def check_session(request, user, client):
"""
check if the user session is ok:
- check if the sessionvalue is the same as the cookie
- check if the user has been authenticated before by decrypt the cookie val
:param request: the request context
:param user:the authenticated user
:param client: the cookie is bouind to the client
:return: boolean
"""
# try to get (local) selfservice
# if none is present fall back to possible
# userauthcookie (cookie for remote self service)
session = get_request_param(request, 'session', 'no_session')
for cookie_ref in ['user_selfservice', 'userauthcookie']:
cookie = request.cookies.get(cookie_ref, 'no_auth_cookie')
if session == cookie:
return check_auth_cookie(cookie, user, client)
return False
def check_session(request, user, client):
"""
check if the user session is ok:
- check if the sessionvalue is the same as the cookie
- check if the user has been authenticated before by decrypt the cookie val
:param request: the request context
:param user:the authenticated user
:param client: the cookie is bouind to the client
:return: boolean
"""
# try to get (local) selfservice
# if none is present fall back to possible
# userauthcookie (cookie for remote self service)
session = get_request_param(request, 'session', 'no_session')
for cookie_ref in ['user_selfservice', 'userauthcookie']:
cookie = request.cookies.get(cookie_ref, 'no_auth_cookie')
if session == cookie:
return check_auth_cookie(cookie, user, client)
return False
def getUserFromRequest(request, config=None):
'''
This function first tries to get the user from
* already authenticated systems (REMOTE_USER)
* a Basic / DigestAuth and
* otherwise from the client certificate
:param request: the pylons request
:param config: the LinOTP configuration
:return: the authentication dict
:remark: the function catches all exceptions which are only logged
:remark: the selfservice authentication should be removed!!
'''
d_auth = {'login': ''}
try:
# ------------------------------------------------------------------ --
# accept remote authenticated users
if 'REMOTE_USER' in request.environ:
d_auth['login'] = request.environ['REMOTE_USER']
log.debug(
"[getUserFromRequest] BasicAuth: found the "
"REMOTE_USER: %r", d_auth)
# ------------------------------------------------------------------ --
# Find user name from HTTP_AUTHORIZATION (Basic or Digest auth)
elif 'HTTP_AUTHORIZATION' in request.environ:
hdr = request.environ['HTTP_AUTHORIZATION']
# -------------------------------------------------------------- --
# Basic Authentication
if hdr.startswith('Basic '):
a_auth = b64decode(hdr[5:].strip())
d_auth['login'], _junk, _junk = a_auth.partition(':')
log.debug(
"[getUserFromRequest] BasicAuth: found "
"this HTTP_AUTHORIZATION: %r", d_auth)
# -------------------------------------------------------------- --
# Digest authentication
else:
for field in hdr.split(","):
(key, _delimiter, value) = field.partition("=")
d_auth[key.lstrip(' ')] = value.strip('"')
d_auth['login'] = d_auth.get('Digest username', '') or ''
log.debug(
"[getUserFromRequest] DigestAuth: found "
"this HTTP_AUTHORIZATION: %r", d_auth)
# ------------------------------------------------------------------ --
# Do SSL Client Cert
elif 'SSL_CLIENT_S_DN_CN' in request.environ:
d_auth['login'] = request.environ.get('SSL_CLIENT_S_DN_CN', '')
log.debug(
"[getUserFromRequest] SSLClientCert Auth: found "
"this SSL_CLIENT_S_DN_CN: %r", d_auth)
# ------------------------------------------------------------------ --
# In case of selftest
if isSelfTest(config=config):
log.debug("[getUserFromRequest] Doing selftest!")
login = get_request_param(request, "selftest_admin")
if login:
d_auth['login'] = login
log.debug(
"[getUserFromRequest] Found selfservice user: %r in "
"the request.", d_auth)
# ------------------------------------------------------------------ --
except Exception as exx:
log.exception(
"[getUserFromRequest] An error occurred when trying"
" to fetch the user from the request: %r", exx)
return d_auth
