Python user_lockedの例、cmk.gui.userdb.user_locked Pythonの例

コード例 #1

0

ファイルを表示

def test_on_failed_login_count_reset_on_succeeded_login(user_id):
    assert config.lock_on_logon_failures is False
    assert userdb._load_failed_logins(user_id) == 0
    assert userdb.user_locked(user_id) is False

    userdb.on_failed_login(user_id)
    assert userdb._load_failed_logins(user_id) == 1
    assert userdb.user_locked(user_id) is False

    userdb.on_succeeded_login(user_id)
    assert userdb._load_failed_logins(user_id) == 0
    assert userdb.user_locked(user_id) is False

コード例 #2

0

ファイルを表示

def test_on_failed_login_count_reset_on_succeeded_login(
        user_id: UserId) -> None:
    now = datetime.now()
    assert active_config.lock_on_logon_failures is None
    assert userdb._load_failed_logins(user_id) == 0
    assert not userdb.user_locked(user_id)

    userdb.on_failed_login(user_id, now)
    assert userdb._load_failed_logins(user_id) == 1
    assert not userdb.user_locked(user_id)

    userdb.on_succeeded_login(user_id, now)
    assert userdb._load_failed_logins(user_id) == 0
    assert not userdb.user_locked(user_id)

コード例 #3

0

ファイルを表示

def test_on_failed_login_with_locking(user_id: UserId) -> None:
    assert config.lock_on_logon_failures == 3
    assert userdb._load_failed_logins(user_id) == 0
    assert userdb.user_locked(user_id) is False

    userdb.on_failed_login(user_id)
    assert userdb._load_failed_logins(user_id) == 1
    assert userdb.user_locked(user_id) is False

    userdb.on_failed_login(user_id)
    assert userdb._load_failed_logins(user_id) == 2
    assert userdb.user_locked(user_id) is False

    userdb.on_failed_login(user_id)
    assert userdb._load_failed_logins(user_id) == 3
    assert userdb.user_locked(user_id) is True

コード例 #4

0

ファイルを表示

def test_on_failed_login_no_locking(user_id):
    assert config.lock_on_logon_failures is False
    assert userdb._load_failed_logins(user_id) == 0
    assert userdb.user_locked(user_id) is False

    userdb.on_failed_login(user_id)
    assert userdb._load_failed_logins(user_id) == 1
    assert userdb.user_locked(user_id) is False

    userdb.on_failed_login(user_id)
    assert userdb._load_failed_logins(user_id) == 2
    assert userdb.user_locked(user_id) is False

    userdb.on_failed_login(user_id)
    assert userdb._load_failed_logins(user_id) == 3
    assert userdb.user_locked(user_id) is False

コード例 #5

0

ファイルを表示

def _verify_user(environ: WSGIEnvironment, now: datetime) -> RFC7662:
    verified: List[RFC7662] = []

    auth_header = environ.get("HTTP_AUTHORIZATION", "")
    basic_user = None
    if auth_header:
        auth_type, _ = auth_header.split(None, 1)
        if auth_type == "Bearer":
            user_id, secret = user_from_bearer_header(auth_header)
            automation_user = automation_auth(user_id, secret)
            if automation_user:
                verified.append(automation_user)
            else:
                # GUI user and Automation users are mutually exclusive. Checking only once is less
                # work for the system.
                gui_user = gui_user_auth(user_id, secret, now)
                if gui_user:
                    verified.append(gui_user)
        elif auth_type == "Basic":
            # We store this for sanity checking below, once we get a REMOTE_USER key.
            # If we don't get a REMOTE_USER key, this value will be ignored.
            basic_user = user_from_basic_header(auth_header)
        else:
            raise MKAuthException(f"Unsupported Auth Type: {auth_type}")

    remote_user = environ.get("REMOTE_USER", "")
    if remote_user and userdb.user_exists(UserId(remote_user)):
        if basic_user and basic_user[0] != remote_user:
            raise MKAuthException("Mismatch in authentication headers.")
        verified.append(rfc7662_subject(UserId(remote_user), "web_server"))

    cookie = Request(environ).cookies.get(f"auth_{omd_site()}")
    if cookie:
        user_id, session_id, cookie_hash = user_from_cookie(cookie)
        check_parsed_auth_cookie(user_id, session_id, cookie_hash)
        verified.append(rfc7662_subject(user_id, "cookie"))

    if not verified:
        raise MKAuthException(
            "You need to be authenticated to use the REST API.")

    # We pick the first successful authentication method, which means the precedence is the same
    # as the order in the code.
    final_candidate = verified[0]
    user_id = final_candidate["sub"]
    if not userdb.is_customer_user_allowed_to_login(user_id):
        raise MKAuthException(f"{user_id} may not log in here.")

    if userdb.user_locked(user_id):
        raise MKAuthException(f"{user_id} not authorized.")

    if change_reason := userdb.need_to_change_pw(user_id, now):
        raise MKAuthException(
            f"{user_id} needs to change the password ({change_reason}).")

