def _admin_valid_login(req, realm, username, password, log=True): users = get_uvm_settings_item('admin', 'users') if users == None: return False if users['list'] == None: return False for user in users['list']: if user['username'] != username: continue pw_hash_shadow = user.get('passwordHashShadow') if pw_hash_shadow: if pw_hash_shadow == crypt.crypt(password, pw_hash_shadow): if log: uvm_login.log_login(req, username, True, None) return True else: if log: uvm_login.log_login(req, username, False, 'P') return False else: pw_hash_base64 = user['passwordHashBase64'] pw_hash = base64.b64decode(pw_hash_base64) raw_pw = pw_hash[0:len(pw_hash) - 8] salt = pw_hash[len(pw_hash) - 8:] if raw_pw == md5.new(password + salt).digest(): if log: uvm_login.log_login(req, username, True, None) return True else: if log: uvm_login.log_login(req, username, False, 'P') return False if log: uvm_login.log_login(req, username, False, 'U') return False
def _reports_valid_login(req, realm, username, password, log=True): users = get_app_settings_item('reports','reportsUsers') if users == None: return False; if users['list'] == None: return False; for user in users['list']: if user['emailAddress'] != username: continue; pw_hash_base64 = user['passwordHashBase64'] pw_hash = base64.b64decode(pw_hash_base64) raw_pw = pw_hash[0:len(pw_hash) - 8] salt = pw_hash[len(pw_hash) - 8:] if raw_pw == md5.new(password + salt).digest(): if log: uvm_login.log_login(req, username, False, True, None) return True else: if log: uvm_login.log_login(req, username, False, False, 'P') return False if log: uvm_login.log_login(req, username, False, False, 'U') return False
def _admin_valid_login(req, realm, username, password, log=True): users = get_uvm_settings_item('admin','users') if users == None: return False; if users['list'] == None: return False; for user in users['list']: if user['username'] != username: continue; pw_hash_base64 = user['passwordHashBase64'] pw_hash = base64.b64decode(pw_hash_base64) raw_pw = pw_hash[0:len(pw_hash) - 8] salt = pw_hash[len(pw_hash) - 8:] if raw_pw == md5.new(password + salt).digest(): if log: uvm_login.log_login(req, username, False, True, None) return True else: if log: uvm_login.log_login(req, username, False, False, 'P') return False if log: uvm_login.log_login(req, username, False, False, 'U') return False