def check_credentials(email, password, app=None): """ Check if given password and email match an user in database. Password hash comparison is based on BCrypt. """ try: person = persons_service.get_person_by_email(email) except PersonNotFoundException: try: person = persons_service.get_person_by_desktop_login(email) except PersonNotFoundException: if app is not None: app.logger.error("Person not found: %s" % (email)) raise WrongPasswordException() try: password_hash = person["password"] or u'' if bcrypt.check_password_hash(password_hash, password): return person else: if app is not None: app.logger.error("Wrong password for person: %s" % person) raise WrongPasswordException() except ValueError: if app is not None: app.logger.error("Wrong password for: %s" % person) raise WrongPasswordException()
def update_person_list_with_ldap_users(users): for user in users: first_name = user["first_name"] last_name = user["last_name"] desktop_login = user["desktop_login"] email = user["email"] active = user.get("active", True) if "thumbnail" in user and len(user["thumbnail"]) > 0: thumbnail = user["thumbnail"][0] else: thumbnail = "" person = None try: person = persons_service.get_person_by_desktop_login( desktop_login) except PersonNotFoundException: try: person = persons_service.get_person_by_email(email) except PersonNotFoundException: pass if len(email) == 0 or email == "[]" or type(email) != str: email = "%s@%s" % (desktop_login, EMAIL_DOMAIN) if person is None and active is True: try: person = persons_service.create_person( email, "default".encode("utf-8"), first_name, last_name, desktop_login=desktop_login, ) print("User %s created." % desktop_login) except: print("User %s creation failed (email duplicated?)." % (desktop_login)) elif person is not None: try: active = True persons_service.update_person( person["id"], { "email": email, "first_name": first_name, "last_name": last_name, "active": active, }, ) print("User %s updated." % desktop_login) except: print("User %s update failed (email duplicated?)." % (desktop_login)) if person is not None and len(thumbnail) > 0: save_thumbnail(person, thumbnail)
def ldap_auth_strategy(email, password, app): """ Connect to an active directory server to know if given user can be authenticated. """ person = None try: person = persons_service.get_person_by_email(email) except PersonNotFoundException: person = persons_service.get_person_by_desktop_login(email) try: SSL = app.config["LDAP_SSL"] if app.config["LDAP_IS_AD_SIMPLE"]: user = "******" % ( person["full_name"], app.config["LDAP_BASE_DN"], ) SSL = True authentication = SIMPLE elif app.config["LDAP_IS_AD"]: user = "******" % ( app.config["LDAP_DOMAIN"], person["desktop_login"], ) authentication = NTLM else: user = "******" % ( person["desktop_login"], app.config["LDAP_BASE_DN"], ) authentication = SIMPLE ldap_server = "%s:%s" % ( app.config["LDAP_HOST"], app.config["LDAP_PORT"], ) server = Server(ldap_server, get_info=ALL, use_ssl=SSL) conn = Connection( server, user=user, password=password, authentication=authentication, raise_exceptions=True, ) conn.bind() return person except LDAPSocketOpenError: app.logger.error("Cannot connect to LDAP/Active directory server %s " % (ldap_server)) return ldap_auth_strategy_fallback(email, password, app, person) except LDAPInvalidCredentialsResult: app.logger.error("LDAP cannot authenticate user: %s" % email) return ldap_auth_strategy_fallback(email, password, app, person)
def no_password_auth_strategy(email): """ If no password auth strategy is configured, it just checks that given email matches an user in the database. """ try: person = persons_service.get_person_by_email(email) except PersonNotFoundException: try: person = persons_service.get_person_by_desktop_login(email) except PersonNotFoundException: return None return person
def test_get_person_by_desktop_login(self): self.assertRaises(PersonNotFoundException, persons_service.get_person_by_desktop_login, "wrong-login") person = persons_service.get_person_by_desktop_login( self.person_desktop_login) person = persons_service.get_person_by_email(person["email"]) self.assertEqual(self.person_id, person["id"]) persons_service.delete_person(person["id"]) self.assertRaises(PersonNotFoundException, persons_service.get_person_by_desktop_login, self.person_desktop_login)