def authenticatePassword(self, app, credentials): assert isinstance(app, Factory) assert IUsernamePassword.providedBy(credentials) service = Service( self.protocol(app.getConfig(), 'drupalorg-vcs-auth-fetch-user-hash')) service.request_json({"username": credentials.username}) def _authCallback(result): if result: service = Service( self.protocol(app.getConfig(), 'drupalorg-vcs-auth-check-user-pass')) data = { "username": credentials.username, "password": DrupalHash(result, credentials.password).get_hash() } service.request_bool(data) service.addCallback(self._handleProtocolCallback, app, data) return service.deferred else: return None service.addCallback(_authCallback) return service.deferred
def login(client, credentials): """ Authenticate using the given L{AMP} instance. The protocol must be connected to a server with responders for L{PasswordLogin} and L{PasswordChallengeResponse}. @param client: A connected L{AMP} instance which will be used to issue authentication commands. @param credentials: An object providing L{IUsernamePassword} which will be used to authenticate this connection to the server. @return: A L{Deferred} which fires when authentication has succeeded or which fails with L{UnauthorizedLogin} if the server rejects the authentication attempt. """ if not IUsernamePassword.providedBy(credentials): raise UnhandledCredentials() d = client.callRemote( PasswordLogin, username=credentials.username) def cbChallenge(response): args = PasswordChallengeResponse.determineFrom( response['challenge'], credentials.password) d = client.callRemote(PasswordChallengeResponse, **args) return d.addCallback(lambda ignored: client) d.addCallback(cbChallenge) return d
def authenticatePassword(self, app, credentials): assert IUsernamePassword.providedBy(credentials) if credentials.username == "pass" and credentials.password == "test_pass": return defer.succeed(UserStub()) else: return None
def login(client, credentials): """ Authenticate using the given L{AMP} instance. The protocol must be connected to a server with responders for L{PasswordLogin} and L{PasswordChallengeResponse}. @param client: A connected L{AMP} instance which will be used to issue authentication commands. @param credentials: An object providing L{IUsernamePassword} which will be used to authenticate this connection to the server. @return: A L{Deferred} which fires when authentication has succeeded or which fails with L{UnauthorizedLogin} if the server rejects the authentication attempt. """ if not IUsernamePassword.providedBy(credentials): raise UnhandledCredentials() d = client.callRemote(PasswordLogin, username=credentials.username) def cbChallenge(response): args = PasswordChallengeResponse.determineFrom(response['challenge'], credentials.password) d = client.callRemote(PasswordChallengeResponse, **args) return d.addCallback(lambda ignored: client) d.addCallback(cbChallenge) return d
def _auth(self, result, credentials): if not result: # Username not found in db return defer.fail( error.UnauthorizedLogin('Username or Password mismatch')) else: id = result.id password = result.password if IUsernameHashedPassword.providedBy(credentials): if credentials.checkPassword(password): return defer.succeed(id) else: return defer.fail( error.UnauthorizedLogin('Username or Password mismatch')) elif IUsernamePassword.providedBy(credentials): m = hashlib.md5() m.update(credentials.password) #if password==m.hexdigest(): if password == credentials.password: from goliat.session.usermanager import UserManager if not UserManager().exists(id): return defer.succeed(id) else: return defer.succeed(id) #return defer.fail( # error.LoginFailed('Already Logged')) else: return defer.fail( error.UnauthorizedLogin('Username or Password mismatch')) else: # Wooops! return defer.fail( error.UnhandledCredentials( 'Revise the protocol configuration'))
def requestAvatarId(self, credentials): for interface in self.credentialInterfaces: if interface.providedBy(credentials): break else: raise error.UnhandledCredentials() try: result = yield getUser(credentials.username) except: msg = "Database Error" raise error.UnhandledCredentials(msg) result = list(result) if not len(result): raise error.UnauthorizedLogin("Username not found.") else: password = result[0].password if IUsernameHashedPassword.providedBy(credentials): if credentials.checkPassword(password): defer.returnValue(result[0]) else: raise error.UnauthorizedLogin("Password mismatch.") elif IUsernamePassword.providedBy(credentials): if password == credentials.password: defer.returnValue(result[0]) else: raise error.UnauthorizedLogin("Password mismatch.") else: raise error.UnhandledCredentials()
