def onChallenge(self, challenge): self.logger.info("Authenticate connection %s@%s (challenge) ...", self.authid, self.config.realm) self.logger.debug("Challenge:") self.logger.debug(" + method: %s", challenge.method) self.logger.debug(" + extra: %s", challenge.extra) if challenge.method == u"wampcra": salt = challenge.extra['salt'] secret = self.secret secret = auth.derive_key( secret.encode('utf8'), salt.encode('utf8'), iterations=challenge.extra['iterations'], keylen=challenge.extra['keylen']).decode('ascii') signature = auth.compute_wcs( secret.encode('utf8'), challenge.extra['challenge'].encode('utf8')) signature = signature.decode('ascii') self.logger.debug("Signature '%s'", signature) return signature else: self.logger.error("Unknown challenge method '%s'", challenge.method)
def add(self, authid, authrole, secret, salt = None): if salt: key = auth.derive_key(secret, salt) else: key = secret self._creds[authid] = (salt, key, authrole) return self._creds[authid]
def add(self, authid, authrole, secret, salt=None): if salt: key = auth.derive_key(secret, salt) else: key = secret self._creds[authid] = (salt, key, authrole) return self._creds[authid]
def register_user(user_details): if user_exists(user_details['username']): return {"error": "User already exists. Please try again"} try: username = user_details['username'] pw = generate_password() salted_pw = ath.derive_key(pw, auth_config['salt'], auth_config['iterations'], auth_config['keylen']) db_rec = { 'username': username, 'user_details': user_details, 'auth_details': copy.deepcopy(auth_config) } db_rec['auth_details']['secret'] = salted_pw db_rec['auth_details']['role'] = u'user' del db_rec['user_details']['username'] #print "Registered user ", db_rec db.insert(db_rec) except Exception as e: print e return {"error": "Unexpected error occured. Please try again"} print "User added to database" send_email(user_details, pw, username) return { "success": "Successfuly registered. Please check your email for your password." }
def on_challenge(challenge): if challenge.method == u"wampcra": print("WAMP-CRA challenge received: {}".format(challenge)) if u'salt' in challenge.extra: # salted secret salted_key = auth.derive_key(secret, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) salted_key = (salted_key).decode('utf-8') print(salted_key) #if user==u'ffbo': # plain, unsalted secret # salted_key = u"kMU73GH4GS1WGUpEaSdDYwN57bdLdB58PK1Brb25UCE=" #print(salted_key) # compute signature for challenge, using the key signature = auth.compute_wcs(salted_key, challenge.extra['challenge']) # return the signature to the router for verification return signature else: raise Exception("Invalid authmethod {}".format( challenge.method))
def add(self, authid, authrole, secret, salt = None): if salt: key = auth.derive_key(secret.encode('utf8'), salt.encode('utf8')).decode('ascii') else: key = secret self._creds[authid] = (salt, key, authrole) return self._creds[authid]
def onChallenge(self, challenge): self.logger.info( "Authenticate connection %s@%s (challenge) ...", self.authid, self.config.realm ) self.logger.debug("Challenge:") self.logger.debug(" + method: %s", challenge.method) self.logger.debug(" + extra: %s", challenge.extra) if challenge.method == u"wampcra": salt = challenge.extra['salt'] secret = self.secret secret = auth.derive_key( secret.encode('utf8'), salt.encode('utf8'), iterations=challenge.extra['iterations'], keylen=challenge.extra['keylen'] ).decode('ascii') signature = auth.compute_wcs( secret.encode('utf8'), challenge.extra['challenge'].encode('utf8') ) signature = signature.decode('ascii') self.logger.debug("Signature '%s'", signature) return signature else: self.logger.error("Unknown challenge method '%s'", challenge.method)
def verify(self, password, encoded): algorithm, salt, iterations, keylen, derived = encoded.split('$') new_password = '******'.join([ self.algorithm, salt, iterations, keylen, derive_key(password, salt, int(iterations), int(keylen)).decode('ascii') ]) return encoded == new_password
def encode(self, password, salt): password = '******'.join([ self.algorithm, salt, str(settings.ITERATIONS), str(settings.KEYLEN), derive_key(password, salt, settings.ITERATIONS, settings.KEYLEN).decode('ascii') ]) return password