コード例 #6

0

ファイルを表示

def test_on_failed_login_with_locking(monkeypatch: MonkeyPatch,
                                      user_id: UserId) -> None:
    now = datetime.now()
    monkeypatch.setattr(active_config, "lock_on_logon_failures", 3)

    assert active_config.lock_on_logon_failures == 3
    assert userdb._load_failed_logins(user_id) == 0
    assert not userdb.user_locked(user_id)

    userdb.on_failed_login(user_id, now)
    assert userdb._load_failed_logins(user_id) == 1
    assert not userdb.user_locked(user_id)

    userdb.on_failed_login(user_id, now)
    assert userdb._load_failed_logins(user_id) == 2
    assert not userdb.user_locked(user_id)

    userdb.on_failed_login(user_id, now)
    assert userdb._load_failed_logins(user_id) == 3
    assert userdb.user_locked(user_id)

コード例 #7

0

ファイルを表示

ファイル: rest_api.py プロジェクト: inettgmbh/checkmk

def _verify_user(environ) -> RFC7662:
    verified: List[RFC7662] = []

    auth_header = environ.get('HTTP_AUTHORIZATION', '')
    basic_user = None
    if auth_header:
        auth_type, _ = auth_header.split(None, 1)
        if auth_type == 'Bearer':
            user_id, secret = user_from_bearer_header(auth_header)
            automation_user = automation_auth(user_id, secret)
            if automation_user:
                verified.append(automation_user)

            gui_user = gui_user_auth(user_id, secret)
            if gui_user:
                verified.append(gui_user)
        elif auth_type == 'Basic':
            # We store this for sanity checking below, once we get a REMOTE_USER key.
            # If we don't get a REMOTE_USER key, this value will be ignored.
            basic_user = user_from_basic_header(auth_header)
        else:
            raise MKAuthException(f"Unsupported Auth Type: {auth_type}")

    remote_user = environ.get('REMOTE_USER', '')
    if remote_user and userdb.user_exists(UserId(remote_user)):
        if basic_user and basic_user[0] != remote_user:
            raise MKAuthException("Mismatch in authentication headers.")
        verified.append(rfc7662_subject(UserId(remote_user), 'webserver'))

    cookie = Request(environ).cookies.get(f"auth_{omd_site()}")
    if cookie:
        user_id, session_id, cookie_hash = user_from_cookie(cookie)
        check_parsed_auth_cookie(user_id, session_id, cookie_hash)
        verified.append(rfc7662_subject(user_id, 'cookie'))

    if not verified:
        raise MKAuthException("You need to be authenticated to use the REST API.")

    # We pick the first successful authentication method, which means the precedence is the same
    # as the oder in the code.
    final_candidate = verified[0]
    if not userdb.is_customer_user_allowed_to_login(final_candidate['sub']):
        raise MKAuthException(f"{final_candidate['sub']} may not log in here.")

    if userdb.user_locked(final_candidate['sub']):
        raise MKAuthException(f"{final_candidate['sub']} not authorized.")

    return final_candidate

コード例 #8

0

ファイルを表示

def _verify_user(environ) -> RFC7662:
    verified: List[RFC7662] = []

    auth_header = environ.get('HTTP_AUTHORIZATION', '')
    if auth_header:
        user_id, secret = user_from_bearer_header(auth_header)
        automation_user = automation_auth(user_id, secret)
        gui_user = gui_user_auth(user_id, secret)

        if not (automation_user or gui_user):
            raise MKAuthException(f"{user_id} not authorized.")

        if automation_user:
            verified.append(automation_user)

        if gui_user:
            verified.append(gui_user)

    remote_user = environ.get('REMOTE_USER', '')
    if remote_user and userdb.user_exists(UserId(remote_user)):
        verified.append(rfc7662_subject(UserId(remote_user), 'webserver'))

    cookie = Request(environ).cookies.get(f"auth_{omd_site()}")
    if cookie:
        user_id, session_id, cookie_hash = user_from_cookie(cookie)
        check_parsed_auth_cookie(user_id, session_id, cookie_hash)
        verified.append(rfc7662_subject(user_id, 'cookie'))

    if not verified:
        raise MKAuthException(
            "You need to be authenticated to use the REST API.")

    # We pick the first successful authentication method, which means the precedence is the same
    # as the oder in the code.
    final_candidate = verified[0]
    if not userdb.is_customer_user_allowed_to_login(final_candidate['sub']):
        raise MKAuthException(f"{final_candidate['sub']} may not log in here.")

    if userdb.user_locked(final_candidate['sub']):
        raise MKAuthException(f"{final_candidate['sub']} not authorized.")

    return final_candidate