def authenticate(self, request): user = self._internal_auth(request) is_bootstrap_admin = user and user.is_bootstrap_admin if self.external_auth_configured \ and not is_bootstrap_admin \ and not self.token_based_auth: self.logger.debug('using external auth') user = user_handler.get_user_from_auth(request.authorization) response = self.external_auth.authenticate(request, user) if isinstance(response, Response): return response user = response if not user: raise NoAuthProvided() self.logger.debug('Authenticated user: {0}'.format(user)) if request.authorization: # Reset the counter only when using basic authentication # (User + Password), otherwise the counter will be reset on # every UI refresh (every 4 sec) and accounts won't be locked. user.failed_logins_counter = 0 now = datetime.now() if not user.last_login_at: user.first_login_at = now user.last_login_at = now user_datastore.commit() return user
def _internal_auth(self, request): user = None auth = request.authorization token = user_handler.get_token_from_request(request) api_token = user_handler.get_api_token_from_request(request) execution_token = get_execution_token_from_request(request) self.token_based_auth = token or api_token or execution_token if auth: # Basic authentication (User + Password) user = user_handler.get_user_from_auth(auth) self._check_if_user_is_locked(user, auth) user = self._authenticate_password(user, auth) elif execution_token: # Execution Token authentication user = self._authenticate_execution_token() elif token: # Token authentication user = self._authenticate_token(token) elif api_token: # API token authentication user, user_token_key = user_handler.extract_api_token(api_token) if not user or user.api_token_key != user_token_key: raise UnauthorizedError('API token authentication failed') return user
def _internal_auth(self, request): user = None auth = request.authorization token = user_handler.get_token_from_request(request) api_token = user_handler.get_api_token_from_request(request) execution_token = get_execution_token_from_request(request) self.token_based_auth = token or api_token or execution_token if auth: # Basic authentication (User + Password) user = user_handler.get_user_from_auth(auth) self._check_if_user_is_locked(user, auth) user = self._authenticate_password(user, auth) elif execution_token: # Execution Token authentication user = self._authenticate_execution_token() elif token: # Token authentication user = self._authenticate_token(token) elif api_token: # API token authentication user, user_token_key = user_handler.extract_api_token(api_token) if not user or user.api_token_key != user_token_key: raise_unauthorized_user_error( 'API token authentication failed') return user
def authenticate(self, request): user = self._internal_auth(request) is_bootstrap_admin = user and user.is_bootstrap_admin if self.external_auth_configured \ and not is_bootstrap_admin \ and not self.token_based_auth: self.logger.debug('using external auth') user = user_handler.get_user_from_auth(request.authorization) response = self.external_auth.authenticate(request, user) if isinstance(response, Response): return response user = response if not user: raise_unauthorized_user_error('No authentication info provided') self.logger.debug('Authenticated user: {0}'.format(user)) if request.authorization: # Reset the counter only when using basic authentication # (User + Password), otherwise the counter will be reset on # every UI refresh (every 4 sec) and accounts won't be locked. user.failed_logins_counter = 0 user.last_login_at = datetime.now() user_datastore.commit() return user