Exemplo n.º 1
0
    def get_authenticated_account(self):
        from r2.models import Account, NotFound, register

        try:
            authorization = request.environ.get("HTTP_AUTHORIZATION")
            username, password = parse_http_basic(authorization)
        except RequirementException:
            return None

        try:
            account = Account._by_name(username)
        except NotFound:
            if g.auth_trust_http_authorization:
                # note: we're explicitly allowing automatic re-registration of
                # _deleted accounts and login of _banned accounts here because
                # we're trusting you know what you're doing in an SSO situation
                account = register(username, password, request.ip)
            else:
                return None

        # if we're to trust the authorization headers, don't check passwords
        if g.auth_trust_http_authorization:
            return account

        # not all systems support bcrypt in the standard crypt
        if account.password.startswith("$2a$"):
            expected_hash = bcrypt.hashpw(password, account.password)
        else:
            expected_hash = crypt.crypt(password, account.password)

        if not constant_time_compare(expected_hash, account.password):
            return None
        return account
Exemplo n.º 2
0
 def _get_client_auth(self):
     auth = request.headers.get("Authorization")
     try:
         client_id, client_secret = parse_http_basic(auth)
         client = OAuth2Client.get_token(client_id)
         require(client)
         require(constant_time_compare(client.secret, client_secret))
         return client
     except RequirementException:
         abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
Exemplo n.º 3
0
 def _get_client_auth(self):
     auth = request.headers.get("Authorization")
     try:
         client_id, client_secret = parse_http_basic(auth)
         client = OAuth2Client.get_token(client_id)
         require(client)
         require(constant_time_compare(client.secret, client_secret))
         return client
     except RequirementException:
         abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
Exemplo n.º 4
0
def http_basic():
    """Authenticate the user based on their HTTP "Authorization" header."""
    import crypt

    try:
        authorization = request.environ.get("HTTP_AUTHORIZATION")
        username, password = parse_http_basic(authorization)
    except RequirementException:
        return None

    try:
        account = Account._by_name(username)
    except NotFound:
        return None

    # not all systems support bcrypt in the standard crypt
    if account.password.startswith("$2a$"):
        expected_hash = bcrypt.hashpw(password, account.password)
    else:
        expected_hash = crypt.crypt(password, account.password)

    if not constant_time_compare(expected_hash, account.password):
        return None
    return account
Exemplo n.º 5
0
def http_basic():
    """Authenticate the user based on their HTTP "Authorization" header."""
    import crypt

    try:
        authorization = request.environ.get("HTTP_AUTHORIZATION")
        username, password = parse_http_basic(authorization)
    except RequirementException:
        return None

    try:
        account = Account._by_name(username)
    except NotFound:
        return None

    # not all systems support bcrypt in the standard crypt
    if account.password.startswith("$2a$"):
        expected_hash = bcrypt.hashpw(password, account.password)
    else:
        expected_hash = crypt.crypt(password, account.password)

    if not constant_time_compare(expected_hash, account.password):
        return None
    return account