def run(config): conf_users = config['users'].split(',') conf_secret = config['secret'] conf_validsec = int(config['validsec']) conf_jid = config['jid'] conf_jid_pw = config['jid_pw'] # reading the credential supplied in a pipe from apache username = sys.stdin.readline().strip() password = sys.stdin.readline().strip() if password == "" and username in conf_users: # avoid spamming by allowing only one message sent at a time lockfile = os.path.basename(__file__) with functions.file_lock("/tmp/lock." + lockfile): message = functions.token_message(username, conf_secret, conf_validsec, os.getenv("URI"), os.getenv("HTTP_HOST")) if os.getenv("SKIP_XMPP"): # used for testing print(message) else: functions.send_message(conf_jid, conf_jid_pw, username, message) elif username in conf_users: if functions.verify_token(username, password, conf_secret, conf_validsec): return os.EX_OK return os.EX_NOPERM # fail by default
def do_GET(self): global LAST_REQUEST_TIME, CACHE if 'Authorization' in self.headers: method, value = self.headers['Authorization'].split(' ') if method != 'Basic': self.send_response(400, 'Unsupported authentication method') elif value in CACHE and CACHE[value] > time.time() - 60: # cache cred for 60s for performance logging.info("Authorized (cached) %s", value) self.send_response(200, "OK go forward") else: username, password = binascii.a2b_base64(value.encode('utf-8')).decode('utf-8').split(':') if password == "" and username in conf.users: if LAST_REQUEST_TIME == 0 or time.time() - LAST_REQUEST_TIME > 15: # max 1 msg per 15 sec LAST_REQUEST_TIME = time.time() send_token(conf, username, self.headers['X-Original-URI']) self.send_response(401, "Token sent, retry") self.send_header("WWW-Authenticate", "Basic realm=\"xmppmessage auth\"") else: self.send_response(429, 'Too Many Requests') else: if functions.verify_token(username, password, conf.secret, conf.validsec): logging.info("Authorized %s", username) CACHE[value] = time.time() self.send_response(200, "OK go forward") else: logging.info("Denied %s", username) self.send_response(403, "Authentication failed, username or password wrong") else: self.send_response(401) self.send_header("WWW-Authenticate", "Basic realm=\"xmppmessage auth\"") self.end_headers()