def authenticate(self, environ, identity):
username = None
realm = None
success = None
try:
if isSelfTest():
if identity.has_key('login') == False and identity.has_key('repoze.who.plugins.auth_tkt.userid') == True:
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
if getRealmBox():
username = identity['login']
realm = identity['realm']
else:
log.debug("no realmbox, so we are trying to split the loginname")
m = re.match("(.*)\@(.*)", identity['login'])
if m:
if 2 == len(m.groups()):
username = m.groups()[0]
realm = m.groups()[1]
log.debug("found @: username: %r, realm: %r" % (username, realm))
else:
username = identity['login']
realm = getDefaultRealm()
log.debug("using default Realm: username: %r, realm: %r" % (username, realm))
password = identity['password']
except KeyError as e:
log.error("Keyerror in identity: %r." % e)
log.error("%s" % traceback.format_exc())
return None
# check username/realm, password
if isSelfTest():
success = "%s@%s" % (unicode(username), unicode(realm))
else:
Policy = PolicyClass(request, config, c,
get_privacyIDEA_config())
if Policy.is_auth_selfservice_otp(username, realm):
# check the OTP
success = authenticate_privacyidea_user(username, realm, password)
else:
# We do authentication against the user store
success = check_user_password(username, realm, password)
if not success and is_admin_identity("%s@%s" % (username, realm), exception=False):
# user not found or authenticated in resolver.
# So let's see, if this is an administrative user.
success = check_admin_password(username, password, realm)
if success:
log.info("User %r authenticated" % success)
return success
def authenticate(self, environ, identity):
username = None
realm = None
success = None
try:
if isSelfTest():
if ('login' not in identity and 'repoze.who.plugins.auth_tkt.userid' in identity):
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
username, realm = self._get_user_from_login(identity['login'],
default_realm=False)
if getRealmBox() and realm == "":
# The login name contained no realm
realm = identity['realm']
if realm == "":
# The realm is still empty
realm = getDefaultRealm()
password = identity['password']
except KeyError as e:
log.error("Keyerror in identity: %r." % e)
log.error("%s" % traceback.format_exc())
return None
# check username/realm, password
if isSelfTest():
success = "%s@%s" % (unicode(username), unicode(realm))
else:
Policy = PolicyClass(request, config, c,
get_privacyIDEA_config())
if Policy.is_auth_selfservice_otp(username, realm):
# check the OTP
success = authenticate_privacyidea_user(username,
realm,
password)
else:
# We do authentication against the user store
success = check_user_password(username, realm, password)
if not success and is_admin_identity("%s@%s" % (username, realm),
exception=False):
# user not found or authenticated in resolver.
# So let's see, if this is an administrative user.
success = check_admin_password(username, password, realm)
if success:
log.info("User %r authenticated" % success)
return success
