def pw_form_cb(data): from beaker.crypto import pbkdf2 if self.change: # if changing password, check the old pw is right first uci_data = client.get(filter=filters.foris_config) password_hash = uci_data.find_child("uci.foris.auth.password") # allow changing the password if password_hash is empty if password_hash: password_hash = password_hash.value # crypt automatically extracts salt and iterations from formatted pw hash if password_hash != pbkdf2.crypt(data['old_password'], salt=password_hash): return "save_result", {'wrong_old_password': True} uci = Uci() foris = Config("foris") uci.add(foris) auth = Section("auth", "config") foris.add(auth) # use 48bit pseudo-random salt internally generated by pbkdf2 new_password_hash = pbkdf2.crypt(data['password'], iterations=1000) auth.add(Option("password", new_password_hash)) if data['set_system_pw'] is True: client.set_password("root", data['password']) return "edit_config", uci
def set_foris_password(cls, password): from beaker.crypto import pbkdf2 encrypted_pwd = pbkdf2.crypt(password) if not (uci_set("foris.auth", "config", cls.config_directory) and uci_set("foris.auth.password", encrypted_pwd, cls.config_directory) and uci_commit(cls.config_directory)): raise TestInitException("Cannot set Foris password.") StaticNetconfConnection._connect()
def _check_password(password): from beaker.crypto import pbkdf2 data = client.get(filter=filters.foris_config) password_hash = data.find_child("uci.foris.auth.password") if password_hash is None: # consider unset password as successful auth # maybe set some session variable in this case return True password_hash = password_hash.value # crypt automatically extracts salt and iterations from formatted pw hash return password_hash == pbkdf2.crypt(password, salt=password_hash)
def do_login(access_control, session, login, password): """Login user, establish privileges in session""" db_users = list(users.find({'login': login})) if db_users: assert len(db_users) == 1, "Multiple users named %s!" % login db_user = db_users[0] passwd_hash = db_user['password'] if passwd_hash == crypt(password, passwd_hash): session['user'] = DataObject(db_user) # USER DATA session['token'] = access_control.create_subject(db_user).id # ACCESS TOKEN session.save() print "Login: "******"Password incorrect!" else: return "User not found!"
def init_users(): users.drop() roles.drop() operations.drop() # # Example User Database: # admin/admin -> all permissions # photographer/canon -> tag/comment/vote/veto all material # student/stud -> comment/vote/veto public material # staff/staff -> comment/vote/veto public material # press/press -> see press/public material, comment/vote/veto press-/public material # anonymous/anon -> see public material users.insert({ 'login': '******', 'name': 'Administrator', 'password': crypt('admin'), 'roles': ['admin']}) users.insert({ 'login': '******', 'name': 'Test Photographer', 'password': crypt('canon'), 'roles': ['photographer', 'reviewer'], }) users.insert({ 'login': '******', 'password': crypt('stud'), 'name': 'Test Student', 'roles': ['reviewer'], }) users.insert({ 'login': '******', 'name': 'Test Staff Member', 'password': crypt('staff'), 'roles': ['reviewer'], }) users.insert({ 'login': '******', 'name': 'Test Press Member', 'password': crypt('press'), 'roles': ['press', 'reviewer'], }) users.insert({ 'login': '******', 'name': 'Random Guest', 'password': crypt('anon'), 'roles': ['guest'], }) roles.insert({ 'name': 'admin', 'can': [ ['crud', ['users', 'roles', 'photos', 'comments']] ]}) roles.insert({ 'name': 'photographer', 'can': [ ['crud', ['photos', 'galleries']], ['delete', ['comments']] ]}) roles.insert({ 'name': 'reviewer', 'can': [ ['create', ['comments', 'vetos']], ['read', [['if-contains', 'photos', 'tags', 'public']]], ['read', [['if-contains', 'galleries', 'tags', 'public']]], # modify only comments with user_id matching the subject's _id ['crud', [['if-equals', 'comments', 'user_id', '_id']]] ]}) roles.insert({ 'name': 'press', 'parent' : 'reviewer', 'can': [ ['read', [['if-contains', 'photos', 'tags', 'press'], ['if-contains', 'galleries', 'tags', 'press']]], ]}) operations.insert({ 'name': 'crud', 'includes': ['create', 'read', 'update', 'delete']})