def test_correctPassword(self): """ Calling C{checkPassword} on a L{UsernamePassword} will return L{True} when the password given is the password on the object. """ creds = UsernamePassword(b"user", b"pass") self.assertTrue(creds.checkPassword(b"pass"))
def test_passwd(self): """ The C{--passwd} command-line option will load a passwd-like file. """ self.options.parseOptions( ["--telnetPort", "tcp:22", "--passwd", self.filename]) service = manhole_tap.makeService(self.options) portal = service.services[0].factory.protocol.portal self.assertEqual(len(portal.checkers.keys()), 2) # Ensure it's the passwd file we wanted by trying to authenticate self.assertTrue( self.successResultOf( portal.login( UsernamePassword(*self.usernamePassword), None, telnet.ITelnetProtocol, ))) self.assertIsInstance( self.failureResultOf( portal.login(UsernamePassword(b"wrong", b"user"), None, telnet.ITelnetProtocol)).value, error.UnauthorizedLogin, )
def test_checkKeyAsRoot(self): """ If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. """ keyFile = self.sshDir.child("authorized_keys") keyFile.setContent(self.content) # Fake permission error by changing the mode keyFile.chmod(0000) self.addCleanup(keyFile.chmod, 0777) # And restore the right mode when seteuid is called savedSeteuid = self.mockos.seteuid def seteuid(euid): keyFile.chmod(0777) return savedSeteuid(euid) self.mockos.euid = 2345 self.mockos.egid = 1234 self.patch(self.mockos, "seteuid", seteuid) self.patch(checkers, 'os', self.mockos) self.patch(util, 'os', self.mockos) user = UsernamePassword("user", "password") user.blob = "foobar" self.assertTrue(self.checker.checkKey(user)) self.assertEqual(self.mockos.seteuidCalls, [0, 1, 0, 2345]) self.assertEqual(self.mockos.setegidCalls, [2, 1234])
def query(self, user, channel, msg): """ Uses the auth-service to identify a user. If no username is given, the nickname is used. """ _=self.bot.get_gettext() if user.getNick().lower() == self.bot.nickname.lower(): return nick = user.getNick() if msg[0:9] == "identify ": portal = self.bot.root.getServiceNamed("auth") if not portal: self.bot.sendmsg(nick, _("Error: could not get portal")) return msgs = msg.split(" ") if len(msgs) == 2: cred = UsernamePassword(nick, msgs[1]) elif len(msgs) == 3: cred = UsernamePassword(msgs[1], msgs[2]) else: self.bot.sendmsg(nick, _("Usage: identify [user] pass")) return d = portal.login(cred, user, IUser) msg = _("Successfully logged in as %s") d.addCallback(lambda args: self.bot.sendmsg(nick, msg % args[1].name)) fail = _("Login failed: %s") d.addErrback(lambda failure: self.bot.sendmsg(nick, fail % failure.getErrorMessage()))
def connect(self, host, port, username=None, password=None, retry=False): if retry: # Launch a client self.pbClientFactory = ReconnectingPBClientFactory() self.pbClientFactory.gotPerspective = self._connected self.pbClientFactory.disconnected = self._disconnected # Start login if username is None and password is None: self.pbClientFactory.startLogin( Anonymous()) else: self.pbClientFactory.startLogin( UsernamePassword( username, password)) reactor.connectTCP(host, port, self.pbClientFactory) else: # Launch a client self.pbClientFactory = pb.PBClientFactory() reactor.connectTCP(host, port, self.pbClientFactory) yield self.pbClientFactory.getRootObject() if username is None and password is None: yield self.pbClientFactory.login( Anonymous()).addCallback(self._connected) else: yield self.pbClientFactory.login( UsernamePassword( username, password)).addCallback(self._connected)