def on_challenge(self, session, challenge): key = self._secret.encode('utf8') if u'salt' in challenge.extra: key = auth.derive_key(key, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) signature = auth.compute_wcs( key, challenge.extra['challenge'].encode('utf8')) return signature.decode('ascii')
def onChallenge(self, challenge): print challenge if challenge.method == u"wampcra": if u'salt' in challenge.extra: key = auth.derive_key(PASSWORDS[USER], challenge.extra['salt'], challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = PASSWORDS[USER] signature = auth.compute_wcs(key, challenge.extra['challenge']) return signature else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge): #print challenge if challenge.method == u"wampcra": if u'salt' in challenge.extra: key = auth.derive_key(self.config.extra['topic'], challenge.extra['salt'], challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = self.config.extra['topic'] signature = auth.compute_wcs(key, challenge.extra['challenge']) return signature else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge): if challenge.method == u"wampcra": self.log.debug("WAMP-CRA challenge received: {}".format(challenge)) if u'salt' in challenge.extra: # salted secret key = derive_key(USER_SECRET, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) # return the signature to the router for verification return compute_wcs(key, challenge.extra['challenge']) else: raise Exception("Invalid authmethod {}".format(challenge.method))
def makeAccount(self, username, password, email, nickname): alphabet = string.digits + string.lowercase num = Crypto.Random.random.getrandbits(64) salt = "" while num != 0: num, i = divmod(num, len(alphabet)) salt = alphabet[i] + salt extra = {"salt":salt, "keylen":32, "iterations":1000} password_hash = auth.derive_key(password.encode('utf-8'), extra['salt'].encode('utf-8'), extra['iterations'], extra['keylen']) d = self.call(u"rpc.registrar.make_account", username, "%s:%s" % (salt, password_hash), email, nickname) return d.addCallback(self.onMakeAccount).addErrback(self.onError, "makeAccount")
def onChallenge(self, challenge): logger.info('Challenge received.') if challenge.method == 'wampcra': if 'salt' in challenge.extra: key = auth.derive_key(password.encode(), challenge.extra['salt'].encode(), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = password.encode() signature = auth.compute_wcs(key, challenge.extra['challenge']) return signature.decode('ascii') else: raise Exception('Unknown challenge method: %s' % challenge.method)
def onChallenge(self, challenge): print("authentication challenge received: {}".format(challenge)) if challenge.method == u"wampcra": if u'salt' in challenge.extra: key = auth.derive_key(PASSWORDS[USER].encode('utf8'), challenge.extra['salt'].encode('utf8'), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = PASSWORDS[USER].encode('utf8') signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8')) return signature.decode('ascii') else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def makeAccount(self, username, password, email, nickname): alphabet = string.digits + string.lowercase num = Crypto.Random.random.getrandbits(64) salt = "" while num != 0: num, i = divmod(num, len(alphabet)) salt = alphabet[i] + salt extra = {"salt":salt, "keylen":32, "iterations":1000} password_hash = auth.derive_key(password.encode('utf-8'), extra['salt'].encode('utf-8'), extra['iterations'], extra['keylen']) d = self.call(u"rpc.registrar.make_account", username, "%s:%s" % (salt, password_hash), email, nickname) return d.addCallback(self.onMakeAccount).addErrback(self.onError, "makeAccount")
def onChallenge(self, challenge): self.log.info('authentication challenge received') if challenge.method == u"wampcra": if u'salt' in challenge.extra: key = auth.derive_key(CRA_SECRET, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) signature = auth.compute_wcs(key, challenge.extra['challenge']) return signature else: signature = auth.compute_wcs(CRA_SECRET, challenge.extra['challenge']) return signature else: raise Exception("Invalid authmethod {}".format(challenge.method))
