Exemplo n.º 1
0
    def do_authentication(self, **kwargs) -> str:
        if not self._client:
            logger.debug('No OpenID Connect Client configured')
            raise AuthenticationFailed()

        token: str = kwargs.get('token', None)
        if not token:
            logger.debug('No JWT token provided')
            raise AuthenticationFailed()

        try:
            jwt = JWT(keyjar=self._client.keyjar).unpack(token)
            self._client.verify_id_token(jwt, authn_req={})
            username = jwt['name']

        except Exception as ex:
            logger.info(str(ex))
            raise AuthenticationFailed()

        #
        # Assuming the token is valid, if we can't find the user, we
        # add them as an admin
        #
        with dbm.session() as session:
            if not AuthManager(session=session).get_principal(username):
                self._create_admin(session, username)

            return username
Exemplo n.º 2
0
    def do_authentication(self, **kwargs) -> str:
        """
        An authentication implementation that requires a username and
        password.

        :return str: the username
        :raises AuthenticationFailed:

        """
        username: str = kwargs.get('username', None)
        password: str = kwargs.get('password', None)

        if not username or not password:
            raise AuthenticationFailed()

        with dbm.session() as session:
            auth_manager = AuthManager(session=session)

            principal = auth_manager.get_principal(username)

            if not principal:
                #
                # See if there is a new admin available
                #
                auth_manager.reloadPrincipals()
                principal = auth_manager.get_principal(username)

            if not principal:
                raise AuthenticationFailed()

            if pbkdf2_sha256.verify(password, principal.get_password()):
                return username

            raise AuthenticationFailed()
Exemplo n.º 3
0
    def do_authentication(self, **kwargs):
        #
        # An instance of tortuga.web_service.websocket.actions.BaseAction
        #
        action = kwargs.get('action', None)
        if not action:
            raise AuthenticationFailed()

        if action.method != 'jwt':
            raise AuthenticationFailed()

        token: str = action.data.get('token', None)
        if not token:
            raise AuthenticationFailed()

        return super().do_authentication(token=token, **kwargs)
Exemplo n.º 4
0
    def do_authentication(self, **kwargs) -> str:
        """
        Authenticates trying all authentication methods in order, and stopping
        after the first one succeeds.

        """
        username = None
        for method in self._methods:
            try:
                #
                # Skip the callbacks so that we can defer calling them
                # until we know for sure the final result of the
                # authentication chain
                #
                username = method.authenticate(skip_callbacks=True, **kwargs)
                if username:
                    break
            except AuthenticationFailed:
                pass

        if username:
            self.on_authentication_succeeded(username)
            return username
        else:
            self.on_authentication_failed()
            raise AuthenticationFailed()
Exemplo n.º 5
0
    def do_authentication(self, **kwargs) -> str:
        scheme, value = self.parse_authorization_header()
        if scheme.lower() != 'basic':
            raise AuthenticationFailed()

        username, password = self.parse_username_password(value)

        return super().do_authentication(username=username, password=password)
Exemplo n.º 6
0
    def parse_authorization_header() -> Tuple[str, str]:
        """
        Parses an authorization header.

        :return (str, str): the (scheme, value) of the authorization header

        """
        if 'authorization' not in cherrypy.request.headers:
            raise AuthenticationFailed()

        header = cherrypy.request.headers['authorization']
        parts = header.split(' ', 1)

        if len(parts) != 2:
            raise AuthenticationFailed()

        return parts[0], parts[1]
Exemplo n.º 7
0
    def do_authentication(self, **kwargs):
        #
        # An instance of tortuga.web_service.websocket.actions.BaseAction
        #
        action = kwargs.get('action', None)
        if not action:
            raise AuthenticationFailed()

        if action.method != 'password':
            raise AuthenticationFailed()

        username: str = action.data.get('username', None)
        password: str = action.data.get('password', None)
        if not username or not password:
            raise AuthenticationFailed()

        return super().do_authentication(username=username,
                                         password=password, **kwargs)
Exemplo n.º 8
0
    def parse_username_password(self, encoded: str) -> Tuple[str, str]:         \
            # pylint: disable=no-self-use
        """
        Parses an base64 encoded header value and extracts the username
        and password.

        :param encoded: the encoded string

        :return (str, str): the username and password

        """
        decoded: str = base64.b64decode(encoded).decode()
        parts = decoded.split(':')

        if len(parts) != 2:
            raise AuthenticationFailed()

        return parts[0], parts[1]
Exemplo n.º 9
0
 def do_authentication(self, **kwargs) -> str:
     username: str = cherrypy.session.get(self.SESSION_KEY, None)
     if not username:
         raise AuthenticationFailed()
     return username
Exemplo n.º 10
0
    def do_authentication(self, **kwargs) -> str:
        scheme, value = self.parse_authorization_header()
        if scheme.lower() != 'bearer':
            raise AuthenticationFailed()

        return super().do_authentication(token=value)
Exemplo n.º 11
0
 def raise_authentication_failure_exception(username, **kwargs):
     raise AuthenticationFailed()