ZoeRestAPIException(
            'missing or wrong authentication information', 401,
            {'WWW-Authenticate': 'Basic realm="Login Required"'})

    return uid, role
Example #2
0
def get_auth(handler: tornado.web.RequestHandler):
    """Try to authenticate a request."""
    if handler.get_secure_cookie('zoe'):
        cookie_val = str(handler.get_secure_cookie('zoe'))
        uid, role = cookie_val[2:-1].split('.')
        log.debug(
            'Authentication done using cookie (user {} from {} for {})'.format(
                uid, handler.request.remote_ip, handler.request.path))
        if role == "guest":
            raise ZoeRestAPIException(
                'Guest users cannot use the API, ask for a role upgrade', 401,
                {'WWW-Authenticate': 'Basic realm="Login Required"'})
        return uid, role

    auth_header = handler.request.headers.get('Authorization')
    if auth_header is None or not (auth_header.startswith('Basic ')
                                   or auth_header.startswith('Bearer ')):
        raise ZoeRestAPIException(
            'missing or wrong authentication information', 401,
            {'WWW-Authenticate': 'Basic realm="Login Required"'})

    # Process for authentication with username, password
    else:
        auth_decoded = base64.decodebytes(bytes(auth_header[6:],
                                                'ascii')).decode('utf-8')
        username, password = auth_decoded.split(':', 2)

    if get_conf().auth_type == 'text':
        authenticator = PlainTextAuthenticator()  # type: BaseAuthenticator
    elif get_conf().auth_type == 'ldap':
        authenticator = LDAPAuthenticator(
            sasl=False)  # type: BaseAuthenticator
    elif get_conf().auth_type == 'ldapsasl':
        authenticator = LDAPAuthenticator(sasl=True)  # type: BaseAuthenticator
    else:
        raise ZoeException(
            'Configuration error, unknown authentication method: {}'.format(
                get_conf().auth_type))
    uid, role = authenticator.auth(username, password)
    if uid is None:
        raise ZoeRestAPIException(
            'missing or wrong authentication information', 401,
            {'WWW-Authenticate': 'Basic realm="Login Required"'})
    log.debug(
        'Authentication done using auth-mechanism (user {} from {} for {})'.
        format(uid, handler.request.remote_ip, handler.request.path))

    if role == "guest":
        raise ZoeRestAPIException(
            'Guest users cannot use the API, ask for a role upgrade', 401,
            {'WWW-Authenticate': 'Basic realm="Login Required"'})

    return uid, role
Example #3
0
def get_auth(handler: tornado.web.RequestHandler):
    """Try to authenticate a request."""
    auth_header = handler.request.headers.get('Authorization')
    if auth_header is None or not auth_header.startswith('Basic '):
        raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})

    auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8')
    username, password = auth_decoded.split(':', 2)

    if get_conf().auth_type == 'text':
        authenticator = PlainTextAuthenticator()  # type: BaseAuthenticator
    elif get_conf().auth_type == 'ldap':
        authenticator = LDAPAuthenticator()
    else:
        raise ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
    uid, role = authenticator.auth(username, password)
    if uid is None:
        raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})

    return uid, role
Example #4
0
def get_auth(handler: ZoeRequestHandler):
    """Try to authenticate a request."""

    auth_header = handler.request.headers.get('Authorization')
    if auth_header is None or not auth_header.startswith('Basic '):
        raise zoe_api.exceptions.ZoeAuthException

    auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8')
    username, password = auth_decoded.split(':', 2)

    if get_conf().auth_type == 'text':
        authenticator = PlainTextAuthenticator()  # type: BaseAuthenticator
    elif get_conf().auth_type == 'ldap':
        authenticator = LDAPAuthenticator()
    else:
        raise zoe_api.exceptions.ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
    uid, role = authenticator.auth(username, password)
    if uid is None:
        raise zoe_api.exceptions.ZoeAuthException

    return uid, role
Example #5
0
def get_auth_login(username, password):
    """Authenticate username and password against the configured user store."""

    # First of all try to authenticate against a fixed list of users in a text file
    try:
        authenticator = PlainTextAuthenticator()  # type: BaseAuthenticator
        uid, role = authenticator.auth(username, password)
        return uid, role
    except zoe_api.exceptions.ZoeAuthException:
        pass
    except zoe_api.exceptions.ZoeNotFoundException:
        pass

    # It it fails, continue with the normal authentication
    if get_conf().auth_type == 'ldap':
        authenticator = LDAPAuthenticator(
            sasl=False)  # type: BaseAuthenticator
    elif get_conf().auth_type == 'ldapsasl':
        authenticator = LDAPAuthenticator(sasl=True)  # type: BaseAuthenticator
    else:
        raise zoe_api.exceptions.ZoeException(
            'Configuration error, unknown authentication method: {}'.format(
                get_conf().auth_type))
    uid, role = authenticator.auth(username, password)
    if uid is None:
        raise zoe_api.exceptions.ZoeAuthException

    return uid, role
Example #6
0
def get_auth(handler: ZoeRequestHandler):
    """Try to authenticate a request."""

    auth_header = handler.request.headers.get('Authorization')
    if auth_header is None or not auth_header.startswith('Basic '):
        raise zoe_api.exceptions.ZoeAuthException

    auth_decoded = base64.decodebytes(bytes(auth_header[6:],
                                            'ascii')).decode('utf-8')
    username, password = auth_decoded.split(':', 2)

    if get_conf().auth_type == 'text':
        authenticator = PlainTextAuthenticator()  # type: BaseAuthenticator
    elif get_conf().auth_type == 'ldap':
        authenticator = LDAPAuthenticator()
    else:
        raise zoe_api.exceptions.ZoeException(
            'Configuration error, unknown authentication method: {}'.format(
                get_conf().auth_type))
    uid, role = authenticator.auth(username, password)
    if uid is None:
        raise zoe_api.exceptions.ZoeAuthException

    return uid, role
Example #7
0
    def full_auth(self, username: str, password: str) -> Union[None, User]:  # pylint: disable=too-many-return-statements
        """This method verifies the username and the password against one of the external auth sources."""
        user = self.state.user.select(only_one=True, **{"username": username})
        if user is None or not user.enabled:
            return None

        if user.auth_source == "textfile" and PlainTextAuthenticator(get_conf().auth_file).auth(username, password):
            log.info('User {} authenticated via textfile'.format(user.username))
            return user
        elif user.auth_source == "ldap" and LDAPAuthenticator(get_conf(), sasl=False).auth(username, password):
            log.info('User {} authenticated via ldap'.format(user.username))
            return user
        elif user.auth_source == "ldap+sasl" and LDAPAuthenticator(get_conf(), sasl=True).auth(username, password):
            log.info('User {} authenticated via ldap+sasl'.format(user.username))
            return user
        elif user.auth_source == "internal" and user.check_password(password):
            log.info('User {} authenticated via internal db'.format(user.username))
            return user
        elif user.auth_source == "pam" and pam_authenticate(username, password):
            log.info('User {} authenticated via PAM'.format(user.username))
            return user
        else:
            return None