def test_wrongPassword(self): """ Calling C{checkPassword} on a L{UsernamePassword} will return L{False} when the password given is NOT the password on the object. """ creds = UsernamePassword(b"user", b"pass") self.assertFalse(creds.checkPassword(b"someotherpass"))
def test_checkKeyAsRoot(self): """ If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. """ keyFile = self.sshDir.child("authorized_keys") keyFile.setContent(self.content) # Fake permission error by changing the mode keyFile.chmod(0000) self.addCleanup(keyFile.chmod, 0777) # And restore the right mode when seteuid is called savedSeteuid = self.mockos.seteuid def seteuid(euid): keyFile.chmod(0777) return savedSeteuid(euid) self.mockos.euid = 2345 self.mockos.egid = 1234 self.patch(self.mockos, "seteuid", seteuid) self.patch(util, 'os', self.mockos) user = UsernamePassword("user", "password") user.blob = "foobar" self.assertTrue(self.checker.checkKey(user)) self.assertEqual(self.mockos.seteuidCalls, [0, 1, 0, 2345]) self.assertEqual(self.mockos.setegidCalls, [2, 1234])
def test_callable(self): self.auth = self.MockCustomAuth() cred_good = UsernamePassword('fellow', 'correct') result_good = yield self.auth.checkers[0].requestAvatarId(cred_good) self.assertEqual(result_good, 'fellow') cred_bad = UsernamePassword('bandid', 'incorrect') defer_bad = self.auth.checkers[0].requestAvatarId(cred_bad) self.assertFailure(defer_bad, UnauthorizedLogin)
def _testCheckKey(self, filename): self.sshDir.child(filename).setContent(self.content) user = UsernamePassword("user", "password") user.blob = "foobar" self.assertTrue(self.checker.checkKey(user)) user.blob = "eggspam" self.assertTrue(self.checker.checkKey(user)) user.blob = "notallowed" self.assertFalse(self.checker.checkKey(user))
def main(reactor): cc = ClientCreator(reactor, AMP) d = cc.connectTCP('localhost', 7805) d.addCallback(login, UsernamePassword("testuser", "examplepass")) d.addCallback(add) d.addCallback(display) return d
def OnLoadSingleWorld(worldname=None): global WORLDDB TGESetGlobal("$Py::ISSINGLEPLAYER", 1) TGESetGlobal("$Py::LastTell", "") if not worldname: tc = TGEObject("SINGLEPLAYER_WORLDLIST") sr = int(tc.getSelectedId()) if sr >= 0 and len(WORLDS): worldname = WORLDS[sr] if worldname: TGECall("MessagePopup", "Loading World...", "Please wait...") TGEEval("Canvas.repaint();") try: try: WORLDDB = "%s/%s/data/worlds/singleplayer/%s/world.db" % ( os.getcwd(), GAMEROOT, worldname) r = WorldUpdate( WORLDDB, "%s/%s/data/worlds/multiplayer.baseline/world.db" % (os.getcwd(), GAMEROOT), True) except: TGECall("CloseMessagePopup") TGECall("MessageBoxOK", "Problem Updating World!", "There was an error updating this world!") return if not r: SetupEmbeddedWorld(worldname) else: TGECall("CloseMessagePopup") return except: TGECall("CloseMessagePopup") TGECall("MessageBoxOK", "Problem Loading World!", "There was an error loading this world!") traceback.print_exc() ShutdownEmbeddedWorld() return TGECall("CloseMessagePopup") TGESetGlobal("$Py::WORLDNAME", worldname) # log into world factory = pb.PBClientFactory() reactor.connectTCP("localhost", 3013, factory) mind = PlayerMind() password = md5("ThePlayer").digest() d = factory.login(UsernamePassword("ThePlayer-Immortal", password), mind) d.addCallback(PlayerConnected, (mind, )) d.addErrback(Error) if False: #RPG_BUILD_DEMO: TGEObject("SPONSORBREAK_BAR").visible = True else: TGEObject("SPONSORBREAK_BAR").visible = False