def on_challenge(self, session, challenge): key = self._secret.encode('utf8') if u'salt' in challenge.extra: key = auth.derive_key( key, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen'] ) signature = auth.compute_wcs( key, challenge.extra['challenge'].encode('utf8') ) return signature.decode('ascii')
def onChallenge(self, challenge): if challenge.method == u"wampcra": if u'salt' in challenge.extra: key = auth.derive_key(u"marketmaker".encode('utf8'), challenge.extra['salt'].encode('utf8'), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = u"a".encode('utf8') signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8')) return signature.decode('ascii') elif challenge.method == u"cookie": return self.cookie else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge): log.msg("got challenge: %s" % challenge) if challenge.method == u"wampcra": if u'salt' in challenge.extra: key = auth.derive_key(self.factory.password.encode('utf-8'), challenge.extra['salt'].encode('utf-8'), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = self.factory.password.encode('utf-8') signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf-8')) return signature.decode('ascii') else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge): log.msg("got challenge: %s" % challenge) if challenge.method == u"wampcra": if u'salt' in challenge.extra: key = auth.derive_key(self.factory.password.encode('utf-8'), challenge.extra['salt'].encode('utf-8'), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = self.factory.password.encode('utf-8') signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf-8')) return signature.decode('ascii') else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge: Challenge): if challenge.method != self.__auth_method: raise ConnectionError( 'expected authentication method "{}" but received a "{}" challenge instead'. format(self.__auth_method, challenge.method)) if challenge.method == 'wampcra': key = self.__auth_secret if 'salt' in challenge.extra: # salted secret key = auth.derive_key(self.__auth_secret.encode('utf-8'), challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) return auth.compute_wcs(key, challenge.extra['challenge']) elif challenge.method == 'ticket': # ticket return self.__auth_secret
def onChallenge(self, challenge): log.msg("onChallenge - maynard") password = '******' if 'authinfo' in self.svar: password = self.svar['authinfo']['auth_password'] log.msg("onChallenge with password {}".format(password)) if challenge.method == u'wampcra': if u'salt' in challenge.extra: key = auth.derive_key(password.encode('utf8'), challenge.extra['salt'].encode('utf8'), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = password.encode('utf8') signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8')) return signature.decode('ascii') else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge): print("authentication challenge received") if challenge.method == u"wampcra": print("WAMP-CRA challenge received: {}".format(challenge)) if u'salt' in challenge.extra: # salted secret key = auth.derive_key(u"uSrnbKa2cjxkYu9Flom1ZMIkNYMriSZ5tKzlhVKJT6o", challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) else: # plain, unsalted secret key = u"uSrnbKa2cjxkYu9Flom1ZMIkNYMriSZ5tKzlhVKJT6o" # compute signature for challenge, using the key signature = auth.compute_wcs(key, challenge.extra['challenge']) # return the signature to the router for verification return signature
def onChallenge(self, challenge: Challenge): if challenge.method != self.__auth_method: raise WAMPError( 'expected authentication method "{}" but received a "{}" challenge ' 'instead'.format(self.__auth_method, challenge.method)) if challenge.method == 'wampcra': key = self.__auth_secret if 'salt' in challenge.extra: # salted secret key = auth.derive_key(self.__auth_secret.encode('utf-8'), challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) return auth.compute_wcs(key, challenge.extra['challenge']) elif challenge.method == 'ticket': return self.__auth_secret
