Пример #1
0
def validate_user(username, password, htpassfile=None, session={}, request=None):
    ''' Validate the User with htpassfile or Trac '''

    from brain import bconfig
    result = {}

    # validate the user with htpassfile or trac username
    is_valid = False
    user = None
    # try from request
    if not htpassfile and request:
        htpassfile = request.environ.get('HTPASSFILE', None)

    # try from brain config
    if not htpassfile and hasattr(bconfig, '_htpass_path'):
        htpassfile = bconfig._htpass_path

    # validate user
    if username == 'sdss':
        if htpassfile:
            htpass = HtpasswdFile(htpassfile)
            is_valid = htpass.check_password(username, password)
            user = username
        else:
            result['error'] = 'No valid htpasswd file found!'
    else:
        result = inspection_authenticate(session, username=username, password=password)
        is_valid = result['is_valid']
        user = result.get('membername', None)

    return is_valid, user, result
Пример #2
0
 def __init__(self, file_path):
     """
     :param file_path: Path to the file with authentication information.
     :type file_path: ``str``
     """
     self._file_path = file_path
     self._htpasswd_file = HtpasswdFile(path=self._file_path)
Пример #3
0
def compute_basic_auth(username, password):
    """Generate hashed HTTP basic auth from traefik_api username+password"""
    ht = HtpasswdFile()
    # generate htpassword
    ht.set_password(username, password)
    hashed_password = str(ht.to_string()).split(":")[1][:-3]
    return username + ":" + hashed_password
Пример #4
0
def verify_pw(username, password):
    """ return password or None if there isn't one"""
    credentials = HtpasswdFile(app.config["CREDENTIAL_FILE"])
    if not credentials.check_password(username, password):
        logging.warning("%s tried to login with wrong password", username)
        return False
    return True
class HtpasswdAuthenticator(object):
    """
    Handles the user authentication for htpasswd files
    htpasswd is the location of the htpasswd to use
    """
    def __init__(self):
        #try to locate the server config and load it
        server_folder = os.path.join(os.path.expanduser("~"), '.conan_server')
        server_conf = os.path.join(server_folder, "server.conf")
        htpasswd_location = os.path.join(server_folder, "plugins",
                                         "authentication", ".htpasswd")
        if os.path.exists(server_conf):
            conf = ConfigParser()
            conf.read(server_conf)
            new_loc = conf.get("server", "htpasswd_file")
            if os.path.exists(new_loc):
                htpasswd_location = new_loc

        self.htpasswd = HtpasswdFile(htpasswd_location)

    def valid_user(self, username, plain_password):
        """
        username: Username to be authenticated
        plain_password: The password to authenticate with
        return: True if match False if don't
        """
        # Update
        self.htpasswd.load_if_changed()
        # Verify
        return username in self.htpasswd.users() and \
               self.htpasswd.check_password(username, plain_password)
Пример #6
0
    def _generate_htpassword(self):
        from passlib.apache import HtpasswdFile

        ht = HtpasswdFile()
        ht.set_password(self.traefik_api_username, self.traefik_api_password)
        self.traefik_api_hashed_password = str(
            ht.to_string()).split(":")[1][:-3]
Пример #7
0
def authenticate(passwordFile: HtpasswdFile, credentials: Credentials) -> None:
    """Checks a name and password combination against a password file.

    Returns if authentication succeeds.
    Raises `UnauthorizedLogin` if the given user name and password
    combination is not accepted.

    The hashed version of the password will be updated with a new
    hash function if the current one is depricated.
    """

    name = credentials.name
    password = credentials.password

    try:
        checkPassword(password)
    except ValueError as ex:
        raise UnauthorizedLogin(ex) from ex

    # Have passlib check the password. When passed a None hash, it will
    # perform a dummy computation to keep the timing consistent.
    passwordFile.load_if_changed()
    correct, newHash = passwordFile.context.verify_and_update(
        password.encode(), passwordFile.get_hash(name))
    if not correct:
        raise UnauthorizedLogin('Authentication failed')

    if newHash is not None:
        # Replace hash with better algorithm or config.
        passwordFile.set_hash(name, newHash)
        writePasswordFile(passwordFile)
Пример #8
0
def initPasswordFile(path: Path) -> HtpasswdFile:
    passwordFile = HtpasswdFile(str(path), default_scheme='portable', new=True)

