def parse_args():
usage = (
"""
%s [--test]
"""
% sys.argv[0]
)
if len(sys.argv) == 2:
if sys.argv[1] == "--test":
config = acquire_configuration()
if not "server" in config:
print "No server defined."
raise SystemExit
if not "apikey" in config:
print "No API key defined."
raise SystemExit
uAuth = Client(config["apikey"], config["server"], verify=False)
try:
(resp, status) = uAuth.get("keys")
except Exception, e:
print "Error: %s" % e.message
raise SystemExit
if status == 200:
print "The authentication server is available."
elif sys.argv[1] in ["-h", "--help"]:
print usage
raise SystemExit
def acquire_configuration():
# CONFIG file should return a dictionary named config
# it permits you to determine values programatically
config_program = Script(CONFIG_FILE)
config_program.execute()
config = config_program['config']
if 'use_remote_settings' in config and config['use_remote_settings']:
client = Client(config['apikey'], config['server'])
(remote_config, status_code) = client.get("config")
if status_code == 200:
for key, value in remote_config.items():
if key in ['apikey', 'server']:
continue
config[key] = value
return config
def authenticate(username, password):
uAuth = Client(config["apikey"], config["server"], verify=False)
# Check user groups with server.
try:
(resp, status) = uAuth.get("users/%s" % username)
except:
if "defer_to_original" in config and config["defer_to_original"]:
run_default_login_program()
print "Authentication server currently unavailable."
return
if status != 200:
log("%s user %s" % (str(status), username))
return
# Allow/deny based on allow_groups and deny_groups lists.
# Obtain users groups/roles.
user_groups = []
if "groups" in resp:
user_groups = resp["groups"]
priority = None
if "priority" in config:
priority = config["priority"]
allowed = False
if "allow_groups" in config:
for group in config["allow_groups"]:
if group in user_groups:
log("%s found in allow group." % username)
allowed = True
else:
log("No allow groups configured.")
return
denied = False
if "deny_groups" in config:
for group in config["deny_groups"]:
if group in user_groups:
log("%s found in deny group." % username)
denied = True
else:
log("No deny groups configured.")
if priority and allowed and denied:
log('Priority "%s"' % priority)
if priority == "deny":
return
elif denied == True or allowed == False:
log("Denied: " + str(denied))
log("Allowed: " + str(allowed))
return
# Perform the actual authentication.
# It's in this section that you would want to upload data from
# hardware peripherals to make use of key-based authentication.
try:
(resp, status) = uAuth.post("users/%s/login" % username, {"password": password})
except:
# Defer to the original login program is configured to do so
if "defer_to_original" in config and config["defer_to_original"]:
run_default_login_program()
print "Authentication server currently unavailable."
return
if resp == True and status == 200:
return 1
return