def password_login(): """Provides email and password authentication.""" data = request_data() email = data.get('email') password = data.get('password') if not email or not password: abort(404) log_event(request) q = Role.by_email(email) q = q.filter(Role.password_digest != None) # noqa role = q.first() # Try a password authentication and an LDAP authentication if it is enabled if role and role.check_password(password) is False: return Unauthorized("Authentication has failed.") elif not role: role = Role.authenticate_using_ldap(email, password) if not role: return Unauthorized("Authentication has failed.") session['user'] = role.id session['next_url'] = extract_next_url(request) return jsonify({ 'logout': url_for('.logout'), 'api_key': role.api_key, 'role': role })
def test_authenticate_using_ldap_with_bad_user_pass(self): secret = self.fake.password() email = self.fake.email() fake_ldap_conn = flexmock(set_option=lambda x, y: x) (flexmock(fake_ldap_conn).should_receive('simple_bind_s').with_args( get_config('LDAP_BASE_DN').format(email), secret).and_raise(LDAPException('Failed auth.')).times(1)) (flexmock(ldap).should_receive('initialize').and_return(fake_ldap_conn) ) self.assertIsNone(Role.authenticate_using_ldap(email, secret))
def test_authenticate_using_ldap_with_good_user_pass(self): secret = self.fake.password() email = self.fake.email() fake_ldap_conn = flexmock(set_option=lambda x, y: x) (flexmock(fake_ldap_conn).should_receive('simple_bind_s').with_args( get_config('LDAP_BASE_DN').format(email), secret).and_return(None).times(1)) (flexmock(fake_ldap_conn).should_receive('unbind_s').and_return( None).times(1)) (flexmock(ldap).should_receive('initialize').and_return(fake_ldap_conn) ) role = Role.authenticate_using_ldap(email, secret) self.assertIsInstance(role, Role) self.assertEqual(role.email, email)
def password_login(): """Provides email and password authentication.""" data = parse_request(schema=LoginSchema) q = Role.by_email(data.get('email')) q = q.filter(Role.password_digest != None) # noqa role = q.first() # Try a password authentication and an LDAP authentication if it is enabled if role is not None: if not role.check_password(data.get('password')): return Unauthorized("Authentication has failed.") if role is None: role = Role.authenticate_using_ldap(data.get('email'), data.get('password')) if role is None: return Unauthorized("Authentication has failed.") return jsonify({'status': 'ok', 'token': create_token(role)})
def test_authenticate_using_ldap_with_blank_password(self): secret = '' self.assertIsNone(Role.authenticate_using_ldap(self.role.email, secret))