    # Marking schemes as deprecated tells passlib to re-hash when a password
    # is successfully verified. Instead of marking only known insecure schemes
    # as deprecated, we mark everything except the default scheme.
    # A good password cannot be brute forced in a reasonable amount of time,
    # but few people actually use good passwords, so slowing down an attacker
    # by using the best hash algorithm we have available is useful.
    orgContext = passwordFile.context
    defaultScheme = orgContext.default_scheme()
    deprecated = [
        scheme for scheme in orgContext.schemes() if scheme != defaultScheme
    ]
    passwordFile.context = orgContext.copy(deprecated=deprecated)

    try:
        passwordFile.load()
    except FileNotFoundError:
        path.parent.mkdir(parents=True, exist_ok=True)
        # Create empty file.
        with path.open('a'):
            pass

    return passwordFile
Пример #9
0
def create_basic_auth_secret(
    secret_name: str,
    namespace: str,
    basic_auth_cred: BasicAuthCred = None,
):
    """ Creates a secret with the configured TLS certificates in the K8s cluster.
        Optionally adds credentials for Basic Authentication"""
    not_empty(secret_name)
    not_empty(namespace)

    ctx = kube_ctx
    namespace_helper = ctx.namespace_helper()
    namespace_helper.create_if_absent(namespace)

    secret_helper = ctx.secret_helper()
    if not secret_helper.get_secret(secret_name, namespace):
        ht = HtpasswdFile()
        ht.set_password(basic_auth_cred.user, basic_auth_cred.password)
        data = {
            'auth': ht.to_string().decode('utf-8'),
        }
        secret_helper.put_secret(
            name=secret_name,
            data=data,
            namespace=namespace,
        )
Пример #10
0
def create_tls_secret(tls_config: TlsConfig,
                      tls_secret_name: str,
                      namespace: str,
                      basic_auth_cred: BasicAuthCred = None):
    """ Creates a secret with the configured TLS certificates in the K8s cluster.
        Optionally adds credentials for Basic Authentication"""
    not_none(tls_config)
    not_empty(tls_secret_name)
    not_empty(namespace)

    ctx = kube_ctx
    namespace_helper = ctx.namespace_helper()
    namespace_helper.create_if_absent(namespace)

    secret_helper = ctx.secret_helper()
    if not secret_helper.get_secret(tls_secret_name, namespace):
        data = {
            'tls.key': tls_config.private_key(),
            'tls.crt': tls_config.certificate(),
        }
        if basic_auth_cred:
            ht = HtpasswdFile()
            ht.set_password(basic_auth_cred.user, basic_auth_cred.password)
            data['auth'] = ht.to_string().decode('utf-8')
        secret_helper.put_secret(
            name=tls_secret_name,
            data=data,
            namespace=namespace,
        )
Пример #11
0
 def __init__(self,
              htpasswd_file=".htpasswd",
              perms_file=".repoperms",
              keys_file=".rsakeys"):
     self.htpasswd = HtpasswdFile(htpasswd_file)
     self.perms_file = perms_file
     self.keys_file = keys_file
Пример #12
0
    def __init__(self):
        config = self.get_component_config()

        if 'file' not in config:
            raise InsufficientConfiguration(missing='file', component=self.get_component_name())

        self.htpasswd = HtpasswdFile(config['file'])
Пример #13
0
 def authenticate(self, request):
     """Authenticate the provided request."""
     if (self.config.password_file is None
             or self.config.password_file == '.'):
         return True
     pwd_file = HtpasswdFile(self.config.password_file)
     pwd_file.load_if_changed()
     return pwd_file.check_password(*request.auth)
Пример #14
0
def groupfinder(username, password, request):
    ht = HtpasswdFile()
    ht.load_string(os.environ.get("HTPASSWORDS", ""))

    if ht.check_password(username, password):
        return ["admin"]
    else:
        return None
Пример #15
0
 def is_user_authenticated(self, username, password):
     passfile = HtpasswdFile(config['passfile'])
     