def _auth(self, result, credentials): if not result: # Username not found in db return defer.fail( error.UnauthorizedLogin('Username or Password mismatch')) else: id=result.id password=result.password if IUsernameHashedPassword.providedBy(credentials): if credentials.checkPassword(password): return defer.succeed(id) else: return defer.fail( error.UnauthorizedLogin('Username or Password mismatch')) elif IUsernamePassword.providedBy(credentials): m=hashlib.md5() m.update(credentials.password) #if password==m.hexdigest(): if password==credentials.password: from goliat.session.usermanager import UserManager if not UserManager().exists(id): return defer.succeed(id) else: return defer.succeed(id) #return defer.fail( # error.LoginFailed('Already Logged')) else: return defer.fail( error.UnauthorizedLogin('Username or Password mismatch')) else: # Wooops! return defer.fail( error.UnhandledCredentials('Revise the protocol configuration'))
def authenticatePassword(self, app, credentials): assert isinstance(app, Factory) assert IUsernamePassword.providedBy(credentials) service = Service(self.protocol(app.getConfig(), "drupalorg-vcs-auth-fetch-user-hash")) service.request_json({"username": credentials.username}) def _authCallback(result): if result: service = Service(self.protocol(app.getConfig(), "drupalorg-vcs-auth-check-user-pass")) data = { "username": credentials.username, "password": DrupalHash(result, credentials.password).get_hash(), } service.request_bool(data) service.addCallback(self._handleProtocolCallback, app, data) return service.deferred else: return None service.addCallback(_authCallback) return service.deferred
def requestAvatarId(self, credentials): """ Check the given credentials and return a suitable user identifier if they are valid. """ if IUsernamePassword.providedBy(credentials): return self._checkPassword(credentials) if ISSHPrivateKey.providedBy(credentials): return self._checkKey(credentials) raise NotImplementedError()
def _requestAvatarId(self, err, queue, credentials): # disallow empty password to be authenticated if IUsernamePassword.providedBy(credentials) and \ ((not credentials.password) or (credentials.username=='root')): raise UnauthorizedLogin() try: ch = queue.popleft() except IndexError: raise UnauthorizedLogin() d = ch.requestAvatarId(credentials) return d.addErrback(self._requestAvatarId, queue, credentials)
def test_usernamePassword(self): """ L{basic.BasicCredentialFactory.decode} turns a base64-encoded response into a L{UsernamePassword} object with a password which reflects the one which was encoded in the response. """ response = b64encode(b''.join([self.username, b':', self.password])) creds = self.credentialFactory.decode(response, self.request) self.assertTrue(IUsernamePassword.providedBy(creds)) self.assertTrue(creds.checkPassword(self.password)) self.assertFalse(creds.checkPassword(self.password + b'wrong'))
def test_usernamePassword(self): """ L{basic.BasicCredentialFactory.decode} turns a base64-encoded response into a L{UsernamePassword} object with a password which reflects the one which was encoded in the response. """ response = b64encode('%s:%s' % (self.username, self.password)) creds = self.credentialFactory.decode(response, self.request) self.assertTrue(IUsernamePassword.providedBy(creds)) self.assertTrue(creds.checkPassword(self.password)) self.assertFalse(creds.checkPassword(self.password + 'wrong'))
def requestAvatarId(self, credentials): self._invariant() assert IUsernamePassword.providedBy(credentials) d = defer.maybeDeferred(self.app.getAuth().authenticatePassword, self.app, credentials) d.addCallback(self.authCallback, credentials) d.addErrback(authenticationErrorHandler) assert isinstance(d, defer.Deferred) return d
def _connect(self): """ Connect to the directory server. This will always be called in a thread to prevent blocking. @returns: The connection object. @rtype: L{ldap.ldapobject.LDAPObject} @raises: L{LDAPConnectionError} if unable to connect. """ # FIXME: ldap connection objects are not thread safe, so let's set up # a connection pool self.log.debug("Connecting to LDAP at {log_source.url}") connection = self._newConnection() if self._credentials is not None: if IUsernamePassword.providedBy(self._credentials): try: connection.simple_bind_s( self._credentials.username, self._credentials.password, ) self.log.debug( "Bound to LDAP as {credentials.username}", credentials=self._credentials ) except ( ldap.INVALID_CREDENTIALS, ldap.INVALID_DN_SYNTAX ) as e: self.log.error( "Unable to bind to LDAP as {credentials.username}", credentials=self._credentials ) raise LDAPBindAuthError( self._credentials.username, e ) else: raise LDAPConnectionError( "Unknown credentials type: {0}" .format(self._credentials) ) return connection
