def authenticate(self, request, username=None, password=None, otp=None):
try:
client = request.environ['yubiauth.client']
client.authenticate(username, password, otp)
return json_response(True)
except:
return json_response(False, status=400)
def authenticate(self, request, username=None, password=None, otp=None):
try:
client = request.environ['yubiauth.client']
client.authenticate(username, password, otp)
return json_response(True)
except:
return json_response(False, status=400)
def revoke_yubikey(self, request, code):
client = request.environ['yubiauth.client']
try:
client.revoke(code)
return json_response(True)
except:
return json_error('Invalid code!')
def revoke_yubikey(self, request, code):
client = request.environ['yubiauth.client']
try:
client.revoke(code)
return json_response(True)
except:
return json_error('Invalid code!')
def generate_revocation(self, request, password, otp):
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, password, otp)
code = client.generate_revocation(otp[:-32])
return json_response(code)
except:
return json_error('Invalid credentials!')
def change_password(self, request, oldpass, newpass, otp=None):
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, oldpass, otp)
user.set_password(newpass)
return json_response(True)
except:
return json_error('Invalid credentials!')
def change_password(self, request, oldpass, newpass, otp=None):
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, oldpass, otp)
user.set_password(newpass)
return json_response(True)
except:
return json_error('Invalid credentials!')
def generate_revocation(self, request, password, otp):
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, password, otp)
code = client.generate_revocation(otp[:-32])
return json_response(code)
except:
return json_error('Invalid credentials!')
def delete_account(self, request, password, otp=None):
if not settings['deletion']:
return json_error('Account deletion disabled!')
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, password, otp)
user.delete()
return json_response(True)
except:
return json_error('Invalid credentials!')
def delete_account(self, request, password, otp=None):
if not settings['deletion']:
return json_error('Account deletion disabled!')
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, password, otp)
user.delete()
return json_response(True)
except:
return json_error('Invalid credentials!')
def create_user(self, request, username, password):
try:
user = request.auth.create_user(username, password)
request.auth.commit()
url = '%s/users/%d' % (request.script_name, user.id)
return json_response({
'id': user.id,
'name': user.name
}, location=url, status=201)
except Exception, e:
return json_error(e.message)
def login(self, request, username=None, password=None, otp=None):
client = request.environ['yubiauth.client']
try:
session = client.create_session(username, password, otp)
request.environ['beaker.session'].update(session)
session.delete()
return json_response(True)
except:
log.info('Login failed for username=%s', username)
log.debug('Login failure:', exc_info=True)
return json_error('Invalid credentials!')
def login(self, request, username=None, password=None, otp=None):
client = request.environ['yubiauth.client']
try:
session = client.create_session(username, password, otp)
request.environ['beaker.session'].update(session)
session.delete()
return json_response(True)
except:
log.info('Login failed for username=%s', username)
log.debug('Login failure:', exc_info=True)
return json_error('Invalid credentials!')
def find_user(self, request):
users = request.auth.query_users(**request.params)
if len(users) == 1:
user_id = users[0]['id']
user = request.auth.get_user(user_id)
response = json_response(user.data)
response.headers.add('Link', '<%s>; rel="canonical"' %
request.relative_url('users/%d' % user_id))
return response
raise exc.HTTPNotFound
def find_user(self, request):
users = request.auth.query_users(**request.params)
if len(users) == 1:
user_id = users[0]['id']
user = request.auth.get_user(user_id)
response = json_response(user.data)
response.headers.add(
'Link', '<%s>; rel="canonical"' %
request.relative_url('users/%d' % user_id))
return response
raise exc.HTTPNotFound
def assign_yubikey(self, request, yubikey, password, otp=None):
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, password, otp)
prefix = yubikey[:-32]
if not validate_otp(yubikey):
return json_error('Invalid OTP for new YubiKey!')
if not prefix in user.yubikeys:
user.assign_yubikey(prefix)
return json_response(True)
except:
return json_error('Invalid credentials!')
def assign_yubikey(self, request, yubikey, password, otp=None):
client = request.environ['yubiauth.client']
user = request.environ['yubiauth.user']
try:
client.authenticate(user.name, password, otp)
prefix = yubikey[:-32]
if not validate_otp(yubikey):
return json_error('Invalid OTP for new YubiKey!')
if not prefix in user.yubikeys:
user.assign_yubikey(prefix)
return json_response(True)
except:
return json_error('Invalid credentials!')
def create_user(self, request, username, password):
try:
user = request.auth.create_user(username, password)
request.auth.commit()
url = '%s/users/%d' % (request.script_name, user.id)
return json_response({
'id': user.id,
'name': user.name
},
location=url,
status=201)
except Exception, e:
return json_error(e.message)
def validate(self, request, username_or_id):
user = self._get_user(request, username_or_id)
if 'password' in request.params:
password = request.params['password']
valid_pass = user.validate_password(password)
else:
valid_pass = False
if 'otp' in request.params:
otp = request.params['otp']
valid_otp = user.validate_otp(otp)
else:
valid_otp = False
return json_response({
'valid_password': valid_pass,
'valid_otp': valid_otp
})
def validate(self, request, username_or_id):
user = self._get_user(request, username_or_id)
valid_pass = False
valid_otp = False
password = None
otp = None
if 'password' in request.params:
password = request.params['password']
if 'otp' in request.params:
otp = request.params['otp']
if password:
valid_pass = user.validate_password(password)
if otp:
valid_otp = user.validate_otp(otp, password)
return json_response({
'valid_password': valid_pass,
'valid_otp': valid_otp
})
def validate(self, request, username_or_id):
user = self._get_user(request, username_or_id)
valid_pass = False
valid_otp = False
password = None
otp = None
if 'password' in request.params:
password = request.params['password']
if 'otp' in request.params:
otp = request.params['otp']
if password:
valid_pass = user.validate_password(password)
if otp:
valid_otp = user.validate_otp(otp, password)
return json_response({
'valid_password': valid_pass,
'valid_otp': valid_otp
})
def status(self, request):
return json_response(request.environ['beaker.session']._session())
def show_user(self, request, username_or_id):
user = self._get_user(request, username_or_id)
return json_response(user.data)
def _list_attributes(self, owner):
return json_response(owner.attributes.copy())
def status(self, request):
return json_response(request.environ['beaker.session']._session())
def logout(self, request):
request.environ['beaker.session'].delete()
return json_response(True)
def _show_attribute(self, owner, attribute_key):
if attribute_key in owner.attributes:
return json_response(owner.attributes[attribute_key])
return json_response(None)
def show_yubikey(self, request, *args):
yubikey = self._get_yubikey(request, *args)
return json_response(yubikey.data)
def list_yubikeys(self, request, username_or_id):
user = self._get_user(request, username_or_id)
return json_response(user.yubikeys.keys())
def show_yubikey(self, request, *args):
yubikey = self._get_yubikey(request, *args)
return json_response(yubikey.data)
def _show_attribute(self, owner, attribute_key):
if attribute_key in owner.attributes:
return json_response(owner.attributes[attribute_key])
return json_response(None)
def list_users(self, request):
return json_response(request.auth.query_users(**request.params))
def show_user(self, request, username_or_id):
user = self._get_user(request, username_or_id)
return json_response(user.data)
def logout(self, request):
request.environ['beaker.session'].delete()
return json_response(True)
def list_yubikeys(self, request, username_or_id):
user = self._get_user(request, username_or_id)
return json_response(user.yubikeys.keys())
def _list_attributes(self, owner):
return json_response(owner.attributes.copy())
def list_users(self, request):
return json_response(request.auth.query_users(**request.params))