def simple_bind_s(self, who, passwd): if who not in self.users: raise ldap.NO_SUCH_OBJECT(who) user = self.users[who] pass_ = user['userPassword'][0] if not validate_password(passwd, pass_): raise ldap.INVALID_CREDENTIALS(who, passwd) self.connected = True self.who = who self.cred = passwd
def authenticate_user(self, user_name, password): """Authenticates a user given a user_name and password. Returns the user id in case of success. Returns None otherwise.""" user = safe_execute(self._engine, _USER_AUTH, user_name=user_name).fetchone() if user is None: return None if user.status != 1: # user is disabled return None if validate_password(password, user.password_hash): return user.id
def authenticate_user(self, user, credentials, attrs=None): """Authenticates a user given a user object and credentials. Returns the user id in case of success. Returns None otherwise. """ username = credentials.get("username") if username is None: return None if user.get("username") not in (None, username): return None password = credentials.get("password") if password is None: return None fields = [users.c.userid, users.c.password, users.c.accountStatus] if attrs is not None: for attr in attrs: fields.append(getattr(users.c, attr)) else: attrs = [] _USER_AUTH = select(fields, users.c.username == bindparam('username')) res = safe_execute(self._engine, _USER_AUTH, username=username).fetchone() if res is None: return None if self.check_account_state and res.accountStatus != 1: return None if not validate_password(password, res.password): return None user['username'] = username user['userid'] = res.userid for attr in attrs: user[attr] = getattr(res, attr) return res.userid
def delete_user(self, user_id, password=None): """Deletes a user Args: user_id: user id password: user password, if needed Returns: True if the deletion was successful, False otherwise """ if password is not None: # we want to control if the password is good user = safe_execute(self._engine, _USER_PASSWORD, user_id=user_id).fetchone() if user is None: return False if not validate_password(password, user.password_hash): return False query = delete(users).where(users.c.id == user_id) res = safe_execute(self._engine, query) return res.rowcount == 1
def test_validate_password(self): one = ssha('one') two = ssha256('two') self.assertTrue(validate_password('one', one)) self.assertTrue(validate_password('two', two))