def _cbAuthenticate(self, result, credentials, deferred): """ Checks to see if authentication was good. Called once the info has been retrieved from the DB. """ if len(result) == 0: # Username not found in db deferred.errback(error.UnauthorizedLogin('Username unknown')) else: username, password = result[0] if self.customCheckFunc: # Let the owner do the checking if self.customCheckFunc(username, credentials.password, password): deferred.callback(credentials.username) else: deferred.errback( error.UnauthorizedLogin('Password mismatch')) else: # It's up to us or the credentials object to do the checking # now if IUsernameHashedPassword.providedBy(credentials): # Let the hashed password checker do the checking if credentials.checkPassword(password): deferred.callback(credentials.username) else: deferred.errback( error.UnauthorizedLogin('Password mismatch')) elif IUsernamePassword.providedBy(credentials): # Compare the passwords, deciging whether or not to use # case sensitivity if self.caseSensitivePasswords: passOk = ( password.lower() == credentials.password.lower()) else: passOk = password == credentials.password # See if they match if passOk: deferred.callback(credentials.username) else: deferred.errback( error.UnauthorizedLogin('Password mismatch')) else: # OK, we don't know how to check this deferred.errback(error.UnhandledCredentials())
def _cbAuthenticate(self, result, credentials, deferred): """ Checks to see if authentication was good. Called once the info has been retrieved from the DB. """ if len(result) == 0: # Username not found in db deferred.errback(error.UnauthorizedLogin('Username unknown')) else: username, password = result[0] if self.customCheckFunc: # Let the owner do the checking if self.customCheckFunc( username, credentials.password, password): deferred.callback(credentials.username) else: deferred.errback( error.UnauthorizedLogin('Password mismatch')) else: # It's up to us or the credentials object to do the checking # now if IUsernameHashedPassword.providedBy(credentials): # Let the hashed password checker do the checking if credentials.checkPassword(password): deferred.callback(credentials.username) else: deferred.errback( error.UnauthorizedLogin('Password mismatch')) elif IUsernamePassword.providedBy(credentials): # Compare the passwords, deciging whether or not to use # case sensitivity if self.caseSensitivePasswords: passOk = ( password.lower() == credentials.password.lower()) else: passOk = password == credentials.password # See if they match if passOk: deferred.callback(credentials.username) else: deferred.errback( error.UnauthorizedLogin('Password mismatch')) else: # OK, we don't know how to check this deferred.errback(error.UnhandledCredentials())
def __init__(self, credentials, api, provider_cert): # TODO move provider_cert to api object. # On creation, it should be able to retrieve all the info it needs # (calling bootstrap). # TODO could get a "provider" object instead. # this provider can have an api attribute, # and a "autoconfig" attribute passed on initialization. # TODO get a file-descriptor for password if not in credentials # TODO merge self._request with config.Provider._http_request ? if IAnonymous.providedBy(credentials): self.username = None self.password = None elif IUsernamePassword.providedBy(credentials): self.username = credentials.username self.password = credentials.password self._provider_cert = provider_cert self._api = api self._initialize_session()
def requestAvatarId(self, credentials): if not IUsernamePassword.providedBy(credentials): raise TypeError( "Not an IUsernamePassword: {0!r}".format(credentials)) record = yield self.service.recordWithShortName( RecordType.user, credentials.username.decode("utf-8")) if record is None: raise UnauthorizedLogin("No such user") if not IPlaintextPasswordVerifier.providedBy(record): raise UnauthorizedLogin( "Not an IPlaintextPasswordVerifier: {0!r}".format(record)) auth = yield record.verifyPlaintextPassword(credentials.password) if auth: returnValue(record) raise UnauthorizedLogin("Incorrect password")
def test_interface(self): """ L{UsernamePassword} implements L{IUsernamePassword}. """ self.assertTrue(IUsernamePassword.implementedBy(UsernamePassword))
def authenticatePassword(self, app, credentials): assert IUsernamePassword.providedBy(credentials) return False
def authenticatePassword(self, app, credentials): assert IUsernamePassword.providedBy(credentials) return defer.succeed(True)