def wrapResource(resource, checkers, credFactories=[], realmName=""):
defaultCredFactory = guard.BasicCredentialFactory(realmName)
credFactories.insert(0, defaultCredFactory)
realm = HTTPAuthRealm(resource)
portal = Portal(realm, checkers)
return guard.HTTPAuthSessionWrapper(portal, credFactories)
def __init__(self):
super().__init__()
self._success = SuccessfulResource()
self._timeout = TimeoutResource()
checkers = [InMemoryUsernamePasswordDatabaseDontUse(user = b"user")]
portal = Portal(SimpleRealm(), checkers)
self._auth_resource = guard.HTTPAuthSessionWrapper(portal, [guard.BasicCredentialFactory("auth")])
def makeWrapper(guarded, username, pwd):
checkerList = [
checkers.InMemoryUsernamePasswordDatabaseDontUse(**{username: pwd})
]
realm = SimpleRealm(guarded)
myPortal = portal.Portal(realm, checkerList)
webGuard = guard.BasicCredentialFactory("nanoauto")
wrapper = guard.HTTPAuthSessionWrapper(myPortal, [webGuard])
return wrapper
def create_auth_session(root):
pw_path = os.path.join(conf.settings['data_dir'], ".api_keys")
initialize_api_key_file(pw_path)
checker = PasswordChecker.load_file(pw_path)
realm = HttpPasswordRealm(root)
portal_to_realm = portal.Portal(realm, [checker, ])
factory = guard.BasicCredentialFactory('Login to lbrynet api')
_lbrynet_server = guard.HTTPAuthSessionWrapper(portal_to_realm, [factory, ])
return _lbrynet_server
def _wrapTwistedWebResource(resource,
checkers,
credFactories=[],
realmName=""):
if not web:
raise ImportError("twisted.web does not seem to be installed.")
from twisted.web import guard
defaultCredFactory = guard.BasicCredentialFactory(realmName)
credFactories.insert(0, defaultCredFactory)
realm = HTTPAuthRealm(resource)
portal = Portal(realm, checkers)
return guard.HTTPAuthSessionWrapper(portal, credFactories)
def getServerFactory(self):
if conf.settings['use_auth_http']:
log.info("Using authenticated API")
pw_path = os.path.join(conf.settings['data_dir'], ".api_keys")
initialize_api_key_file(pw_path)
checker = PasswordChecker.load_file(pw_path)
realm = HttpPasswordRealm(self)
portal_to_realm = portal.Portal(realm, [checker, ])
factory = guard.BasicCredentialFactory('Login to lbrynet api')
root = guard.HTTPAuthSessionWrapper(portal_to_realm, [factory, ])
else:
log.info("Using non-authenticated API")
root = self
return server.Site(root)
def setupProtectedResource(self, resource_obj, checkers):
@implementer(IRealm)
class SimpleRealm(object):
"""
A realm which gives out L{ChangeHookResource} instances for authenticated
users.
"""
def requestAvatar(self, avatarId, mind, *interfaces):
if resource.IResource in interfaces:
return (resource.IResource, resource_obj, lambda: None)
raise NotImplementedError()
portal = Portal(SimpleRealm(), checkers)
credentialFactory = guard.BasicCredentialFactory('Protected area')
wrapper = guard.HTTPAuthSessionWrapper(portal, [credentialFactory])
return wrapper
def getServerFactory(self, keyring: Keyring, use_authentication: bool,
use_https: bool) -> server.Site:
factory_class = HTTPSJSONRPCFactory if use_https else HTTPJSONRPCFactory
if use_authentication:
log.info("Using authenticated API")
checker = PasswordChecker(keyring)
realm = HttpPasswordRealm(self)
portal_to_realm = portal.Portal(realm, [
checker,
])
root = guard.HTTPAuthSessionWrapper(portal_to_realm, [
guard.BasicCredentialFactory('Login to lbrynet api'),
])
else:
log.info("Using non-authenticated API")
root = self
return factory_class(root, keyring)
def createSite(configuration):
resource = static.File("./WWW")
resource.putChild("API", API())
if configuration["LOCAL_SERVER"]["AUTHENTICATION"]["USERNAME"] != "":
realm = HTTPRealm(resource)
checkers = [HTTPUsernamePasswordCredentialsChecker(configuration)]
credentialFactories = [guard.BasicCredentialFactory("JAP")]
resource = guard.HTTPAuthSessionWrapper(portal.Portal(realm, checkers),
credentialFactories)
site = server.Site(resource)
return site
def setupProtectedResource(self, resource_obj):
class SimpleRealm(object):
"""
A realm which gives out L{ChangeHookResource} instances for authenticated
users.