def on_challenge(self, challenge): """ A function that is called when we got onChallenge event aka authentication to a WAMP router. This function is attached to our WampDefaultComponent only if protocol is WSS :param self: :param challenge: :return: digital signature decode in ascii """ log = Logger() log.info('On Challenge...') if challenge.method == u"wampcra": cfg = Config().get_wamp() password = { u'%s' % cfg.user: u'%s' % cfg.password } if u'salt' in challenge.extra: key = auth.derive_key( password[cfg.user].encode('utf8'), challenge.extra['salt'].encode('utf8'), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None) ) else: key = password[cfg.user].encode('utf8') signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8')) return signature.decode('ascii') else: raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge): if challenge.method == u"wampcra": print("WAMP-CRA challenge received: {}".format(challenge)) if u'salt' in challenge.extra: key = auth.derive_key(secret, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) else: # plain, unsalted secret key = secret # compute signature for challenge, using the key signature = auth.compute_wcs(key, challenge.extra['challenge']) # return the signature to the router for verification return signature else: raise Exception("Invalid authmethod {}".format(challenge.method))
def onChallenge(self, challenge): if challenge.method == "wampcra": if 'salt' in challenge.extra: # salted secret key = auth.derive_key( conf.WAMP_CONNECTION['AUTHSECRET'], challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen'], ) else: # plain, unsalted secret key = conf.WAMP_CONNECTION['AUTHSECRET'] signature = auth.compute_wcs(key, challenge.extra['challenge']) self.log.info(key) return signature else: raise Exception("don't know how to handle authmethod {}".format(challenge.method))
def handle_wampcra_challenge(self, challenge): """ Default handler for WAMP-CRA authentication Uses the `secret` keyword-argument value supplied to the constructor of the opendna.autobahn.repl.abc.AbstractSession instance that is the parent of this opendna.autobahn.repl.wamp.REPLApplicationSession instance in order to generate an authentication signature :param challenge: :return: """ secret = self._session.session_kwargs['secret'] if 'salt' in challenge.extra: secret = auth.derive_key(self._session.session_kwargs['secret'], challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) signature = auth.compute_wcs(secret, challenge.extra['challenge']) return signature
def on_challenge(self, challenge): """ A function that is called when we got onChallenge event aka authentication to a WAMP router. This function is attached to our WampDefaultComponent only if protocol is WSS :param self: :param challenge: :return: digital signature decode in ascii """ log = Logger() log.info('On Challenge...') if challenge.method == u"wampcra": cfg = Config().get_wamp() password = {u'%s' % cfg.user: u'%s' % cfg.password} if u'salt' in challenge.extra: key = auth.derive_key(password[cfg.user].encode('utf8'), challenge.extra['salt'].encode('utf8'), challenge.extra.get('iterations', None), challenge.extra.get('keylen', None)) else: key = password[cfg.user].encode('utf8') signature = auth.compute_wcs( key, challenge.extra['challenge'].encode('utf8')) return signature.decode('ascii') else: raise Exception( "don't know how to compute challenge for authmethod {}".format( challenge.method))
def onChallenge(self, challenge): if challenge.method == "wampcra": if 'salt' in challenge.extra: # salted secret key = auth.derive_key( conf.WAMP_CONNECTION['AUTHSECRET'], challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen'], ) else: # plain, unsalted secret key = conf.WAMP_CONNECTION['AUTHSECRET'] signature = auth.compute_wcs(key, challenge.extra['challenge']) self.log.info(key) return signature else: raise Exception("don't know how to handle authmethod {}".format( challenge.method))
def onChallenge(self, challenge): if challenge.method == u"wampcra": print("WAMP-CRA challenge received: {}".format(challenge)) if u'salt' in challenge.extra: # salted secret key = auth.derive_key(USER_SECRET, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) else: # plain, unsalted secret key = USER_SECRET # compute signature for challenge, using the key signature = auth.compute_wcs(key, challenge.extra['challenge']) # return the signature to the router for verification return signature else: raise Exception("Invalid authmethod {}".format(challenge.method))