     # is the user in the password file?
     if not username in passfile.users():
         return False
     
     return passfile.check_password(username, password)
Пример #16
0
    def test_make_htpasswd(self):
        self.server.add_user('testuser', 'testpass')
        self.server.add_user('xtestuser', 'xtestpass')
        with NamedTemporaryFile() as file:
            self.server.make_htpasswd(file.name)

            ht = HtpasswdFile(file.name)
            self.assertEqual(['testuser', 'xtestuser'], sorted(ht.users()))
            self.assertTrue(ht.check_password('testuser', 'testpass'))
Пример #17
0
class UserDB():

    def __init__(self, filename):
        self.htpasswd = HtpasswdFile(filename)

    def get_users(self):
        self.htpasswd.get_users()

    def check_password(self, user, password):
        return self.htpasswd.check_password(user, password)
Пример #18
0
def verify_passwd_hash(username, password):
  htContent = HtpasswdFile(app.config['HTPASSWD_FILE'], default_scheme='sha256_crypt')
  passwdHash = htContent.get_hash(username)
  try:
    hashMatch = sha256_crypt.verify(password, passwdHash)
    if hashMatch:
      return True
  except ValueError:
    return False
  except TypeError:
    return False
Пример #19
0
    def check_credentials(self, username, password):
        """ Need to make this file based. """

        if os.path.isfile(self.htpasswd):
            ht = HtpasswdFile(self.htpasswd)
            if ht.check_password(username, password):
                return (True)
            else:
                return (u"Incorrect username or password.")

        return (u"Htpasswd file was not found ")
Пример #20
0
def verify_password(login, password):
    try:
        htpasswd_file = HtpasswdFile(current_app.config['HTPASSWD_PATH'])
    except EnvironmentError:
        return False

    if htpasswd_file.check_password(login, password):
        return True
    else:
        g.reason = 'invalid password'

    return False
Пример #21
0
def verify_password(login, password):
    try:
        htpasswd_file = HtpasswdFile(current_app.config['HTPASSWD_PATH'])
    except EnvironmentError:
        return False

    if htpasswd_file.check_password(login, password):
        return True
    else:
        g.reason = 'invalid password'

    return False
    def authenticate(self, username, password):
        htpasswd_file = HtpasswdFile(path=self._file_path)
        result = htpasswd_file.check_password(username, password)

        if result is None:
            LOG.debug('User "%s" doesn\'t exist' % (username))
        elif result is False:
            LOG.debug('Invalid password for user "%s"' % (username))
        elif result is True:
            LOG.debug('Authentication for user "%s" successful' % (username))

        return bool(result)
Пример #23
0
    def authenticate(self, username, password):
        htpasswd_file = HtpasswdFile(path=self._file_path)
        result = htpasswd_file.check_password(username, password)

        if result is None:
            LOG.debug('User "%s" doesn\'t exist' % (username))
        elif result is False:
            LOG.debug('Invalid password for user "%s"' % (username))
        elif result is True:
            LOG.debug('Authentication for user "%s" successful' % (username))

        return bool(result)
Пример #24
0
def check_auth(username, password):
    """This function is called to check if a username /
    password combination is valid.
    """
    if htpasswd is None:
        logging.warning("htpasswd not initialized, denying")
        return False
    if htpasswd is False:
        logging.info("htpasswd skipped, because it is set to False")
        return True
    ht = HtpasswdFile(htpasswd)
    return ht.check_password(username, password)
Пример #25
0
    def authenticate_credentials(self, key):
        ht = HtpasswdFile(settings.PATH_TO_HTPASSWD_FILE)

        usernames = ht.users()
        for username in usernames:
            check_result = ht.check_password(username, key)
            if check_result:
                if username == usernames[0]:
                    return (self.get_user('admin'), key)
                else:
                    return (self.get_user(username), key)

        raise exceptions.AuthenticationFailed('Invalid token.')
Пример #26
0
    def load_users(self, app):
        """
        Load users from configured file.

        Args:
            app (flask.Flask): Flask application to load users from.

        Raises:
            IOError: If the configured htpasswd file does not exist.
        Returns:
            None
        """
        self.users = HtpasswdFile(app.config['FLASK_HTPASSWD_PATH'])
Пример #27
0
def add_user(username, password):
    cwd = os.path.abspath(__file__)[:-8]
    if os.path.exists(cwd + "login/.htpasswd") == False:
        ht = HtpasswdFile(cwd + "login/.htpasswd", new=True)
        result = ht.set_password(username, password)
        ht.save()
        return result
    else:
        ht = HtpasswdFile(cwd + "login/.htpasswd")
        result = ht.set_password(username, password)
        ht.save()
        if result == False:
            return True
Пример #28
0
def validate_user(username, password, htpassfile=None, request=None):
    ''' Validate the User with htpassfile or Trac

    Tries to validate a user first with a user login from the htpassfile,
    and second from a Trac wiki account.