"""
implements(IRealm)
def requestAvatar(self, avatarId, mind, *interfaces):
if resource.IResource in interfaces:
return (resource.IResource, resource_obj, lambda: None)
raise NotImplementedError()
login, password = self.change_hook_auth
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser(login, password)
portal = Portal(SimpleRealm(), [checker])
credentialFactory = guard.BasicCredentialFactory('Protected area')
wrapper = guard.HTTPAuthSessionWrapper(portal, [credentialFactory])
return wrapper
def load_authn_conf():
_used_checkers = []
_authn_methods = []
if conf.has_option('general', 'usersdb.plaintext'):
print "Using plaintext users DB from '%s'" % conf.get(
'general', 'usersdb.plaintext')
_used_checkers.append(
FilePasswordDB(conf.get('general', 'usersdb.plaintext'),
cache=True))
_authn_methods.append(
guard.DigestCredentialFactory(
'md5', conf.get('general', 'server.endpoint')))
elif conf.has_option('general', 'usersdb.md5'):
print "Using md5-hashed users DB from '%s'" % conf.get(
'general', 'usersdb.md5')
_used_checkers.append(
FilePasswordDB(conf.get('general', 'usersdb.md5'),
hash=_hash,
cache=True))
_authn_methods.append(
guard.BasicCredentialFactory(conf.get('general',
'server.endpoint')))
_used_checkers.append(AllowAnonymousAccess())
vcdm.env['authn_methods'] = (_authn_methods, _used_checkers)
def createRestApi():
"""Create the REST API URL hierarchy"""
siteRoot = RootNode()
jobWrapper = guard.HTTPAuthSessionWrapper(Portal(JobRealm(), [JobDBChecker(db)]), [guard.BasicCredentialFactory("thundercloud job management")])
siteRoot.putChild("job", jobWrapper)
# slave tree needs specific authentication
slaveWrapper = guard.HTTPAuthSessionWrapper(Portal(SlaveRealm(), [SlaveDBChecker(db)]), [guard.BasicCredentialFactory("thundercloud slave management")])
siteRoot.putChild("slave", slaveWrapper)
return server.Site(siteRoot)
def guardResourceWithBasicAuth(resource, realm, db):
checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(**db)
logPortal = portal.Portal(BasicAuthRealm(resource), [checker])
credentialFactory = guard.BasicCredentialFactory(
"%s:%s" % (config.log.http.vhost, config.log.http.port))
return guard.HTTPAuthSessionWrapper(logPortal, [credentialFactory])
def postCallback(self, jobId, request):
jobNodeWrapper = guard.HTTPAuthSessionWrapper(
Portal(JobNodeRealm(), [JobNodeDBChecker(db, jobId)]),
[guard.BasicCredentialFactory("thundercloud job #%d" % jobId)])
self.putChild("%d" % jobId, jobNodeWrapper)
self.writeJson(request, jobId)
def initialize_server(self, name, server_type, port, print_frames=False):
if name not in self.servers:
if server_type == 'sle_protocol':
self.servers[name] = CommonProviderProtocolFactory(
self, print_frames)
elif server_type == 'sle_stateless_protocol':
self.servers[name] = CommonStatelessProviderProtocolFactory(
self, print_frames)
elif server_type == 'json_data_protocol':
self.servers[name] = DataProviderProtocolFactory(
self, print_frames)
elif server_type in ['https_rest_protocol', 'http_rest_protocol']:
checkers = [
FilePasswordDB('http.password',
delim=b'=',
hash=check_hashed_password)
]
realm = Realm()
realm.initialize(self, configurable_sle_parameters, commands)
portal = Portal(realm, checkers)
resource = guard.HTTPAuthSessionWrapper(
portal, [guard.BasicCredentialFactory('auth')])
self.servers[name] = Site(resource)
elif server_type in [
'https_no_auth_rest_protocol', 'http_no_auth_rest_protocol'
]:
root = RestfulManager()
root.container = self
root.sle_config = configurable_sle_parameters
root.commands = commands
self.servers[name] = Site(root.app.resource())
else:
logger.error(
"Server type {} does not exist!".format(server_type))
return False
if port not in self.ports.values():
if server_type in [
'https_rest_protocol', 'https_no_auth_rest_protocol'
]:
with open('server.pem') as f:
cert_data = f.read()
self.certificate = ssl.PrivateCertificate.loadPEM(
cert_data)
self.connectors.update({
name:
reactor.listenSSL(port, self.servers[name],
self.certificate.options())
})
else:
self.connectors.update(
{name: reactor.listenTCP(port, self.servers[name])})
self.ports.update({name: port})
logger.info("{} with {} is now running on port: {}".format(
name, server_type, port))
return True
else:
logger.error("Port {} already used!".format(port))
return False
else:
logger.error("Server with name {} already exists!".format(name))
return False
def requestAvatar(self, avatarId, mind, *interfaces):
if resource.IResource in interfaces:
return resource.IResource, http_root, lambda: None
raise NotImplementedError()
def cmp_pass(uname, password, storedpass):
sizeof_hash = len(storedpass)
if sizeof_hash == 13:
return crypt.crypt(password, storedpass[:2])
else:
return util.get_apache_md5(password, storedpass)
checkers = [FilePasswordDB(options.htpasswd_file, hash=cmp_pass)]
wrapper = guard.HTTPAuthSessionWrapper(Portal(
SimpleRealm(), checkers), [guard.BasicCredentialFactory('qasino.com')])
ssl_site = server.Site(wrapper)
try:
if not os.path.isfile(options.htpasswd_file):
raise Exception("htpasswd file '%s' does not exist" %
options.htpasswd_file)
reactor.listenSSL(
constants.HTTPS_PORT, ssl_site,
ssl.DefaultOpenSSLContextFactory(options.keys_dir + 'server.key',
options.keys_dir + 'server.crt'))
except Exception as e:
logging.info(
