def password_login():
"""Provides email and password authentication."""
data = request_data()
email = data.get('email')
password = data.get('password')
if not email or not password:
abort(404)
log_event(request)
q = Role.by_email(email)
q = q.filter(Role.password_digest != None) # noqa
role = q.first()
# Try a password authentication and an LDAP authentication if it is enabled
if role and role.check_password(password) is False:
return Unauthorized("Authentication has failed.")
elif not role:
role = Role.authenticate_using_ldap(email, password)
if not role:
return Unauthorized("Authentication has failed.")
session['user'] = role.id
session['next_url'] = extract_next_url(request)
return jsonify({
'logout': url_for('.logout'),
'api_key': role.api_key,
'role': role
})
def test_authenticate_using_ldap_with_bad_user_pass(self):
secret = self.fake.password()
email = self.fake.email()
fake_ldap_conn = flexmock(set_option=lambda x, y: x)
(flexmock(fake_ldap_conn).should_receive('simple_bind_s').with_args(
get_config('LDAP_BASE_DN').format(email),
secret).and_raise(LDAPException('Failed auth.')).times(1))
(flexmock(ldap).should_receive('initialize').and_return(fake_ldap_conn)
)
self.assertIsNone(Role.authenticate_using_ldap(email, secret))
def test_authenticate_using_ldap_with_good_user_pass(self):
secret = self.fake.password()
email = self.fake.email()
fake_ldap_conn = flexmock(set_option=lambda x, y: x)
(flexmock(fake_ldap_conn).should_receive('simple_bind_s').with_args(
get_config('LDAP_BASE_DN').format(email),
secret).and_return(None).times(1))
(flexmock(fake_ldap_conn).should_receive('unbind_s').and_return(
None).times(1))
(flexmock(ldap).should_receive('initialize').and_return(fake_ldap_conn)
)
role = Role.authenticate_using_ldap(email, secret)
self.assertIsInstance(role, Role)
self.assertEqual(role.email, email)
def password_login():
"""Provides email and password authentication."""
data = parse_request(schema=LoginSchema)
q = Role.by_email(data.get('email'))
q = q.filter(Role.password_digest != None) # noqa
role = q.first()
# Try a password authentication and an LDAP authentication if it is enabled
if role is not None:
if not role.check_password(data.get('password')):
return Unauthorized("Authentication has failed.")
if role is None:
role = Role.authenticate_using_ldap(data.get('email'),
data.get('password'))
if role is None:
return Unauthorized("Authentication has failed.")
return jsonify({'status': 'ok', 'token': create_token(role)})
def test_authenticate_using_ldap_with_blank_password(self):
secret = ''
self.assertIsNone(Role.authenticate_using_ldap(self.role.email,
secret))
