def _bonafide_auth(self, user, password): srp_provider = Api(self._leap_provider.api_uri) credentials = Credentials(user, password) self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) yield self.bonafide_session.authenticate() returnValue( Authentication(user, self.bonafide_session.token, self.bonafide_session.uuid, 'session_id', {'is_admin': False}))
def _get_config_for_all_services(self, session): if session is None: provider_cert = self._get_ca_cert_path() session = Session(Anonymous(), self.api_uri, provider_cert) services_dict = self._load_provider_configs() configs_path = self._get_configs_path() with open(configs_path) as jsonf: services_dict = Record(**json.load(jsonf)).services pending = [] base = self._disco.get_base_uri() for service in self._provider_config.services: if service in self.SERVICES_MAP.keys(): for subservice in self.SERVICES_MAP[service]: uri = base + str(services_dict[subservice]) path = self._get_service_config_path(subservice) d = session.fetch_provider_configs(uri, path, method='GET') pending.append(d) return defer.gatherResults(pending)
def _bonafide_auth(self, user, password): srp_provider = Api(self._leap_provider.api_uri) credentials = Credentials(user, password) self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) yield self.bonafide_session.authenticate() returnValue(Authentication(user, self.bonafide_session.token, self.bonafide_session.uuid, 'session_id', {'is_admin': False}))
def test_recovery_code_creation(self, mock_http_request, mock_cookie_agent, mock_is_authenticated): api = Api('https://api.test:4430') credentials = UsernamePassword('username', 'password') mock_is_authenticated.return_value = True session = Session(credentials, api, 'fake path') session._uuid = '123' response = yield session.update_recovery_code('RECOVERY_CODE') mock_http_request.assert_called_with( ANY, 'https://api.test:4430/1/users/123', method='PUT', token=None, values={ 'user[recovery_code_salt]': ANY, 'user[recovery_code_verifier]': ANY })
def _get_session(self, provider, full_id, password=""): if full_id in self._sessions: return self._sessions[full_id] # TODO if password/username null, then pass AnonymousCreds username, provider_id = config.get_username_and_provider(full_id) credentials = UsernamePassword(username, password) api = self._get_api(provider) provider_pem = _get_provider_ca_path(provider_id) session = Session(credentials, api, provider_pem) self._sessions[full_id] = session return session
def _get_or_create_session(self, provider, full_id, password=""): if full_id in self._sessions: return self._sessions[full_id] if full_id == ANONYMOUS: credentials = Anonymous() provider_id = provider.domain else: username, provider_id = config.get_username_and_provider(full_id) credentials = UsernamePassword(username, password) api = self._get_api(provider) provider_pem = config.get_ca_cert_path(_preffix, provider_id) session = Session(credentials, api, provider_pem) self._sessions[full_id] = session return session
class Authenticator(object): def __init__(self, leap_provider): self._leap_provider = leap_provider self.domain = leap_provider.server_name self.bonafide_session = None @inlineCallbacks def authenticate(self, username, password): username = self.clean_username(username) auth = yield self._srp_auth(username, password) returnValue(auth) @inlineCallbacks def _srp_auth(self, username, password): try: auth = yield self._bonafide_auth(username, password) except SRPAuthError: raise UnauthorizedLogin( "User typed wrong password/username combination.") returnValue(auth) @inlineCallbacks def _bonafide_auth(self, user, password): srp_provider = Api(self._leap_provider.api_uri) credentials = Credentials(user, password) self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) yield self.bonafide_session.authenticate() returnValue( Authentication(user, self.bonafide_session.token, self.bonafide_session.uuid, 'session_id', {'is_admin': False})) def clean_username(self, username): if '@' not in username: return username extracted_username = self.extract_username(username) if self.username_with_domain(extracted_username) == username: return extracted_username raise UnauthorizedLogin('User typed a wrong domain.') def extract_username(self, username): return re.search('^([^@]+)@?.*$', username).group(1) def username_with_domain(self, username): return '%s@%s' % (username, self.domain)
class Authenticator(object): def __init__(self, leap_provider): self._leap_provider = leap_provider self.domain = leap_provider.server_name self.bonafide_session = None @inlineCallbacks def authenticate(self, username, password): username = self.clean_username(username) auth = yield self._srp_auth(username, password) returnValue(auth) @inlineCallbacks def _srp_auth(self, username, password): try: auth = yield self._bonafide_auth(username, password) except SRPAuthError: raise UnauthorizedLogin("User typed wrong password/username combination.") returnValue(auth) @inlineCallbacks def _bonafide_auth(self, user, password): srp_provider = Api(self._leap_provider.api_uri) credentials = Credentials(user, password) self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) yield self.bonafide_session.authenticate() returnValue(Authentication(user, self.bonafide_session.token, self.bonafide_session.uuid, 'session_id', {'is_admin': False})) def clean_username(self, username): if '@' not in username: return username extracted_username = self.extract_username(username) if self.username_with_domain(extracted_username) == username: return extracted_username raise UnauthorizedLogin('User typed a wrong domain.') def extract_username(self, username): return re.search('^([^@]+)@?.*$', username).group(1) def username_with_domain(self, username): return '%s@%s' % (username, self.domain)
def _bonafide_session(username, password, provider): srp_provider = Api(provider.api_uri) credentials = Credentials(username, password) return Session(credentials, srp_provider, provider.local_ca_crt)
def _get_leap_session(credentials): session = Session(credentials) d = session.authenticate() d.addCallback(lambda _: session) return d