    Parameters:
        username (str):
            The login user id
        password (str):
            The login user password
        htpassfile (str):
            Optional.  The full path to an htpassfile.
        request (Request):
            The Flask request object

    Returns:
        A tuple of (boolean if the user is valid, the username, and the
        results dictionary)

    '''

    from brain import bconfig
    result = {}

    # validate the user with htpassfile or trac username
    is_valid = False
    user = None
    # try from request
    if not htpassfile and request:
        htpassfile = request.environ.get('HTPASSFILE', None)

    # try from brain config
    if not htpassfile and hasattr(bconfig, '_htpass_path'):
        htpassfile = bconfig._htpass_path

    # validate user
    if username == 'sdss':
        if htpassfile:
            htpass = HtpasswdFile(htpassfile)
            is_valid = htpass.check_password(username, password)
            user = username
        else:
            result['error'] = 'No valid htpasswd file found!'
    else:
        result = collaboration_authenticate(username=username,
                                            password=password)
        is_valid = result['is_valid']
        user = result.get('user', None)

    return is_valid, user, result
Пример #29
0
def _htpasswd(username, password, **kwargs):
    '''
    Provide authentication via Apache-style htpasswd files
    '''

    from passlib.apache import HtpasswdFile

    pwfile = HtpasswdFile(kwargs['filename'])

    # passlib below version 1.6 uses 'verify' function instead of 'check_password'
    if salt.utils.version_cmp(kwargs['passlib_version'], '1.6') < 0:
        return pwfile.verify(username, password)
    else:
        return pwfile.check_password(username, password)
Пример #30
0
    def authenticate_credentials(self, userid, password, request=None):
        ht = HtpasswdFile(settings.PATH_TO_HTPASSWD_FILE)
        result = ht.check_password(userid, password)
        usernames = ht.users()

        if result is None:
            raise exceptions.AuthenticationFailed('Invalid username.')
        elif not result:
            raise exceptions.AuthenticationFailed('Invalid password.')
        else:
            if userid == usernames[0]:
                return (self.get_user('admin'), None)
            else:
                return (self.get_user(userid), None)
Пример #31
0
class Auth(dnscherry.auth.Auth):
    def __init__(self, config, logger=None):
        self.logout_button = True
        self.htpasswdfile = self._get_param('auth.htpasswd.file', config, None)
        self.ht = HtpasswdFile(self.htpasswdfile)

    def check_credentials(self, username, password):
        try:
            return self.ht.check_password(username, password)
        # older versions of passlib doesn't have check_password
        except AttributeError:
            username = str(username)
            password = str(password)
            return self.ht.verify(username, password)
    def __init__(self):
        #try to locate the server config and load it
        server_folder = os.path.join(os.path.expanduser("~"), '.conan_server')
        server_conf = os.path.join(server_folder, "server.conf")
        htpasswd_location = os.path.join(server_folder, "plugins",
                                         "authentication", ".htpasswd")
        if os.path.exists(server_conf):
            conf = ConfigParser()
            conf.read(server_conf)
            new_loc = conf.get("server", "htpasswd_file")
            if os.path.exists(new_loc):
                htpasswd_location = new_loc

        self.htpasswd = HtpasswdFile(htpasswd_location)
Пример #33
0
class Auth(dnscherry.auth.Auth):

    def __init__(self, config, logger=None):
        self.logout_button = True
        self.htpasswdfile = self._get_param('auth.htpasswd.file', config, None)
        self.ht = HtpasswdFile(self.htpasswdfile)

    def check_credentials(self, username, password):
        try:
            return self.ht.check_password(username, password)
        # older versions of passlib doesn't have check_password
        except AttributeError:
            username = str(username)
            password = str(password)
            return self.ht.verify(username, password)
Пример #34
0
    def __init__(self, conf):
        auth = conf.get('auth')
        if auth not in AuthChecker.methods:
            raise ValueError('unknown auth type: ' + auth)

        self.auth = auth
        self.https_only = conf.get('auth_https_only')

        if auth == 'basic':
            htpasswd = os.path.join(conf['data_dir'], 'htpasswd.db')
            htpasswd = conf.get('auth_htpasswd') or htpasswd
            self.htpasswd = HtpasswdFile(htpasswd)
            self._log('Using htpasswd: ' + str(htpasswd))

            self.realm = conf.get('auth_realm', 'fileshelf')
Пример #35
0
class TestAuthnz(object):
    def __init__(self,
                 htpasswd_file=".htpasswd",
                 perms_file=".repoperms",
                 keys_file=".rsakeys"):
        self.htpasswd = HtpasswdFile(htpasswd_file)
        self.perms_file = perms_file
        self.keys_file = keys_file