def OnWorldLogin(args): guardian = int(args[1])==1 immortal = int(args[1])==2 avatar = "Player" if guardian: avatar = "Guardian" if immortal: avatar = "Immortal" worldpassword = TGEObject("WORLDLOGIN_PASSWORD").getValue() if len(worldpassword) < 6: TGECall("MessageBoxOK","Error!","World passwords are at least 6 characters long.") else: TGECall("MessagePopup","Logging into world...","Please wait...") factory = pb.PBClientFactory() reactor.connectTCP(WORLDINFO.worldIP,WORLDINFO.worldPort,factory) mind = PlayerMind() from md5 import md5 password = md5(worldpassword).digest() factory.login(UsernamePassword("%s-%s"%(TGEGetGlobal("$pref::PublicName"),avatar), password),mind).addCallbacks(PlayerConnected, Failure,(mind,))
def _delegate(self, ctx, segments): """Identify the session by looking at cookies and HTTP auth headers, use that session key to identify the wrapped resource, then return a deferred which fires a 2-tuple of (resource, segments) to the top-level redirection code code which will delegate IResource's renderHTTP or locateChild methods to it """ request = inevow.IRequest(ctx) cookie = request.getCookie(self.cookieKey) # support HTTP auth, no redirections userpass = request.getUser(), request.getPassword() httpAuthSessionKey = 'HTTP AUTH: %s:%s' % userpass for sessionKey in cookie, httpAuthSessionKey: if sessionKey in self.sessions: session = self.sessions[sessionKey] return self.checkLogin(ctx, session, segments) # without a session if userpass != ('', ''): # the user is trying to log in with HTTP auth, but they don't have # a session. So, make them one. sz = self.sessions[httpAuthSessionKey] = self.sessionFactory( self, httpAuthSessionKey) # kick off the expiry timer. sz.checkExpired() return self.checkLogin(ctx, sz, segments, None, UsernamePassword(*userpass)) # no, really, without a session ## Redirect to the URL with the session key in it, plus the segments of the url rd = self.createSession(ctx, segments) return rd, ()
def cache_DELETE(self, request, dn): request.setHeader("Content-Type", "application/json") client_ip = request.getClientIP() result = decode_basic_auth(request) if result is None: request.setResponseCode(UNAUTHORIZED) request.setHeader("WWW-Authenticate", 'Basic realm="BindProxyWS"') returnValue("""{"result": "not authorized"}""") user, passwd = result try: iface, avatar, logout = yield self.portal.login( UsernamePassword(*result), None, IBindProxyWSUser) except (error.UnauthorizedLogin, exceptions.NotImplementedError) as ex: log.msg( ("[ERROR] client_ip={client_ip}, login={login}: " "Unauthorized login attempt to web service.\n{err}").format( client_ip=client_ip, login=user, err=str(ex))) request.setResponseCode(UNAUTHORIZED) returnValue("""{"result": "not authorized"}""") except Exception as ex: log.msg("[ERROR] {0}".format(str(ex))) request.setResponseCode(500) returnValue('''{"result": "error"}''') self.bindCache.store(dn, None) log.msg(("[INFO] client_ip={client_ip}, login={login}: " "Successfully removed cached entry for {dn}").format( client_ip=client_ip, login=user, dn=dn)) returnValue('''{"result": "ok"}''')
def test_getProxy(self): url1 = 'http://fakeurl1' url2 = 'http://fakeurl2' version = jsonrpc.VERSION_2 connectTimeout = 30 cred = UsernamePassword('username', 'password') contextFactory = WebClientContextFactory() factory = ProxyFactory(version=version, connectTimeout=connectTimeout, credentials=cred, contextFactory=contextFactory) proxy1 = factory.getProxy(url1) proxy2 = factory.getProxy(url2) self.assertNotEqual(id(proxy1), id(proxy2)) self.assertNotEqual(id(proxy1.agent._pool), id(proxy2.agent._pool)) self.assertEqual(proxy1.url, url1) self.assertEqual(proxy2.url, url2) self.assertEqual(proxy1.version, version) self.assertEqual(proxy2.version, version) self.assertEqual(proxy1.credentials, cred) self.assertEqual(proxy2.credentials, cred) self.assertEqual(proxy1.agent._connectTimeout, connectTimeout) self.assertEqual(proxy2.agent._connectTimeout, connectTimeout)