def create_user(data, details=None): try: # Add user salt = generate_wcs(12).decode('utf8') user = User(username=data['username'], role=data['role'], password='******'.join([ 'salted_autobahn_auth', salt, str(settings.ITERATIONS), str(settings.KEYLEN), derive_key(data['password'], salt, settings.ITERATIONS, settings.KEYLEN).decode('ascii') ]), settings={}, created_by=details.caller_authid) user.save() return True except IntegrityError as e: return str(e) except Exception as e: return str(e)
def onChallenge(self, challenge): if challenge.method == u"wampcra": out.verbose("WAMP-CRA challenge received: {}".format(challenge)) wampPassword = nexus.core.getKey('apitoken') if u'salt' in challenge.extra: # salted secret key = auth.derive_key(wampPassword, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) else: # plain, unsalted secret key = wampPassword # compute signature for challenge, using the key signature = auth.compute_wcs(key, challenge.extra['challenge']) # return the signature to the router for verification return signature else: raise Exception("Invalid authmethod {}".format(challenge.method))
def on_challenge(challenge): """The On Challenge function that computes the user signature for verification. Args: challenge (obj): The challenge object received. Returns: str: The signature sent to the router for verification. """ print(printHeader('FFBOLab Client') + 'Initiating authentication.') if challenge.method == u"wampcra": print( printHeader('FFBOLab Client') + "WAMP-CRA challenge received: {}".format(challenge)) print(challenge.extra['salt']) if u'salt' in challenge.extra: # Salted secret print(printHeader('FFBOLab Client') + 'Deriving key...') salted_key = auth.derive_key(secret, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) print(salted_key.decode('utf-8')) if user == 'guest': # A plain, unsalted secret for the guest account salted_key = u"C5/c598Gme4oALjmdhVC2H25OQPK0M2/tu8yrHpyghA=" # compute signature for challenge, using the key signature = auth.compute_wcs(salted_key, challenge.extra['challenge']) # return the signature to the router for verification return signature else: raise Exception("Invalid authmethod {}".format( challenge.method))
def onChallenge(self, challenge): if challenge.method == u"wampcra": out.verbose("WAMP-CRA challenge received: {}".format(challenge)) wampPassword = nexus.core.getKey('apitoken') if u'salt' in challenge.extra: # salted secret key = auth.derive_key(wampPassword, challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen']) else: # plain, unsalted secret key = wampPassword # compute signature for challenge, using the key signature = auth.compute_wcs(key, challenge.extra['challenge']) # return the signature to the router for verification return signature else: raise Exception("Invalid authmethod {}".format(challenge.method))
# ############################################################################### from os import environ from twisted.internet import reactor from twisted.internet.defer import inlineCallbacks from autobahn.twisted.wamp import Session, ApplicationRunner from autobahn.wamp import auth if False: # this is (one way) to get the encoded/salted secret to put in # config.json (see examples/router/.crossbar/config.json) print("encoded secret:", auth.derive_key( secret=u's33kr1t', salt=u'salt123', iterations=100, keylen=32, ).decode('ascii')) class Component(Session): """ An application component calling the different backend procedures. """ def onJoin(self, details): print("session attached {}".format(details)) return self.leave() if __name__ == '__main__':
def test_derive_key(self): secret = u'L3L1YUE8Txlw' salt = u'salt123' key = auth.derive_key(secret.encode('utf8'), salt.encode('utf8')) self.assertEqual(type(key), bytes) self.assertEqual(key, b"qzcdsr9uu/L5hnss3kjNTRe490ETgA70ZBaB5rvnJ5Y=")
def test_derive_key(self): secret = 'L3L1YUE8Txlw' salt = 'salt123' key = auth.derive_key(secret.encode('utf8'), salt.encode('utf8')) self.assertEqual(type(key), bytes) self.assertEqual(key, b"qzcdsr9uu/L5hnss3kjNTRe490ETgA70ZBaB5rvnJ5Y=")
def updateKey(self, id, newKey): self._creds[id] = auth.derive_key(newKey, self.AUTHEXTRA['salt'])
