def pw_form_cb(data):
from beaker.crypto import pbkdf2
if self.change:
# if changing password, check the old pw is right first
uci_data = client.get(filter=filters.foris_config)
password_hash = uci_data.find_child("uci.foris.auth.password")
# allow changing the password if password_hash is empty
if password_hash:
password_hash = password_hash.value
# crypt automatically extracts salt and iterations from formatted pw hash
if password_hash != pbkdf2.crypt(data['old_password'],
salt=password_hash):
return "save_result", {'wrong_old_password': True}
uci = Uci()
foris = Config("foris")
uci.add(foris)
auth = Section("auth", "config")
foris.add(auth)
# use 48bit pseudo-random salt internally generated by pbkdf2
new_password_hash = pbkdf2.crypt(data['password'], iterations=1000)
auth.add(Option("password", new_password_hash))
if data['set_system_pw'] is True:
client.set_password("root", data['password'])
return "edit_config", uci
def pw_form_cb(data):
from beaker.crypto import pbkdf2
if self.change:
# if changing password, check the old pw is right first
uci_data = client.get(filter=filters.foris_config)
password_hash = uci_data.find_child("uci.foris.auth.password")
# allow changing the password if password_hash is empty
if password_hash:
password_hash = password_hash.value
# crypt automatically extracts salt and iterations from formatted pw hash
if password_hash != pbkdf2.crypt(data['old_password'], salt=password_hash):
return "save_result", {'wrong_old_password': True}
uci = Uci()
foris = Config("foris")
uci.add(foris)
auth = Section("auth", "config")
foris.add(auth)
# use 48bit pseudo-random salt internally generated by pbkdf2
new_password_hash = pbkdf2.crypt(data['password'], iterations=1000)
auth.add(Option("password", new_password_hash))
if data['set_system_pw'] is True:
client.set_password("root", data['password'])
return "edit_config", uci
def set_foris_password(cls, password):
from beaker.crypto import pbkdf2
encrypted_pwd = pbkdf2.crypt(password)
if not (uci_set("foris.auth", "config", cls.config_directory)
and uci_set("foris.auth.password", encrypted_pwd, cls.config_directory)
and uci_commit(cls.config_directory)):
raise TestInitException("Cannot set Foris password.")
StaticNetconfConnection._connect()
def set_foris_password(cls, password):
from beaker.crypto import pbkdf2
encrypted_pwd = pbkdf2.crypt(password)
if not (uci_set("foris.auth", "config", cls.config_directory)
and uci_set("foris.auth.password", encrypted_pwd,
cls.config_directory)
and uci_commit(cls.config_directory)):
raise TestInitException("Cannot set Foris password.")
StaticNetconfConnection._connect()
def _check_password(password):
from beaker.crypto import pbkdf2
data = client.get(filter=filters.foris_config)
password_hash = data.find_child("uci.foris.auth.password")
if password_hash is None:
# consider unset password as successful auth
# maybe set some session variable in this case
return True
password_hash = password_hash.value
# crypt automatically extracts salt and iterations from formatted pw hash
return password_hash == pbkdf2.crypt(password, salt=password_hash)
def _check_password(password):
from beaker.crypto import pbkdf2
data = client.get(filter=filters.foris_config)
password_hash = data.find_child("uci.foris.auth.password")
if password_hash is None:
# consider unset password as successful auth
# maybe set some session variable in this case
return True
password_hash = password_hash.value
# crypt automatically extracts salt and iterations from formatted pw hash
return password_hash == pbkdf2.crypt(password, salt=password_hash)
def do_login(access_control, session, login, password):
"""Login user, establish privileges in session"""
db_users = list(users.find({'login': login}))
if db_users:
assert len(db_users) == 1, "Multiple users named %s!" % login
db_user = db_users[0]
passwd_hash = db_user['password']
if passwd_hash == crypt(password, passwd_hash):
session['user'] = DataObject(db_user) # USER DATA
session['token'] = access_control.create_subject(db_user).id # ACCESS TOKEN
session.save()
print "Login: "******"Password incorrect!"
else:
return "User not found!"
def init_users():
users.drop()
roles.drop()
operations.drop()
#
# Example User Database:
# admin/admin -> all permissions
# photographer/canon -> tag/comment/vote/veto all material
# student/stud -> comment/vote/veto public material
# staff/staff -> comment/vote/veto public material
# press/press -> see press/public material, comment/vote/veto press-/public material
# anonymous/anon -> see public material
users.insert({
'login': '******',
'name': 'Administrator',
'password': crypt('admin'),
'roles': ['admin']})
users.insert({
'login': '******',
'name': 'Test Photographer',
'password': crypt('canon'),
'roles': ['photographer', 'reviewer'],
})
users.insert({
'login': '******',
'password': crypt('stud'),
'name': 'Test Student',
'roles': ['reviewer'],
})
users.insert({
'login': '******',
'name': 'Test Staff Member',
'password': crypt('staff'),
'roles': ['reviewer'],
})
users.insert({
'login': '******',
'name': 'Test Press Member',
'password': crypt('press'),
'roles': ['press', 'reviewer'],
})
users.insert({
'login': '******',
'name': 'Random Guest',
'password': crypt('anon'),
'roles': ['guest'],
})
roles.insert({
'name': 'admin',
'can': [
['crud', ['users', 'roles', 'photos', 'comments']]
]})
roles.insert({
'name': 'photographer',
'can': [
['crud', ['photos', 'galleries']],
['delete', ['comments']]
]})
roles.insert({
'name': 'reviewer',
'can': [
['create', ['comments', 'vetos']],
['read', [['if-contains', 'photos', 'tags', 'public']]],
['read', [['if-contains', 'galleries', 'tags', 'public']]],
# modify only comments with user_id matching the subject's _id
['crud', [['if-equals', 'comments', 'user_id', '_id']]]
]})
roles.insert({
'name': 'press',
'parent' : 'reviewer',
'can': [
['read', [['if-contains', 'photos', 'tags', 'press'],
['if-contains', 'galleries', 'tags', 'press']]],
]})
operations.insert({
'name': 'crud',
'includes': ['create', 'read', 'update', 'delete']})