def login(self, userID, robotID, password): """ Callback for Robot connection to login and authenticate. @param userID: User ID under which the robot is logging in. @type userID: str @param robotID: Unique ID of the robot in the namespace of the user under which the robot is logging in. @type robotID: str @param password: Hashed password as hex-encoded string which is used to authenticate the user. @type password: str @return: Representation of the connection to the robot which is used in the Robot process. (type: rce.robot.Connection) @rtype: twisted.internet.defer.Deferred """ conn = Connection(self, userID, robotID) factory = PBClientFactory() self._reactor.connectTCP(self._masterIP, self._masterPort, factory) d = factory.login(UsernamePassword(userID, password)) d.addCallback(self._cbAuthenticated, conn) d.addCallback(self._cbConnected, conn) d.addCallback(lambda _: conn) return d
def _doLogin(self): idParams = {} idParams['host'] = self._hostEntry.get_text() idParams['port'] = self._portEntry.get_text() idParams['identityName'] = self._identityNameEntry.get_text() idParams['password'] = self._passwordEntry.get_text() try: idParams['port'] = int(idParams['port']) except ValueError: pass f = pb.PBClientFactory() from twisted.internet import reactor reactor.connectTCP(idParams['host'], idParams['port'], f) creds = UsernamePassword(idParams['identityName'], idParams['password']) d = f.login(creds, self.client) def _timeoutLogin(): self._timeoutID = None d.errback(failure.Failure(defer.TimeoutError("Login timed out."))) self._timeoutID = reactor.callLater(30, _timeoutLogin) d.addCallbacks(self._cbGotPerspective, self._ebFailedLogin) self.statusMsg("Contacting server...")
def login(self, nickname, password): username = self.getUsername(nickname) def failedLogin(f): f.trap(aerrors.UnauthorizedLogin) log.msg('Authentication for "%s" failed:' % (username,)) log.err(f) raise errors.AuthenticationError(u'Unable to authenticate "%s"' % (username,)) def wrapLogout(self, logout): def _logout(): del self.authenticatedUsers[username] logout() return _logout def loginDone((interface, avatar, logout)): self.logout(username) logout = wrapLogout(self, logout) self.authenticatedUsers[username] = (avatar, logout) d = self.portal.login( UsernamePassword(username, password), None, IIRCAvatar) return d.addCallbacks(loginDone, failedLogin)
def OnLog(self,evt): evt.Skip() if not self.perspective: #not connection dlg = MasterLoginDlg(self) dlg.Centre() dlg.publicNameTextCtrl.SetValue(SETTINGS['PublicName']) dlg.passwordTextCtrl.SetValue(SETTINGS['Password']) if dlg.ShowModal()==wx.ID_OK: pname = dlg.publicNameTextCtrl.GetValue() pw = dlg.passwordTextCtrl.GetValue() if len(pname) and len(pw): SETTINGS['PublicName']=pname SETTINGS['Password']=pw #login self.progressDlg.Update(0,"Logging into the Master Server...") self.progressDlg.Show() username=pname+"-"+"World" password=pw factory = pb.PBClientFactory() reactor.connectTCP(MASTERIP,MASTERPORT,factory) password = md5(password).digest() factory.login(UsernamePassword(username, password),self).addCallbacks(self.connected, self.failure) else: #logout self.myWorldsListCtrl.DeleteAllItems() self.liveWorldsListCtrl.DeleteAllItems() self.perspective = None self.enableControls(False) self.logButton.SetLabel("Connect!")