    def can_read(self, username, path_info):
        return self._check_access(username, path_info, "r")

    def can_write(self, username, path_info):
        return self._check_access(username, path_info, "w")

    def _check_access(self, username, path_info, level):
        if username is None:
            username = "******"

        if path_info['repository_fs_path'] is None:
            return False

        repo = os.path.basename(path_info['repository_fs_path'])

        config = SafeConfigParser()
        config.read(self.perms_file)

        if not config.has_option(repo, username):
            return False

        return level in config.get(repo, username)

    def check_password(self, username, password):
        self.htpasswd.load_if_changed()
        return self.htpasswd.check_password(username, password)

    def check_publickey(self, username, keyblob):
        with open(self.keys_file, 'rb') as f:
            for line in f:
                try:
                    user, key = line.split(':', 1)
                    if (username == user.strip() and
                        keyblob == keys.Key.fromString(data=key.strip()
                                                       ).blob()):
                        return True
                except:
                    log.err(None, "Loading key failed")
        return False
Пример #36
0
class FlatFileAuthenticationBackend(BaseAuthenticationBackend):
    """
    Backend which reads authentication information from a local file.

    Entries need to be in a htpasswd file like format. This means entries can be managed with
    the htpasswd utility (https://httpd.apache.org/docs/current/programs/htpasswd.html) which
    ships with Apache HTTP server.

    Note: This backends depends on the "passlib" library.
    """

    def __init__(self, file_path):
        """
        :param file_path: Path to the file with authentication information.
        :type file_path: ``str``
        """
        self._file_path = file_path
        self._htpasswd_file = HtpasswdFile(path=self._file_path)

    def authenticate(self, username, password):
        result = self._htpasswd_file.check_password(username, password)

        if result is None:
            LOG.debug('User "%s" doesn\'t exist' % (username))
        elif result is False:
            LOG.debug('Invalid password for user "%s"' % (username))
        elif result is True:
            LOG.debug('Authentication for user "%s" successful' % (username))

        return bool(result)

    def get_user(self, username):
        pass
Пример #37
0
 def __init__(self,
              htpasswd_file=".htpasswd",
              perms_file=".repoperms",
              keys_file=".rsakeys"):
     self.htpasswd = HtpasswdFile(htpasswd_file)
     self.perms_file = perms_file
     self.keys_file = keys_file
Пример #38
0
    def check_user(self, username, password):
        """
        Verify if the username and password are valid and the user can be
        authenticated against the htpasswd file properly.
        :param username: the username that matches the user in the htpasswd
        file.
        :param password: the password that will be hashed and verified against
         the htpasswd file.
        :return: The user itself.
        """
        ht = HtpasswdFile(HTPASSWD_FILE)
        if username in ht.users():
            if ht.check_password(username, password):
                return self

        return False
Пример #39
0
 def __init__(self, file_path):
     """
     :param file_path: Path to the file with authentication information.
     :type file_path: ``str``
     """
     self._file_path = file_path
     self._htpasswd_file = HtpasswdFile(path=self._file_path)
Пример #40
0
    class __FileAuthenticator:
        '''Takes a htpasswd file path from the HTPASSWD_FILE environment variable.
        '''
        def __init__(self, filename):
            self.filename = filename
            self.data = HtpasswdFile(self.filename)

        def authenticate(self, username, password):
            """ Returns True if username exists and password is valid, False otherwise """
            if self.data.check_password(username, password):
                # Note: check_password returns None if username does not exists
                return True
            return False

        def get_hash(self, username):
            """ Returns a hash if username exists, None otherwise """
            return self.data.get_hash(username)

        def find_user(self, username):
            """ Returns True if usename exists in db, False otherwise """
            return username in self.data.users()
Пример #41
0
def check_password(environ, user, password):
    from passlib.apache import HtpasswdFile
    import ConfigParser
    
    pathdir = os.path.dirname(os.path.realpath(__file__))
    gitaclfile = "%s/gitldapacl.ini" % pathdir
    #print gitaclfile
    config = ConfigParser.ConfigParser()
    config.read(gitaclfile)

    users_str = config.get("local_users","users")
    htpwdfile = config.get("local_users","passwd_file")

    users_lst = users_str.split(',')
    ht = HtpasswdFile(htpwdfile)
    users = []

    for u in users_lst:
      u = u.strip()
      users.append(u)

    if user in users:
        if ht.verify(user,password):
            allowed = False
            __init_acl()
            #print "Verified user account %s." % user
            allowed = uri_can_access_by_user(environ['REQUEST_URI'],user)
            #if allowed:
            #    print "Can access by user."
            return allowed
        else:
	    return False

    __init_ldap()
    __init_acl()

    if __authen_ldap_authenticator.login(user,password):
        return uri_can_access_by_user(environ['REQUEST_URI'],user)
    return False
Пример #42
0
    def load_users(self, app):
        """
        Load users from configured file.

