def authenticate(self, user_name: str, password: str, **kwargs) -> UserModel:
__dbm = DatabaseManagerMongo(
**SystemConfigReader().get_all_values_from_section('Database')
)
__user_manager = UserManager(__dbm)
try:
ldap_connection_status = self.connect()
LOGGER.debug(f'[LdapAuthenticationProvider] Connection status: {ldap_connection_status}')
except Exception as e:
LOGGER.error(f'[LdapAuthenticationProvider] Failed to connect to LDAP server - error: {e}')
raise AuthenticationError(LdapAuthenticationProvider.get_name(), e)
ldap_search_filter = self.config.search['searchfilter'].replace("%username%", user_name)
LOGGER.debug(f'[LdapAuthenticationProvider] Search Filter: {ldap_search_filter}')
search_result = self.__ldap_connection.search(self.config.search['basedn'], ldap_search_filter)
LOGGER.debug(f'[LdapAuthenticationProvider] Search result: {search_result}')
if not search_result or len(self.__ldap_connection.entries) == 0:
raise AuthenticationError(LdapAuthenticationProvider.get_name(), 'No matching entry')
for entry in self.__ldap_connection.entries:
LOGGER.debug(f'[LdapAuthenticationProvider] Entry: {entry}')
entry_dn = entry.entry_dn
try:
entry_connection_result = LdapAuthenticationProvider.Connection(self.__ldap_server, entry_dn, password,
auto_bind=True)
LOGGER.debug(f'[LdapAuthenticationProvider] UserModel connection result: {entry_connection_result}')
except Exception as e:
LOGGER.error(f'[LdapAuthenticationProvider] UserModel auth result: {e}')
raise AuthenticationError(LdapAuthenticationProvider.get_name(), e)
# Check if user exists
try:
user_instance: UserModel = __user_manager.get_by({'user_name': user_name})
except ManagerGetError as umge:
LOGGER.warning(f'[LdapAuthenticationProvider] UserModel exists on LDAP but not in database: {umge}')
LOGGER.debug(f'[LdapAuthenticationProvider] Try creating user: {user_name}')
try:
new_user_data = dict()
new_user_data['user_name'] = user_name
new_user_data['active'] = True
new_user_data['group_id'] = self.config.default_group
new_user_data['registration_time'] = datetime.now()
new_user_data['authenticator'] = LdapAuthenticationProvider.get_name()
except Exception as e:
LOGGER.debug(f'[LdapAuthenticationProvider] {e}')
raise AuthenticationError(LdapAuthenticationProvider.get_name(), e)
LOGGER.debug(f'[LdapAuthenticationProvider] New user was init')
try:
user_id = __user_manager.insert(new_user_data)
except ManagerInsertError as umie:
LOGGER.debug(f'[LdapAuthenticationProvider] {umie}')
raise AuthenticationError(LdapAuthenticationProvider.get_name(), umie)
try:
user_instance: UserModel = __user_manager.get(public_id=user_id)
except ManagerGetError as umge:
LOGGER.debug(f'[LdapAuthenticationProvider] {umge}')
raise AuthenticationError(LdapAuthenticationProvider.get_name(), umge)
return user_instance
def authenticate(self, user_name: str, password: str, **kwargs) -> UserModel:
__dbm = DatabaseManagerMongo(
**SystemConfigReader().get_all_values_from_section('Database')
)
__scm = SecurityManager(__dbm)
__user_manager = UserManager(__dbm)
LOGGER.info(f'[LocalAuthenticationProvider] Try login for user {user_name}')
try:
user: UserModel = __user_manager.get_by({'user_name': user_name})
except ManagerGetError as umge:
raise AuthenticationError(LocalAuthenticationProvider.get_name(), umge.message)
login_pass = __scm.generate_hmac(password)
if login_pass == user.password:
return user
raise AuthenticationError(LocalAuthenticationProvider.get_name(), 'UserModel not exists')
def login(self, user_manager: UserManager, user_name: str,
password: str) -> Union[UserModel, None]:
"""
Performs a login try with given username and password
If the user is not found, iterate over all installed and activated providers
Args:
user_manager: Usermanager instance
user_name: Name of the user
password: Password
Returns:
UserModel: instance if user was found and password was correct
None: if something went wrong
"""
user_name = user_name.lower()
user_instance = None
try:
founded_user = user_manager.get_by({'user_name': user_name})
provider_class_name = founded_user.authenticator
LOGGER.debug(
f'[AUTH] Founded user: {founded_user} with provider: {provider_class_name}'
)
if not self.provider_exists(provider_class_name):
raise AuthenticationProviderNotExistsError(provider_class_name)
provider: ClassVar[
AuthenticationProvider] = self.get_provider_class(
provider_class_name)
provider_config_class: ClassVar[
str] = provider.PROVIDER_CONFIG_CLASS
provider_config_settings = self.settings.get_provider_settings(
provider.get_name())
provider_config_instance = provider_config_class(
**provider_config_settings)
provider_instance = provider(config=provider_config_instance)
if not provider_instance.is_active():
raise AuthenticationProviderNotActivated(
f'Provider {provider_class_name} is deactivated')
if provider_instance.EXTERNAL_PROVIDER and not self.settings.enable_external:
raise AuthenticationProviderNotActivated(
f'External providers are deactivated')
try:
user_instance = provider_instance.authenticate(
user_name, password)
except AuthenticationError as ae:
LOGGER.error(f'[LOGIN] UserModel could not login: {ae}')
except ManagerGetError as umge:
LOGGER.error(f'[AUTH] {user_name} not in database: {umge}')
LOGGER.info(
f'[AUTH] Check for other providers - request_user: {user_name}'
)
# get installed providers
provider_list = self.providers
LOGGER.debug(f'[AUTH] Provider list: {provider_list}')
external_enabled = self.settings.enable_external
for provider in provider_list:
LOGGER.debug(f'[AUTH] using provider: {provider}')
provider_config_class = provider.PROVIDER_CONFIG_CLASS
provider_settings = self.settings.get_provider_settings(
provider.get_name())
provider_config_instance = provider_config_class(
**provider_settings)
if not provider_config_instance.is_active():
continue
if provider.EXTERNAL_PROVIDER and not self.settings.enable_external:
continue
provider_instance = provider(config=provider_config_instance)
try:
user_instance = provider_instance.authenticate(
user_name, password)
if user_instance:
break
except AuthenticationError as ae:
LOGGER.error(
f'[AUTH] UserModel {user_name} could not validate with provider {provider}: {ae}'
)
LOGGER.info(f'[AUTH] Provider instance: {provider_instance}')
except Exception as e:
import traceback
traceback.print_exc()
LOGGER.error(f'[AUTH] Error while login: {e}')
return None
finally:
return user_instance