def login(self, username, password): try: credentials = UsernamePassword(username, password) deferred = defer.Deferred() def okback(ret, _deferred): _interface, objshAvatar, _lambda = ret #print '>>>>',_a,objshAvatar,_b assert objshAvatar is not None self.username = username self.authenticated = True self.title = username.upper() self.avatar = objshAvatar # reset login history self.authentication_failure_count = 0 self.last_authentication_failure_ts = 0 _deferred.callback(True) def errback(_failure, _deferred): errmsg = _failure.getErrorMessage() if errmsg: log.msg('login failure:%s' % errmsg) _deferred.callback(False) d = self.portal.login(credentials, None, IResource) d.addCallback(okback, deferred) d.addErrback(errback, deferred) return deferred except UnauthorizedLogin: self.authenticated = False self.did_login_failure() except: traceback.print_exc()
def OnRequestLostPassword(): global PUBLICNAME, EMAILADDRESS pname = TGEObject("LOSTPASSWORD_PUBLICNAME").getValue() email = TGEObject("LOSTPASSWORD_EMAIL").getValue() if not pname: TGECall("MessageBoxOK", "Lost Password", "Invalid Public Name") return if "@" not in email or "." not in email: TGECall("MessageBoxOK", "Lost Password", "Invalid email address") return PUBLICNAME, EMAILADDRESS = pname, email masterIP = TGEGetGlobal("$Py::MasterIP") masterPort = int(TGEGetGlobal("$Py::MasterPort")) TGECall("MessagePopup", "Contacting Master Server...", "Please wait...") factory = pb.PBClientFactory() reactor.connectTCP(masterIP, masterPort, factory) from md5 import md5 password = md5("Registration").digest() factory.login(UsernamePassword("Registration-Registration", password), pb.Root()).addCallbacks(Connected, Failure)
def test_portal(self): """ The factory returned by L{SecureShellConfiguration.getFactory} has a C{portal} attribute which allows logins authenticated in the usual L{axiom.userbase} manner. """ localpart = u'foo bar' domain = u'example.com' password = u'baz quux' loginSystem = self.store.findUnique(LoginSystem) account = loginSystem.addAccount(localpart, domain, password, internal=True) subStore = account.avatars.open() avatar = object() subStore.inMemoryPowerUp(avatar, IConchUser) factory = self.shell.getFactory() login = factory.portal.login( UsernamePassword( '%s@%s' % (localpart.encode('ascii'), domain.encode('ascii')), password), None, IConchUser) def cbLoggedIn(result): self.assertIdentical(IConchUser, result[0]) self.assertIdentical(avatar, result[1]) login.addCallback(cbLoggedIn) return login
def connect(self): factory = pb.PBClientFactory() reactor.connectTCP(GMSERVER_IP, GMSERVER_PORT, factory) password = md5(GMSERVER_PASSWORD).digest() factory.login( UsernamePassword("CharacterServer-CharacterServer", password), self).addCallbacks(self.connected, self.failure)
def connect(self): factory = pb.PBClientFactory() reactor.connectTCP(self.worldIP, 7001, factory) password = md5(CONFIG["World Password"]).digest() factory.login(UsernamePassword(CONFIG["World Username"], password), self).addCallbacks(self.connected, self.failure)
def logInAndCheck(self, username, domain='localhost'): """ Ensure that logging in via cred succeeds based on the accounts managed by L{axiom.userbase.LoginSystem}. """ s = self.store def _speedup(): l = userbase.LoginSystem(store=s) dependency.installOn(l, s) s.checkpoint() p = Portal(IRealm(s), [ICredentialsChecker(s)]) a = l.addAccount(username, 'localhost', SECRET) gph = GarbageProtocolHandler(store=a.avatars.open(), garbage=0) dependency.installOn(gph, gph.store) return p, gph p, gph = s.transact(_speedup) def wasItGph(xxx_todo_changeme): (interface, avatar, logout) = xxx_todo_changeme self.assertEqual(interface, IGarbage) self.assertEqual(avatar, gph) logout() return p.login(UsernamePassword('bob@localhost', SECRET), None, IGarbage ).addCallback(wasItGph)