from os import environ from twisted.internet import reactor from twisted.internet.defer import inlineCallbacks from autobahn.twisted.wamp import Session, ApplicationRunner from autobahn.wamp import auth if False: # this is (one way) to get the encoded/salted secret to put in # config.json (see examples/router/.crossbar/config.json) print( "encoded secret:", auth.derive_key( secret=u's33kr1t', salt=u'salt123', iterations=100, keylen=32, ).decode('ascii')) class Component(Session): """ An application component calling the different backend procedures. """ def onJoin(self, details): print("session attached {}".format(details)) return self.leave() if __name__ == '__main__': runner = ApplicationRunner(
def onHello(self, realm, details): try: ## check if the realm the session wants to join actually exists ## if realm not in self._router_factory: return types.Deny(ApplicationError.NO_SUCH_REALM, message = "no realm '{}' exists on this router".format(realm)) ## perform authentication ## if self._transport._authid is not None: ## already authenticated .. e.g. via cookie ## check if role still exists on realm ## allow = self._router_factory[realm].has_role(self._transport._authrole) if allow: return types.Accept(authid = self._transport._authid, authrole = self._transport._authrole, authmethod = self._transport._authmethod, authprovider = 'transport') else: return types.Deny(ApplicationError.NO_SUCH_ROLE, message = "session was previously authenticated (via transport), but role '{}' no longer exists on realm '{}'".format(self._transport._authrole, realm)) else: ## if authentication is enabled on the transport .. ## if "auth" in self._transport_config: ## iterate over authentication methods announced by client .. ## for authmethod in details.authmethods or ["anonymous"]: ## .. and if the configuration has an entry for the authmethod ## announced, process .. if authmethod in self._transport_config["auth"]: ## "WAMP-Challenge-Response" authentication ## if authmethod == u"wampcra": cfg = self._transport_config['auth']['wampcra'] if cfg['type'] == 'static': if details.authid in cfg.get('users', {}): user = cfg['users'][details.authid] ## when using salted passwords, computes a derived cryptographic key from a password according to PBKDF2. if 'salt' in user: secret = auth.derive_key( user['secret'].encode('utf8'), user['salt'].encode('utf-8'), user.get('iterations', 1000), user.get('keylen', 32)).encode('utf-8') else: secret = user['secret'].encode('utf-8') self._pending_auth = PendingAuthWampCra(details.pending_session, details.authid, user['role'], u'static', secret) ## send challenge to client ## extra = { u'challenge': self._pending_auth.challenge } ## when using salted passwords, provide the client with ## the salt and then PBKDF2 parameters used if 'salt' in user: extra[u'salt'] = user['salt'] extra[u'iterations'] = user.get('iterations', 1000) extra[u'keylen'] = user.get('keylen', 32) return types.Challenge(u'wampcra', extra) else: return types.Deny(message = "no user with authid '{}' in user database".format(details.authid)) elif cfg['type'] == 'dynamic': ## Get the Crossbar.io service session on the router/realm ## to issue the WAMP call to the custom authorizer ## router = self._router_factory.get(realm) service_session = router._realm.session d = service_session.call(cfg['authenticator'], realm, details.authid) def on_authenticate_ok(user): ## construct a pending WAMP-CRA authentication ## self._pending_auth = PendingAuthWampCra(details.pending_session, details.authid, user['role'], u'dynamic', user['secret'].encode('utf8')) ## send challenge to client ## extra = { u'challenge': self._pending_auth.challenge } ## when using salted passwords, provide the client with ## the salt and the PBKDF2 parameters used ## if 'salt' in user: extra[u'salt'] = user['salt'] extra[u'iterations'] = user.get('iterations', 1000) extra[u'keylen'] = user.get('keylen', 32) return types.Challenge(u'wampcra', extra) def on_authenticate_error(err): error = None message = "dynamic WAMP-CRA credential getter failed: {}".format(err) if isinstance(err.value, ApplicationError): error = err.value.error if err.value.args and len(err.value.args): message = err.value.args[0] return types.Deny(error, message) d.addCallbacks(on_authenticate_ok, on_authenticate_error) return d else: return types.Deny(message = "illegal WAMP-CRA config (type '{0}' is