def authenticate(self, environ, identity): username = None realm = None success = None try: if isSelfTest(): if identity.has_key('login') == False and identity.has_key('repoze.who.plugins.auth_tkt.userid') == True: u = identity.get('repoze.who.plugins.auth_tkt.userid') identity['login'] = u identity['password'] = u if getRealmBox(): username = identity['login'] realm = identity['realm'] else: log.debug("no realmbox, so we are trying to split the loginname") m = re.match("(.*)\@(.*)", identity['login']) if m: if 2 == len(m.groups()): username = m.groups()[0] realm = m.groups()[1] log.debug("found @: username: %r, realm: %r" % (username, realm)) else: username = identity['login'] realm = getDefaultRealm() log.debug("using default Realm: username: %r, realm: %r" % (username, realm)) password = identity['password'] except KeyError as e: log.error("Keyerror in identity: %r." % e) log.error("%s" % traceback.format_exc()) return None # check username/realm, password if isSelfTest(): success = "%s@%s" % (unicode(username), unicode(realm)) else: Policy = PolicyClass(request, config, c, get_privacyIDEA_config()) if Policy.is_auth_selfservice_otp(username, realm): # check the OTP success = authenticate_privacyidea_user(username, realm, password) else: # We do authentication against the user store success = check_user_password(username, realm, password) if not success and is_admin_identity("%s@%s" % (username, realm), exception=False): # user not found or authenticated in resolver. # So let's see, if this is an administrative user. success = check_admin_password(username, password, realm) if success: log.info("User %r authenticated" % success) return success
def authenticate(self, environ, identity): username = None realm = None success = None try: if isSelfTest(): if ('login' not in identity and 'repoze.who.plugins.auth_tkt.userid' in identity): u = identity.get('repoze.who.plugins.auth_tkt.userid') identity['login'] = u identity['password'] = u username, realm = self._get_user_from_login(identity['login'], default_realm=False) if getRealmBox() and realm == "": # The login name contained no realm realm = identity['realm'] if realm == "": # The realm is still empty realm = getDefaultRealm() password = identity['password'] except KeyError as e: log.error("Keyerror in identity: %r." % e) log.error("%s" % traceback.format_exc()) return None # check username/realm, password if isSelfTest(): success = "%s@%s" % (unicode(username), unicode(realm)) else: Policy = PolicyClass(request, config, c, get_privacyIDEA_config()) if Policy.is_auth_selfservice_otp(username, realm): # check the OTP success = authenticate_privacyidea_user(username, realm, password) else: # We do authentication against the user store success = check_user_password(username, realm, password) if not success and is_admin_identity("%s@%s" % (username, realm), exception=False): # user not found or authenticated in resolver. # So let's see, if this is an administrative user. success = check_admin_password(username, password, realm) if success: log.info("User %r authenticated" % success) return success