def xmlrpc_authenticate(self, username, password): """server authentication method""" creds = UsernamePassword(username, password) d = self.portal.login(creds, None, IQuerier) d.addCallback(self._attachUser, username, password) d.addErrback(lambda deferred: '') return d
def authenticateUserPASS(self, user, password): """ Perform authentication for a username/password login. Override the default lookup scheme to allow virtual domains. @type user: L{bytes} @param user: The name of the user attempting to log in. @type password: L{bytes} @param password: The password to authenticate with. @rtype: L{Deferred} which successfully results in 3-L{tuple} of (L{IMailbox <pop3.IMailbox>}, L{IMailbox <pop3.IMailbox>} provider, no-argument callable) @return: A deferred which fires when authentication is complete. If successful, it returns an L{IMailbox <pop3.IMailbox>} interface, a mailbox and a logout function. If authentication fails, the deferred fails with an L{UnauthorizedLogin <twisted.cred.error.UnauthorizedLogin>} error. """ user, domain = self.lookupDomain(user) try: portal = self.service.lookupPortal(domain) except KeyError: return defer.fail(UnauthorizedLogin()) else: return portal.login( UsernamePassword(user, password), None, pop3.IMailbox )
def ConnectToMailServer(self): print "Connecting to Mail Server Proxy at: %s"%MAILSERVER_IP factory = pb.PBClientFactory() reactor.connectTCP(MAILSERVER_IP,MAILSERVER_PORT,factory) password = md5("MSP").digest() factory.login(UsernamePassword("MSP-MSP", password),pb.Root()).addCallbacks(self.MSConnected, self.MSFailure)
def test_initialisation(self): """ The initialisation of L{UsernamePassword} will set C{username} and C{password} on it. """ creds = UsernamePassword(b"foo", b"bar") self.assertEqual(creds.username, b"foo") self.assertEqual(creds.password, b"bar")
def test_request_avatar_id(self): checker = GoUserSessionAccessChecker(self.sm) session = {} self.sm.set_user_account_key(session, u"user-1") yield self.sm.save_session(u"session-1", session, 10) creds = UsernamePassword(u"session_id", u"session-1") user = yield checker.requestAvatarId(creds) self.assertEqual(user, u"user-1")
def test_requestAvatarIdInvalidCredential(self): """ If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. """ checker = checkers.SSHProtocolChecker() d = checker.requestAvatarId(UsernamePassword('test', 'test')) return self.assertFailure(d, UnhandledCredentials)
def test_defaultCheckers(self): """ L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. """ checker = checkers.UNIXPasswordDatabase() def crypted(username, password): salt = crypt.crypt(password, username) crypted = crypt.crypt(password, '$1$' + salt) return crypted pwd = UserDatabase() pwd.addUser('alice', crypted('alice', 'password'), 1, 2, 'foo', '/foo', '/bin/sh') # x and * are convention for "look elsewhere for the password" pwd.addUser('bob', 'x', 1, 2, 'bar', '/bar', '/bin/sh') spwd = ShadowDatabase() spwd.addUser('alice', 'wrong', 1, 2, 3, 4, 5, 6, 7) spwd.addUser('bob', crypted('bob', 'password'), 8, 9, 10, 11, 12, 13, 14) self.patch(checkers, 'pwd', pwd) self.patch(checkers, 'spwd', spwd) mockos = MockOS() self.patch(checkers, 'os', mockos) self.patch(util, 'os', mockos) mockos.euid = 2345 mockos.egid = 1234 cred = UsernamePassword("alice", "password") self.assertLoggedIn(checker.requestAvatarId(cred), 'alice') self.assertEquals(mockos.seteuidCalls, []) self.assertEquals(mockos.setegidCalls, []) cred.username = "******" self.assertLoggedIn(checker.requestAvatarId(cred), 'bob') self.assertEquals(mockos.seteuidCalls, [0, 2345]) self.assertEquals(mockos.setegidCalls, [0, 1234])