unknown)".format(cfg['type'])) ## "Mozilla Persona" authentication ## elif authmethod == u"mozilla_persona": cfg = self._transport_config['auth']['mozilla_persona'] audience = cfg.get('audience', self._transport._origin) provider = cfg.get('provider', "https://verifier.login.persona.org/verify") ## authrole mapping ## authrole = cfg.get('role', 'anonymous') ## check if role exists on realm anyway ## if not self._router_factory[realm].has_role(authrole): return types.Deny(ApplicationError.NO_SUCH_ROLE, message = "authentication failed - realm '{}' has no role '{}'".format(realm, authrole)) ## ok, now challenge the client for doing Mozilla Persona auth. ## self._pending_auth = PendingAuthPersona(provider, audience, authrole) return types.Challenge("mozilla-persona") ## "Anonymous" authentication ## elif authmethod == u"anonymous": cfg = self._transport_config['auth']['anonymous'] ## authrole mapping ## authrole = cfg.get('role', 'anonymous') ## check if role exists on realm anyway ## if not self._router_factory[realm].has_role(authrole): return types.Deny(ApplicationError.NO_SUCH_ROLE, message = "authentication failed - realm '{}' has no role '{}'".format(realm, authrole)) ## authid generation ## if self._transport._cbtid: ## if cookie tracking is enabled, set authid to cookie value ## authid = self._transport._cbtid else: ## if no cookie tracking, generate a random value for authid ## authid = util.newid(24) self._transport._authid = authid self._transport._authrole = authrole self._transport._authmethod = authmethod return types.Accept(authid = authid, authrole = authrole, authmethod = self._transport._authmethod) ## "Cookie" authentication ## elif authmethod == u"cookie": pass # if self._transport._cbtid: # cookie = self._transport.factory._cookies[self._transport._cbtid] # authid = cookie['authid'] # authrole = cookie['authrole'] # authmethod = "cookie.{}".format(cookie['authmethod']) # return types.Accept(authid = authid, authrole = authrole, authmethod = authmethod) # else: # return types.Deny() else: log.msg("unknown authmethod '{}'".format(authmethod)) return types.Deny(message = "unknown authentication method {}".format(authmethod)) ## if authentication is configured, by default, deny. ## return types.Deny(message = "authentication using method '{}' denied by configuration".format(authmethod)) else: ## if authentication is _not_ configured, by default, allow anyone. ## ## authid generation ## if self._transport._cbtid: ## if cookie tracking is enabled, set authid to cookie value ## authid = self._transport._cbtid else: ## if no cookie tracking, generate a random value for authid ## authid = util.newid(24) return types.Accept(authid = authid, authrole = "anonymous", authmethod = "anonymous") except Exception as e: traceback.print_exc() return types.Deny(message = "internal error: {}".format(e))
def updateKey(self, id, newKey): self._creds[id] = auth.derive_key(newKey, self.AUTHEXTRA['salt'])
def __init__(self): self._creds = {'vtkweb': auth.derive_key("vtkweb-secret", self.AUTHEXTRA['salt'])}
nlp_config["connection"]["secret"] = guest_secret with open(jsfilename, "w") as f: json.dump(nlp_config, f, indent=2 * ' ', separators=(',', ':')) # Replace user_data.json with open( os.path.join(filepath, "components/processor_component/data/user_data.json"), "r") as f: userdata = json.load(f) username = config["USER"]["user"] salt = config["USER"]["salt"] secret = derive_key( secret=config["USER"]["secret"], salt=config["USER"]["salt"], iterations=userdata["_default"]["1"]["auth_details"]["iterations"], keylen=userdata["_default"]["1"]["auth_details"]["keylen"]) userdata["_default"]["1"]["auth_details"]["secret"] = secret userdata["_default"]["1"]["auth_details"]["salt"] = salt userdata["_default"]["1"]["username"] = username secret = derive_key( secret=guest_secret, salt=guest_salt, iterations=userdata["_default"]["2"]["auth_details"]["iterations"], keylen=userdata["_default"]["2"]["auth_details"]["keylen"]) userdata["_default"]["2"]["auth_details"]["secret"] = secret userdata["_default"]["2"]["auth_details"]["salt"] = guest_salt userdata["_default"]["2"]["username"] = guest_user
def __init__(self): self._creds = { 'vtkweb': auth.derive_key("vtkweb-secret", self.AUTHEXTRA['salt']) }