def process_login(items):
"""Hook to add token on POST to /sessions.
Attempts to first login via LDAP (if enabled), then login via database.
If the login is successful, the fields "username" and "password" are
removed and the fields "user" and "token" are added, which will be stored
in the db.
If the login is unsuccessful, abort(401)
Args:
items (list): List of items as passed by EVE to post hooks.
"""
for item in items:
username = item['username']
password = item['password']
# LDAP
if (app.config.get('ldap_connector')
and ldap.authenticate_user(username, password)):
# Success, sync user and get token
try:
user = ldap.sync_one(username)
app.logger.info("User '%s' was authenticated with LDAP" %
username)
except LDAPException:
# Sync failed! Try to find user in db.
user = _find_user(username)
if user:
app.logger.error(
f"User '{username}' authenticated with LDAP and found "
"in db, but LDAP sync failed.")
else:
status = (f"Login failed: user '{username}' authenticated "
"with LDAP but not found in db, and LDAP sync "
"failed.")
app.logger.error(status)
abort(401, description=debug_error_message(status))
_prepare_token(item, user['_id'])
return
# Database, try to find via nethz, mail or objectid
user = _find_user(username)
if user:
app.logger.debug("User found in db.")
if verify_password(user, item['password']):
app.logger.debug("Login for user '%s' successful." % username)
_prepare_token(item, user['_id'])
return
else:
status = "Login failed: Password does not match!"
app.logger.debug(status)
abort(401, description=debug_error_message(status))
# Abort if everything else fails
status = "Login with db failed: User not found!"
app.logger.debug(status)
abort(401, description=debug_error_message(status))
def process_login(items):
"""Hook to add token on POST to /sessions.
Attempts to first login via LDAP (if enabled), then login via database.
If the login is successful, the fields "username" and "password" are
removed and the fields "user" and "token" are added, which will be stored
in the db.
If the login is unsuccessful, abort(401)
Args:
items (list): List of items as passed by EVE to post hooks.
"""
for item in items:
username = item['username']
password = item['password']
# LDAP
if (app.config.get('ldap_connector') and
ldap.authenticate_user(username, password)):
# Success, sync user and get token
updated = ldap.sync_one(username)
_prepare_token(item, updated['_id'])
app.logger.info(
"User '%s' was authenticated with LDAP" % username)
return
# Database, try to find via nethz, mail or objectid
users = app.data.driver.db['users']
lookup = {'$or': [{'nethz': username}, {'email': username}]}
try:
objectid = ObjectId(username)
lookup['$or'].append({'_id': objectid})
except InvalidId:
pass # input can't be used as ObjectId
user = users.find_one(lookup)
if user:
app.logger.debug("User found in db.")
if verify_password(user, item['password']):
app.logger.debug("Login for user '%s' successful." % username)
_prepare_token(item, user['_id'])
return
else:
status = "Login failed: Password does not match!"
app.logger.debug(status)
abort(401, description=debug_error_message(status))
# Abort if everything else fails
status = "Login with db failed: User not found!"
app.logger.debug(status)
abort(401, description=debug_error_message(status))
def process_login(items):
"""Hook to add token on POST to /sessions.
Attempts to first login via LDAP (if enabled), then login via database.
If the login is successful, the fields "username" and "password" are
removed and the fields "user" and "token" are added, which will be stored
in the db.
If the login is unsuccessful, abort(401)
Args:
items (list): List of items as passed by EVE to post hooks.
"""
for item in items:
username = item['username']
password = item['password']
# LDAP
if (app.config.get('ldap_connector')
and ldap.authenticate_user(username, password)):
# Success, sync user and get token
updated = ldap.sync_one(username)
_prepare_token(item, updated['_id'])
app.logger.info("User '%s' was authenticated with LDAP" % username)
return
# Database, try to find via nethz, mail or objectid
users = app.data.driver.db['users']
lookup = {'$or': [{'nethz': username}, {'email': username}]}
try:
objectid = ObjectId(username)
lookup['$or'].append({'_id': objectid})
except InvalidId:
pass # input can't be used as ObjectId
user = users.find_one(lookup)
if user:
app.logger.debug("User found in db.")
if verify_password(user, item['password']):
app.logger.debug("Login for user '%s' successful." % username)
_prepare_token(item, user['_id'])
return
else:
status = "Login failed: Password does not match!"
app.logger.debug(status)
abort(401, description=debug_error_message(status))
# Abort if everything else fails
status = "Login with db failed: User not found!"
app.logger.debug(status)
abort(401, description=debug_error_message(status))
def test_authenticate_user(self):
"""Assert authentication is successful."""
with self.app.app_context():
self.assertTrue(
ldap.authenticate_user(LDAP_USER_NETHZ, LDAP_USER_PASSWORD)
)
def test_authenticate_user(self):
"""Assert authentication is successful."""
with self.app.app_context():
self.assertTrue(
ldap.authenticate_user(LDAP_USER_NETHZ, LDAP_USER_PASSWORD))