def verify(self, *args, **kwargs):
username = kwargs["username"]
if username in self.user_db and self.user_db[username] == kwargs[
"password"]:
return username
else:
raise FailedAuthentication()
def collect_user_info(endpoint_context, session, userinfo_claims=None):
"""
Collect information about a user.
This can happen in two cases, either when constructing an IdToken or
when returning user info through the UserInfo endpoint
:param session: Session information
:param userinfo_claims: user info claims
:return: User info
"""
authn_req = session['authn_req']
if userinfo_claims is None:
uic = scope2claims(authn_req["scope"])
# Get only keys allowed by user and update the dict if such info
# is stored in session
perm_set = session.get('permission')
if perm_set:
uic = {key: uic[key] for key in uic if key in perm_set}
uic = update_claims(session, "userinfo", uic)
if uic:
userinfo_claims = Claims(**uic)
else:
userinfo_claims = None
logger.debug("userinfo_claim: %s" %
sanitize(userinfo_claims.to_dict()))
logger.debug("Session info: %s" % sanitize(session))
authn_event = session['authn_event']
if authn_event:
uid = authn_event["uid"]
else:
uid = session['uid']
info = endpoint_context.userinfo(uid, authn_req['client_id'],
userinfo_claims)
if "sub" in userinfo_claims:
if not claims_match(session["sub"], userinfo_claims["sub"]):
raise FailedAuthentication("Unmatched sub claim")
info["sub"] = session["sub"]
try:
logger.debug("user_info_response: {}".format(info))
except UnicodeEncodeError:
try:
logger.debug("user_info_response: {}".format(info.encode('utf-8')))
except Exception:
pass
return info
def authenticated_as(self, cookie=None, authorization="", **kwargs):
"""
:param cookie: A HTTP Cookie
:param authorization: The HTTP Authorization header
:param kwargs: extra key word arguments
:return:
"""
(encmsg, iv) = base64.b64decode(authorization).split(":")
try:
aesgcm = AESGCM(self.symkey)
user = aesgcm.decrypt(iv, encmsg, None)
except (AssertionError, KeyError):
raise FailedAuthentication("Decryption failed")
return {"uid": user}, time.time()
def verify_password(self, user, password):
try:
assert password == self.passwd[user]
except (AssertionError, KeyError):
raise FailedAuthentication("Wrong password")
def verify_password(self, user, password):
if password != self.passwd[user]:
raise FailedAuthentication("Wrong password")