        Args:
            app (flask.Flask): Flask application to load users from.

        Raises:
            IOError: If the configured htpasswd file does not exist.
        Returns:
            None
        """
        self.users = HtpasswdFile(
            app.config['FLASK_HTPASSWD_PATH']
        )
Пример #43
0
class HtpasswdUsers(Component):

    implements(IUserAuthenticator)
    implements(IUserTranslator)

    def __init__(self):
        config = self.get_component_config()

        if 'file' not in config:
            raise InsufficientConfiguration(missing='file', component=self.get_component_name())

        self.htpasswd = HtpasswdFile(config['file'])

    def username_to_user(self, username):
        self.htpasswd.load_if_changed()
        if username in self.htpasswd.users():
            return User(self.compmgr, username, username=username, full_name=username)


    def userid_to_user(self, userid):
        if userid is None or userid == '*':
            warnings.warn("You should not call this directly. Use cydra.get_user()", DeprecationWarning, stacklevel=2)
            return User(self.compmgr, '*', username='******', full_name='Guest')

        self.htpasswd.load_if_changed()
        if userid in self.htpasswd.users():
            return User(self.compmgr, userid, username=userid, full_name=userid)
        else:
            # since the client was looking for a specific ID,
            # we return a dummy user object with empty data
            return User(self.compmgr, userid, full_name='N/A')

    def groupid_to_group(self, groupid):
        pass

    def user_password(self, user, password):
        self.htpasswd.load_if_changed()
        return self.htpasswd.check_password(user.userid, password)
Пример #44
0
def absent(dest, username, check_mode):
    """ Ensures user is absent

    Returns (msg, changed) """
    if StrictVersion(passlib.__version__) >= StrictVersion('1.6'):
        ht = HtpasswdFile(dest, new=False)
    else:
        ht = HtpasswdFile(dest)

    if username not in ht.users():
        return ("%s not present" % username, False)
    else:
        if not check_mode:
            ht.delete(username)
            ht.save()
        return ("Remove %s" % username, True)
Пример #45
0
    def validate(self):
        """Validate the needed fields."""
        rv = Form.validate(self)

        if not rv:
            return False

        ht = HtpasswdFile(HTPASSWD_FILE)
        if self.name.data in ht.users():
            if ht.check_password(self.name.data, self.passwd.data):
                ht.set_password(self.name.data, self.newpwd.data)
                ht.save()
                return True
            else:
                self.passwd.errors.append('Senha Incorreta')
                return False
        else:
            self.name.errors.append('Usuário Desconhecido')
            return False
Пример #46
0
class ApachePasswordDB(object):
	"""
	Very simple glue between passlib.apache.HtpasswdFile to make it an
	ICredentialsChecker in Twisted.
	
	"""
	implements(ICredentialsChecker)

	# we can only implement non-hashing functions as the passwords
	# may be hashed.
	credentialInterfaces = (
		credentials.IUsernamePassword,
	)

	def __init__(self, filename):
		self._ht = HtpasswdFile(filename)
	
	def requestAvatarId(self, c):
		if self._ht.check_password(c.username, c.password):
			# success, return username
			return defer.succeed(c.username)
		else:
			# bad credentials
			return defer.fail(error.UnauthorizedLogin())
Пример #47
0
 def __init__(self, filename):
     self.filename = filename
     self.data = HtpasswdFile(self.filename)
Пример #48
0
 def __init__(self, config, logger=None):
     self.logout_button = True
     self.htpasswdfile = self._get_param('auth.htpasswd.file', config, None)
     self.ht = HtpasswdFile(self.htpasswdfile)
Пример #49
0
def load_users(filepath):
    pwd_file = HtpasswdFile(filepath)
    for user in pwd_file.users():
        USERS.append(user)
    return pwd_file
Пример #50
0
def present(dest, username, password, crypt_scheme, create, check_mode):
    """ Ensures user is present

