def process_login(items): """Hook to add token on POST to /sessions. Attempts to first login via LDAP (if enabled), then login via database. If the login is successful, the fields "username" and "password" are removed and the fields "user" and "token" are added, which will be stored in the db. If the login is unsuccessful, abort(401) Args: items (list): List of items as passed by EVE to post hooks. """ for item in items: username = item['username'] password = item['password'] # LDAP if (app.config.get('ldap_connector') and ldap.authenticate_user(username, password)): # Success, sync user and get token try: user = ldap.sync_one(username) app.logger.info("User '%s' was authenticated with LDAP" % username) except LDAPException: # Sync failed! Try to find user in db. user = _find_user(username) if user: app.logger.error( f"User '{username}' authenticated with LDAP and found " "in db, but LDAP sync failed.") else: status = (f"Login failed: user '{username}' authenticated " "with LDAP but not found in db, and LDAP sync " "failed.") app.logger.error(status) abort(401, description=debug_error_message(status)) _prepare_token(item, user['_id']) return # Database, try to find via nethz, mail or objectid user = _find_user(username) if user: app.logger.debug("User found in db.") if verify_password(user, item['password']): app.logger.debug("Login for user '%s' successful." % username) _prepare_token(item, user['_id']) return else: status = "Login failed: Password does not match!" app.logger.debug(status) abort(401, description=debug_error_message(status)) # Abort if everything else fails status = "Login with db failed: User not found!" app.logger.debug(status) abort(401, description=debug_error_message(status))
def process_login(items): """Hook to add token on POST to /sessions. Attempts to first login via LDAP (if enabled), then login via database. If the login is successful, the fields "username" and "password" are removed and the fields "user" and "token" are added, which will be stored in the db. If the login is unsuccessful, abort(401) Args: items (list): List of items as passed by EVE to post hooks. """ for item in items: username = item['username'] password = item['password'] # LDAP if (app.config.get('ldap_connector') and ldap.authenticate_user(username, password)): # Success, sync user and get token updated = ldap.sync_one(username) _prepare_token(item, updated['_id']) app.logger.info( "User '%s' was authenticated with LDAP" % username) return # Database, try to find via nethz, mail or objectid users = app.data.driver.db['users'] lookup = {'$or': [{'nethz': username}, {'email': username}]} try: objectid = ObjectId(username) lookup['$or'].append({'_id': objectid}) except InvalidId: pass # input can't be used as ObjectId user = users.find_one(lookup) if user: app.logger.debug("User found in db.") if verify_password(user, item['password']): app.logger.debug("Login for user '%s' successful." % username) _prepare_token(item, user['_id']) return else: status = "Login failed: Password does not match!" app.logger.debug(status) abort(401, description=debug_error_message(status)) # Abort if everything else fails status = "Login with db failed: User not found!" app.logger.debug(status) abort(401, description=debug_error_message(status))
def process_login(items): """Hook to add token on POST to /sessions. Attempts to first login via LDAP (if enabled), then login via database. If the login is successful, the fields "username" and "password" are removed and the fields "user" and "token" are added, which will be stored in the db. If the login is unsuccessful, abort(401) Args: items (list): List of items as passed by EVE to post hooks. """ for item in items: username = item['username'] password = item['password'] # LDAP if (app.config.get('ldap_connector') and ldap.authenticate_user(username, password)): # Success, sync user and get token updated = ldap.sync_one(username) _prepare_token(item, updated['_id']) app.logger.info("User '%s' was authenticated with LDAP" % username) return # Database, try to find via nethz, mail or objectid users = app.data.driver.db['users'] lookup = {'$or': [{'nethz': username}, {'email': username}]} try: objectid = ObjectId(username) lookup['$or'].append({'_id': objectid}) except InvalidId: pass # input can't be used as ObjectId user = users.find_one(lookup) if user: app.logger.debug("User found in db.") if verify_password(user, item['password']): app.logger.debug("Login for user '%s' successful." % username) _prepare_token(item, user['_id']) return else: status = "Login failed: Password does not match!" app.logger.debug(status) abort(401, description=debug_error_message(status)) # Abort if everything else fails status = "Login with db failed: User not found!" app.logger.debug(status) abort(401, description=debug_error_message(status))
def test_authenticate_user(self): """Assert authentication is successful.""" with self.app.app_context(): self.assertTrue( ldap.authenticate_user(LDAP_USER_NETHZ, LDAP_USER_PASSWORD) )
def test_authenticate_user(self): """Assert authentication is successful.""" with self.app.app_context(): self.assertTrue( ldap.authenticate_user(LDAP_USER_NETHZ, LDAP_USER_PASSWORD))