def _cbAuthenticate(self, result, cred, deferred):
"""
"""
if len(result) == 0:
deferred.errback(credError.UnauthorizedLogin('deviceCode unknown'))
else:
deviceid, pin = result[0]
if self.customCheckFunc:
if self.customCheckFunc(deviceId, cred.password, pin):
deferred.callback(deviceId)
else:
deferred.errback(
credError.UnauthorizedLogin('pin mismatch'))
else:
if credentials.IUsernameHashedPassword.providedBy(cred):
if cred.checkPassword(pin):
deferred.callback(deviceid)
else:
deferred.errback(
error.UnauthorizedLogin('pin mismatch'))
elif credentials.IUsernamePassword.providedBy(cred):
if self.caseSensitivePasswords:
passOk = (pin.lower() == cred.password.lower())
else:
passOk = pin == cred.password
if passOk:
deferred.callback(deviceid)
else:
deferred.errback(
credError.UnauthorizedLogin('pin mismatch'))
else:
deferred.errback(credError.UnhandledCredentials())
def _auth(self, result, credentials):
if not result:
# Username not found in db
return defer.fail(
error.UnauthorizedLogin('Username or Password mismatch'))
else:
id = result.id
password = result.password
if IUsernameHashedPassword.providedBy(credentials):
if credentials.checkPassword(password):
return defer.succeed(id)
else:
return defer.fail(
error.UnauthorizedLogin('Username or Password mismatch'))
elif IUsernamePassword.providedBy(credentials):
m = hashlib.md5()
m.update(credentials.password)
#if password==m.hexdigest():
if password == credentials.password:
from goliat.session.usermanager import UserManager
if not UserManager().exists(id):
return defer.succeed(id)
else:
return defer.succeed(id)
#return defer.fail(
# error.LoginFailed('Already Logged'))
else:
return defer.fail(
error.UnauthorizedLogin('Username or Password mismatch'))
else:
# Wooops!
return defer.fail(
error.UnhandledCredentials(
'Revise the protocol configuration'))
def requestAvatarId(self, credentials):
if hasattr(credentials, 'password'):
if self.checkUserPass(credentials.username, credentials.password):
return defer.succeed(credentials.username)
else:
return defer.fail(error.UnauthorizedLogin())
elif hasattr(credentials, 'pamConversion'):
return self.checkPamUser(credentials.username,
credentials.pamConversion)
return defer.fail(error.UnhandledCredentials())
def requestAvatarId(self, credentials):
for interface in self.credentialInterfaces:
if interface.providedBy(credentials):
break
else:
raise error.UnhandledCredentials()
dbDeferred = self.runQuery(self.query, (credentials.username,))
deferred = Deferred()
dbDeferred.addCallbacks(self._cbAuthenticate, self._ebAuthenticate,
callbackArgs=(credentials, deferred),
errbackArgs=(credentials, deferred))
return deferred
def requestAvatarId(self, credentials):
#self.remoteip = packetReceived.transport.transport.client[0]
if hasattr(credentials, 'password'):
if self._check_user_creds(credentials.username,
credentials.password):
return defer.succeed(credentials.username)
else:
return defer.fail(TCerror.UnauthorizedLogin())
elif hasattr(credentials, 'pamConversion'):
return self._check_pam_user(credentials.username,
credentials.pamConversion)
return defer.fail(TCerror.UnhandledCredentials())
def requestAvatarId(self, credentials):
"""
Authenticate against authed session.
"""
for interface in self.credentialInterfaces:
if interface.providedBy(credentials):
break
else:
raise error.UnhandledCredentials()
if credentials.check_session():
return defer.succeed(credentials.get_uid())
else:
return defer.fail(
error.UnauthorizedLogin('Cookie don\'t own an authed session'))
def login(self, credentials, mind, *interfaces):
"""
@param credentials: an implementor of
L{twisted.cred.credentials.ICredentials}
@param mind: an object which implements a client-side interface for
your particular realm. In many cases, this may be None, so if the
word 'mind' confuses you, just ignore it.
