def __check_in_local_known_user(db_user: User, password: str, _tn) -> dict:
"""
Tries to check in a local known user.
:param db_user: current instance of User
:param password: password of the user
:param _tn: instance of current translator
:return: dict()
"""
LOG.debug("user: %s", db_user.nickname)
if db_user.validate_password(PW_FOR_LDAP_USER):
# is ldap
data = verify_ldap_user_data(db_user.nickname, password, _tn)
if data['error']:
LOG.debug("Invalid password for the ldap user")
return {'error': data['error']}
else:
return {'user': db_user}
# check no-ldap user
elif db_user.validate_password(password):
return {'user': db_user}
else:
LOG.debug("Invalid password for the local user")
return {'error': _tn.get(_.userPasswordNotMatch)}
def test_verify_ldap_user_data(self):
os.environ['HHU_LDAP_SERVER'] = 'ldaps://ldaps.ad.hhu.de'
os.environ['HHU_LDAP_BASE'] = 'ou=IDMUsers,DC=AD,DC=hhu,DC=de'
os.environ['HHU_LDAP_ACCOUNT_SCOPE'] = '@ad.hhu.de'
os.environ['HHU_LDAP_ACCOUNT_FILTER'] = 'sAMAccountName'
os.environ['HHU_LDAP_ACCOUNT_FIRSTNAME'] = 'givenName'
os.environ['HHU_LDAP_ACCOUNT_LAST'] = 'sn'
os.environ['HHU_LDAP_ACCOUNT_TITLE'] = 'personalTitle'
os.environ['HHU_LDAP_ACCOUNT_EMAIL'] = 'mail'
nickname = 'Bob'
password = '******'
_tn = Translator('en')
response = verify_ldap_user_data(nickname, password, _tn)
self.assertTrue(response['error'] in [
_tn.get(_.serviceNotAvailable) + '. ' +
_tn.get(_.pleaseTryAgainLaterOrContactUs),
_tn.get(_.userPasswordNotMatch)
])
def __register_user_with_ldap_data(mailer, nickname, password, _tn) -> dict:
"""
Asks LDAP if the user is known
:param mailer: instance of pyramids mailer
:param nickname: User.nickname
:param password: String
:param _tn: Translator
:return: dict() or HTTPFound if the user is logged in an it is not the api
"""
LOG.debug("user: %s", nickname)
ldap_data = verify_ldap_user_data(nickname, password, _tn)
if ldap_data['error']:
return {'error': ldap_data['error']}
# register the new user
ldap_data['nickname'] = nickname
ret_dict = user.set_new_user(mailer, ldap_data, PW_FOR_LDAP_USER, _tn)
if 'success' not in ret_dict:
return {'error': _tn.get(_.internalKeyError)}
return {'user': ret_dict['user']}
def __check_in_local_known_user(db_user: User, password: str, _tn) -> dict:
"""
Tries to check in a local known user.
:param db_user: current instance of User
:param password: password of the user
:param _tn: instance of current translator
:return: dict()
"""
logger('Auth.Login', 'user: {}'.format(db_user.nickname))
if db_user.validate_password(password):
return {'user': db_user}
if not (db_user.validate_password('NO_PW_BECAUSE_LDAP')
or db_user.password is get_hashed_password('NO_PW_BECAUSE_LDAP')):
logger('Auth.Login', 'invalid password for the local user')
return {'error': _tn.get(_.userPasswordNotMatch)}
data = verify_ldap_user_data(db_user.nickname, password, _tn)
if data['error']:
return {'error': data['error']}
return {'user': db_user}
def __register_user_with_ldap_data(mailer, nickname, password, _tn) -> dict:
"""
Asks LDAP if the user is known
:param mailer: instance of pyramids mailer
:param nickname: User.nickname
:param password: String
:param _tn: Translator
:return: dict() or HTTPFound if the user is logged in an it is not the api
"""
logger('Auth.Login', 'user: {}'.format(nickname))
ldap_data = verify_ldap_user_data(nickname, password, _tn)
if ldap_data['error']:
return {'error': ldap_data['error']}
# register the new user
ret_dict = user.set_new_user(mailer, ldap_data['firstname'],
ldap_data['lastname'], nickname,
ldap_data['gender'], ldap_data['email'],
'NO_PW_BECAUSE_LDAP', _tn)
if 'success' not in ret_dict:
return {'error': _tn.get(_.internalKeyError)}
return {'user': ret_dict['user']}