    Returns (msg, changed) """
    if crypt_scheme in apache_hashes:
        context = htpasswd_context
    else:
        context = CryptContext(schemes = [ crypt_scheme ] + apache_hashes)
    if not os.path.exists(dest):
        if not create:
            raise ValueError('Destination %s does not exist' % dest)
        if check_mode:
            return ("Create %s" % dest, True)
        create_missing_directories(dest)
        if StrictVersion(passlib.__version__) >= StrictVersion('1.6'):
            ht = HtpasswdFile(dest, new=True, default_scheme=crypt_scheme, context=context)
        else:
            ht = HtpasswdFile(dest, autoload=False, default=crypt_scheme, context=context)
        if getattr(ht, 'set_password', None):
            ht.set_password(username, password)
        else:
            ht.update(username, password)
        ht.save()
        return ("Created %s and added %s" % (dest, username), True)
    else:
        if StrictVersion(passlib.__version__) >= StrictVersion('1.6'):
            ht = HtpasswdFile(dest, new=False, default_scheme=crypt_scheme, context=context)
        else:
            ht = HtpasswdFile(dest, default=crypt_scheme, context=context)

        found = None
        if getattr(ht, 'check_password', None):
            found = ht.check_password(username, password)
        else:
            found = ht.verify(username, password)

        if found:
            return ("%s already present" % username, False)
        else:
            if not check_mode:
                if getattr(ht, 'set_password', None):
                    ht.set_password(username, password)
                else:
                    ht.update(username, password)
                ht.save()
            return ("Add/update %s" % username, True)
Пример #51
0
 def make_htpasswd(self, filename):
     ht = HtpasswdFile(path=filename, new=True)
     for username, password in self.users.items():
         ht.set_password(username, password)
     ht.save()
Пример #52
0
class HtpasswdUsers(Component):

    implements(IUserAuthenticator)
    implements(IUserTranslator)
    implements(IUserStore)

    def __init__(self):
        config = self.get_component_config()

        if 'file' not in config:
            raise InsufficientConfiguration(missing='file', component=self.get_component_name())

        self.htpasswd = HtpasswdFile(config['file'])

    def username_to_user(self, username):
        self.htpasswd.load_if_changed()
        if username in self.htpasswd.users():
            return HtpasswdUser(self, username, username=username, full_name=username)

    def userid_to_user(self, userid):
        if userid is None or userid == '*':
            warnings.warn("You should not call this directly. Use cydra.get_user()", DeprecationWarning, stacklevel=2)
            return self.compmgr.get_user(userid='*')

        self.htpasswd.load_if_changed()
        if userid in self.htpasswd.users():
            return HtpasswdUser(self, userid, username=userid, full_name=userid)
        else:
            # since the client was looking for a specific ID,
            # we return a dummy user object with empty data
            return User(self, userid, full_name='N/A')

    def groupid_to_group(self, groupid):
        pass

    def user_password(self, user, password):
        self.htpasswd.load_if_changed()
        return self.htpasswd.check_password(user.userid, password)

    def create_user(self, **kwargs):
        self.htpasswd.load_if_changed()

        userid = None
        if 'id' in kwargs:
            userid = kwargs['id']
        elif 'username' in kwargs:
            userid = kwargs['username']
        else:
            raise ValueError("No username/id specified")

        if userid in self.htpasswd.users():
            raise ValueError("User with this id already exists")
        else:
            self.htpasswd.set_password(userid, hashlib.sha1(os.urandom(8)).hexdigest())
            self.htpasswd.save()
            return userid
Пример #53
0
#! /usr/bin/env python

from passlib.apache import HtpasswdFile

ht = HtpasswdFile("/etc/pypiserver/htpasswd", new=True)
ht.set_password("{{ username }}", "{{ password }}")
ht.save()
Пример #54
0
class HtPasswdAuth(object):
    """Configure htpasswd based basic and token authentication."""

    def __init__(self, app=None):
        """Boiler plate extension init with log_level being declared"""
        self.users = HtpasswdFile()
        self.app = app
        if app is not None:
            self.init_app(app)

    def init_app(self, app):
        """
        Find and configure the user database from specified file
        """
        app.config.setdefault('FLASK_AUTH_ALL', False)
        app.config.setdefault('FLASK_AUTH_REALM', 'Login Required')
        # Default set to bad file to trigger IOError
        app.config.setdefault('FLASK_HTPASSWD_PATH', '/^^^/^^^')