@param interfaces: list of interfaces for the perspective that the mind
wishes to attach to. Usually, this will be only one interface, for
example IMailAccount. For highly dynamic protocols, however, this
may be a list like (IMailAccount, IUserChooser, IServiceInfo). To
expand: if we are speaking to the system over IMAP, any information
that will be relayed to the user MUST be returned as an
IMailAccount implementor; IMAP clients would not be able to
understand anything else. Any information about unusual status
would have to be relayed as a single mail message in an
otherwise-empty mailbox. However, in a web-based mail system, or a
PB-based client, the ``mind'' object inside the web server
(implemented with a dynamic page-viewing mechanism such as a
Twisted Web Resource) or on the user's client program may be
intelligent enough to respond to several ``server''-side
interfaces.
@return: A deferred which will fire a tuple of (interface,
avatarAspect, logout). The interface will be one of the interfaces
passed in the 'interfaces' argument. The 'avatarAspect' will
implement that interface. The 'logout' object is a callable which
will detach the mind from the avatar. It must be called when the
user has conceptually disconnected from the service. Although in
some cases this will not be in connectionLost (such as in a
web-based session), it will always be at the end of a user's
interactive session.
"""
for i in self.checkers:
if i.providedBy(credentials):
return maybeDeferred(
self.checkers[i].requestAvatarId, credentials
).addCallback(self.realm.requestAvatar, mind, *interfaces)
ifac = providedBy(credentials)
return defer.fail(
failure.Failure(
error.UnhandledCredentials(
"No checker for %s" % ", ".join(map(reflect.qual, ifac))
)
)
)
def _cbAuthenticate(self, result, credentials, deferred):
"""
Checks to see if authentication was good. Called once the info has
been retrieved from the DB.
"""
if len(result) == 0:
# Username not found in db
deferred.errback(error.UnauthorizedLogin('Username unknown'))
else:
username, password = result[0]
if self.customCheckFunc:
# Let the owner do the checking
if self.customCheckFunc(username, credentials.password,
password):
deferred.callback(credentials.username)
else:
deferred.errback(
error.UnauthorizedLogin('Password mismatch'))
else:
# It's up to us or the credentials object to do the checking
# now
if IUsernameHashedPassword.providedBy(credentials):
# Let the hashed password checker do the checking
if credentials.checkPassword(password):
deferred.callback(credentials.username)
else:
deferred.errback(
error.UnauthorizedLogin('Password mismatch'))
elif IUsernamePassword.providedBy(credentials):
# Compare the passwords, deciging whether or not to use
# case sensitivity
if self.caseSensitivePasswords:
passOk = (
password.lower() == credentials.password.lower())
else:
passOk = password == credentials.password
# See if they match
if passOk:
deferred.callback(credentials.username)
else:
deferred.errback(
error.UnauthorizedLogin('Password mismatch'))
else:
# OK, we don't know how to check this
deferred.errback(error.UnhandledCredentials())
def requestAvatarId(self, credentials):
"""
Authenticates the kiosk against the database.
"""
# Check that the credentials instance implements at least one of our
# interfaces
for interface in self.credentialInterfaces:
if interface.providedBy(credentials):
break
else:
raise error.UnhandledCredentials()
# Ask the database for the username and password
dbDeferred = self.runQuery(self.sql, (credentials.username,))
# Setup our deferred result
deferred = Deferred()
dbDeferred.addCallbacks(self._cbAuthenticate, self._ebAuthenticate,
callbackArgs=(credentials, deferred),
errbackArgs=(credentials, deferred))
return deferred
def requestAvatarId(self, credentials):
"""
Authenticates against the Database.
"""
# Check that the credentials instance implements at least one of our
# interfaces
for interface in self.credentialInterfaces:
if interface.providedBy(credentials):
break
else:
raise error.UnhandledCredentials()
from goliat.session.user import UserData
# Ask the database for the username and password
result = UserStore().get_store().find(
UserData,
UserData.username == unicode(credentials.username)).one()
UserStore().get_store().commit()
# Authenticate the user
return self._auth(result, credentials)
def requestAvatarId(self, cred): """ Authenticate username against database """ # check that the credentials instance implements at least one of our # interfaces for interface in self.credentialInterfaces: if interface.providedBy(cred): break else: raise credError.UnhandledCredentials() # query database for username and password dbDeferred = self.dbconn.runQuery(self.q, (cred.username,)) # setup deferred result deferred = defer.Deferred() dbDeferred.addCallbacks(self._cbAuthenticate, self._ebAuthenticate, callbackArgs=(cred, deferred), errbackArgs=(cred, deferred)) return deferred
