def authenticate(self, user_name: str, password: str, **kwargs) -> UserModel: __dbm = DatabaseManagerMongo( **SystemConfigReader().get_all_values_from_section('Database') ) __user_manager = UserManager(__dbm) try: ldap_connection_status = self.connect() LOGGER.debug(f'[LdapAuthenticationProvider] Connection status: {ldap_connection_status}') except Exception as e: LOGGER.error(f'[LdapAuthenticationProvider] Failed to connect to LDAP server - error: {e}') raise AuthenticationError(LdapAuthenticationProvider.get_name(), e) ldap_search_filter = self.config.search['searchfilter'].replace("%username%", user_name) LOGGER.debug(f'[LdapAuthenticationProvider] Search Filter: {ldap_search_filter}') search_result = self.__ldap_connection.search(self.config.search['basedn'], ldap_search_filter) LOGGER.debug(f'[LdapAuthenticationProvider] Search result: {search_result}') if not search_result or len(self.__ldap_connection.entries) == 0: raise AuthenticationError(LdapAuthenticationProvider.get_name(), 'No matching entry') for entry in self.__ldap_connection.entries: LOGGER.debug(f'[LdapAuthenticationProvider] Entry: {entry}') entry_dn = entry.entry_dn try: entry_connection_result = LdapAuthenticationProvider.Connection(self.__ldap_server, entry_dn, password, auto_bind=True) LOGGER.debug(f'[LdapAuthenticationProvider] UserModel connection result: {entry_connection_result}') except Exception as e: LOGGER.error(f'[LdapAuthenticationProvider] UserModel auth result: {e}') raise AuthenticationError(LdapAuthenticationProvider.get_name(), e) # Check if user exists try: user_instance: UserModel = __user_manager.get_by({'user_name': user_name}) except ManagerGetError as umge: LOGGER.warning(f'[LdapAuthenticationProvider] UserModel exists on LDAP but not in database: {umge}') LOGGER.debug(f'[LdapAuthenticationProvider] Try creating user: {user_name}') try: new_user_data = dict() new_user_data['user_name'] = user_name new_user_data['active'] = True new_user_data['group_id'] = self.config.default_group new_user_data['registration_time'] = datetime.now() new_user_data['authenticator'] = LdapAuthenticationProvider.get_name() except Exception as e: LOGGER.debug(f'[LdapAuthenticationProvider] {e}') raise AuthenticationError(LdapAuthenticationProvider.get_name(), e) LOGGER.debug(f'[LdapAuthenticationProvider] New user was init') try: user_id = __user_manager.insert(new_user_data) except ManagerInsertError as umie: LOGGER.debug(f'[LdapAuthenticationProvider] {umie}') raise AuthenticationError(LdapAuthenticationProvider.get_name(), umie) try: user_instance: UserModel = __user_manager.get(public_id=user_id) except ManagerGetError as umge: LOGGER.debug(f'[LdapAuthenticationProvider] {umge}') raise AuthenticationError(LdapAuthenticationProvider.get_name(), umge) return user_instance
def authenticate(self, user_name: str, password: str, **kwargs) -> UserModel: __dbm = DatabaseManagerMongo( **SystemConfigReader().get_all_values_from_section('Database') ) __scm = SecurityManager(__dbm) __user_manager = UserManager(__dbm) LOGGER.info(f'[LocalAuthenticationProvider] Try login for user {user_name}') try: user: UserModel = __user_manager.get_by({'user_name': user_name}) except ManagerGetError as umge: raise AuthenticationError(LocalAuthenticationProvider.get_name(), umge.message) login_pass = __scm.generate_hmac(password) if login_pass == user.password: return user raise AuthenticationError(LocalAuthenticationProvider.get_name(), 'UserModel not exists')
def login(self, user_manager: UserManager, user_name: str, password: str) -> Union[UserModel, None]: """ Performs a login try with given username and password If the user is not found, iterate over all installed and activated providers Args: user_manager: Usermanager instance user_name: Name of the user password: Password Returns: UserModel: instance if user was found and password was correct None: if something went wrong """ user_name = user_name.lower() user_instance = None try: founded_user = user_manager.get_by({'user_name': user_name}) provider_class_name = founded_user.authenticator LOGGER.debug( f'[AUTH] Founded user: {founded_user} with provider: {provider_class_name}' ) if not self.provider_exists(provider_class_name): raise AuthenticationProviderNotExistsError(provider_class_name) provider: ClassVar[ AuthenticationProvider] = self.get_provider_class( provider_class_name) provider_config_class: ClassVar[ str] = provider.PROVIDER_CONFIG_CLASS provider_config_settings = self.settings.get_provider_settings( provider.get_name()) provider_config_instance = provider_config_class( **provider_config_settings) provider_instance = provider(config=provider_config_instance) if not provider_instance.is_active(): raise AuthenticationProviderNotActivated( f'Provider {provider_class_name} is deactivated') if provider_instance.EXTERNAL_PROVIDER and not self.settings.enable_external: raise AuthenticationProviderNotActivated( f'External providers are deactivated') try: user_instance = provider_instance.authenticate( user_name, password) except AuthenticationError as ae: LOGGER.error(f'[LOGIN] UserModel could not login: {ae}') except ManagerGetError as umge: LOGGER.error(f'[AUTH] {user_name} not in database: {umge}') LOGGER.info( f'[AUTH] Check for other providers - request_user: {user_name}' ) # get installed providers provider_list = self.providers LOGGER.debug(f'[AUTH] Provider list: {provider_list}') external_enabled = self.settings.enable_external for provider in provider_list: LOGGER.debug(f'[AUTH] using provider: {provider}') provider_config_class = provider.PROVIDER_CONFIG_CLASS provider_settings = self.settings.get_provider_settings( provider.get_name()) provider_config_instance = provider_config_class( **provider_settings) if not provider_config_instance.is_active(): continue if provider.EXTERNAL_PROVIDER and not self.settings.enable_external: continue provider_instance = provider(config=provider_config_instance) try: user_instance = provider_instance.authenticate( user_name, password) if user_instance: break except AuthenticationError as ae: LOGGER.error( f'[AUTH] UserModel {user_name} could not validate with provider {provider}: {ae}' ) LOGGER.info(f'[AUTH] Provider instance: {provider_instance}') except Exception as e: import traceback traceback.print_exc() LOGGER.error(f'[AUTH] Error while login: {e}') return None finally: return user_instance