def get_user_by_username_and_password(self, username: str, password: str) -> dict:
"""
Try to find a user and check the password. If a match is found, create a dict that contains the username, the
userlevel, the timestamp of login and the timestamp of the last access.
:param username: The username
:param password: The password
:return: The described dict or None on invalid credentials or inactive user account.
"""
if username is None:
return None
if password is None:
return None
if not UserManager.username_regex.match(username):
return None
user_section = 'User:{:s}'.format(username)
if not user_section in self.__config.sections():
return None
section = self.__config[user_section]
level = 'level' in section and section['level'] or None
salt = 'salt' in section and section['salt'] or None
saved_password = '******' in section and section['password'] or None
enabled = 'enabled' in section and section['enabled'] or None
if level is None or enabled is None:
return None
if enabled.lower() != 'yes':
return None
password_to_compare = hash_password(password, salt=salt, secret=self.secret)
if password_to_compare != saved_password:
return None
return dict(username=username, level=level, timestamp=time.time(), last_access=time.time())
def __init__(self):
"""
Load the user basic configuration from the users.ini file.
:raise IOError: When there can be no users.ini can be loaded or created.
"""
self.__conf_file = FsTools.get_config_file('users.ini')
config = configparser.ConfigParser()
config.read(self.__conf_file)
config_changed = False
if not '_Config_' in config.sections():
config.add_section('_Config_')
config.set('_Config_', 'secret', create_salt())
config_changed = True
if config_changed:
with open(self.__conf_file, 'w') as fh:
config.write(fh)
fh.flush()
fh.close()
config_changed = False
if not 'secret' in config['_Config_']:
config.set('_Config_', 'secret', create_salt())
config_changed = True
if config_changed:
with open(self.__conf_file, 'w') as fh:
config.write(fh)
fh.flush()
fh.close()
config_changed = False
if len(config.sections()) < 1:
raise IOError('Invalid configuration in "{:s}"'.format(
self.__conf_file))
self.secret = config['_Config_']['secret']
if len(config.sections()) == 1:
# No std user!
config.add_section('User:arobito')
config.set('User:arobito', 'level', 'Administrator')
salt = create_salt()
config.set('User:arobito', 'salt', salt)
config.set('User:arobito', 'password',
hash_password('arobito', salt=salt, secret=self.secret))
config.set('User:arobito', 'enabled', 'yes')
config_changed = True
if config_changed:
with open(self.__conf_file, 'w') as fh:
config.write(fh)
fh.flush()
fh.close()
self.__config = config
def __init__(self):
"""
Load the user basic configuration from the users.ini file.
:raise IOError: When there can be no users.ini can be loaded or created.
"""
self.__conf_file = FsTools.get_config_file('users.ini')
config = configparser.ConfigParser()
config.read(self.__conf_file)
config_changed = False
if not '_Config_' in config.sections():
config.add_section('_Config_')
config.set('_Config_', 'secret', create_salt())
config_changed = True
if config_changed:
with open(self.__conf_file, 'w') as fh:
config.write(fh)
fh.flush()
fh.close()
config_changed = False
if not 'secret' in config['_Config_']:
config.set('_Config_', 'secret', create_salt())
config_changed = True
if config_changed:
with open(self.__conf_file, 'w') as fh:
config.write(fh)
fh.flush()
fh.close()
config_changed = False
if len(config.sections()) < 1:
raise IOError('Invalid configuration in "{:s}"'.format(self.__conf_file))
self.secret = config['_Config_']['secret']
if len(config.sections()) == 1:
# No std user!
config.add_section('User:arobito')
config.set('User:arobito', 'level', 'Administrator')
salt = create_salt()
config.set('User:arobito', 'salt', salt)
config.set('User:arobito', 'password', hash_password('arobito', salt=salt, secret=self.secret))
config.set('User:arobito', 'enabled', 'yes')
config_changed = True
if config_changed:
with open(self.__conf_file, 'w') as fh:
config.write(fh)
fh.flush()
fh.close()
self.__config = config
def get_user_by_username_and_password(self, username: str,
password: str) -> dict:
"""
Try to find a user and check the password. If a match is found, create a dict that contains the username, the
userlevel, the timestamp of login and the timestamp of the last access.
:param username: The username
:param password: The password
:return: The described dict or None on invalid credentials or inactive user account.
"""
if username is None:
return None
if password is None:
return None
if not UserManager.username_regex.match(username):
return None
user_section = 'User:{:s}'.format(username)
if not user_section in self.__config.sections():
return None
section = self.__config[user_section]
level = 'level' in section and section['level'] or None
salt = 'salt' in section and section['salt'] or None
saved_password = '******' in section and section['password'] or None
enabled = 'enabled' in section and section['enabled'] or None
if level is None or enabled is None:
return None
if enabled.lower() != 'yes':
return None
password_to_compare = hash_password(password,
salt=salt,
secret=self.secret)
if password_to_compare != saved_password:
return None
return dict(username=username,
level=level,
timestamp=time.time(),
last_access=time.time())