        # Load up user database
        try:
            self.load_users(app)
        except IOError:
            log.critical(
                'No htpasswd file loaded, please set `FLASK_HTPASSWD`'
                'or `FLASK_HTPASSWD_PATH` environment variable to a '
                'valid apache htpasswd file.'
            )

        # Allow requiring auth for entire app, with pre request method
        @app.before_request
        def require_auth():  # pylint: disable=unused-variable
            """Pre request processing for enabling full app authentication."""
            if not current_app.config['FLASK_AUTH_ALL']:
                return
            is_valid, user = self.authenticate()
            if not is_valid:
                return self.auth_failed()
            g.user = user

    def load_users(self, app):
        """
        Load users from configured file.

        Args:
            app (flask.Flask): Flask application to load users from.

        Raises:
            IOError: If the configured htpasswd file does not exist.
        Returns:
            None
        """
        self.users = HtpasswdFile(
            app.config['FLASK_HTPASSWD_PATH']
        )

    def check_basic_auth(self, username, password):
        """
        This function is called to check if a username /
        password combination is valid via the htpasswd file.
        """
        valid = self.users.check_password(
            username, password
        )
        if not valid:
            log.warning('Invalid login from %s', username)
            valid = False
        return (
            valid,
            username
        )

    @staticmethod
    def get_signature():
        """
        Setup crypto sig.
        """
        return Serializer(current_app.config['FLASK_SECRET'])

    def get_hashhash(self, username):
        """
        Generate a digest of the htpasswd hash
        """
        return hashlib.sha256(
            self.users.get_hash(username)
        ).hexdigest()

    def generate_token(self, username):
        """
        assumes user exists in htpasswd file.

        Return the token for the given user by signing a token of
        the username and a hash of the htpasswd string.
        """
        serializer = self.get_signature()
        return serializer.dumps(
            {
                'username': username,
                'hashhash': self.get_hashhash(username)
            }
        ).decode('UTF-8')

    def check_token_auth(self, token):
        """
        Check to see who this is and if their token gets
        them into the system.
        """
        serializer = self.get_signature()

        try:
            data = serializer.loads(token)
        except BadSignature:
            log.warning('Received bad token signature')
            return False, None
        if data['username'] not in self.users.users():
            log.warning(
                'Token auth signed message, but invalid user %s',
                data['username']
            )
            return False, None
        if data['hashhash'] != self.get_hashhash(data['username']):
            log.warning(
                'Token and password do not match, %s '
                'needs to regenerate token',
                data['username']
            )
            return False, None
        return True, data['username']

    @staticmethod
    def auth_failed():
        """
        Sends a 401 response that enables basic auth
        """
        return Response(
            'Could not verify your access level for that URL.\n'
            'You have to login with proper credentials',
            401,
            {'WWW-Authenticate': 'Basic realm="{0}"'.format(
                current_app.config['FLASK_AUTH_REALM']
            )}
        )

    def authenticate(self):
        """Authenticate user by any means and return either true or false.

        Args:

        Returns:
            tuple (is_valid, username): True is valid user, False if not
        """
        basic_auth = request.authorization
        is_valid = False
        user = None
        if basic_auth:
            is_valid, user = self.check_basic_auth(
                basic_auth.username, basic_auth.password
            )
        else:  # Try token auth
            token = request.headers.get('Authorization', None)
            param_token = request.args.get('access_token')
            if token or param_token:
                if token:
                    # slice the 'token ' piece of the header (following
                    # github style):
                    token = token[6:]
                else:
                    # Grab it from query dict instead
                    token = param_token
                log.debug('Received token: %s', token)

                is_valid, user = self.check_token_auth(token)
        return (is_valid, user)

    def required(self, func):
        """
        Decorator function with basic and token authentication handler
        """
        @wraps(func)
        def decorated(*args, **kwargs):
            """
            Actual wrapper to run the auth checks.
            """
            is_valid, user = self.authenticate()
            if not is_valid:
                return self.auth_failed()
            kwargs['user'] = user
            return func(*args, **kwargs)
        return decorated
Пример #55
0
 def __init__(self, app=None):
     """Boiler plate extension init with log_level being declared"""
     self.users = HtpasswdFile()
     self.app = app
     if app is not None:
         self.init_app(app)
Пример #56
0
	def __init__(self, filename):
		self._ht = HtpasswdFile(filename)