def auth_session_post():
username = utils.json_filter_str('username')
password = utils.json_str('password')
otp_code = utils.json_opt_filter_str('otp_code')
yubico_key = utils.json_opt_filter_str('yubico_key')
remote_addr = utils.get_remote_addr()
time.sleep(random.randint(50, 100) / 1000.)
admin = auth.get_by_username(username)
if not admin:
if settings.app.sso and RADIUS_AUTH in settings.app.sso:
return _auth_radius(username, password)
time.sleep(random.randint(0, 100) / 1000.)
return _auth_plugin(username, password)
if (not otp_code and admin.otp_auth) or \
(not yubico_key and admin.yubikey_id):
return utils.jsonify(
{
'error': AUTH_OTP_REQUIRED,
'error_msg': AUTH_OTP_REQUIRED_MSG,
'otp_auth': admin.otp_auth,
'yubico_auth': bool(admin.yubikey_id),
}, 402)
if not limiter.auth_check(admin.id):
return utils.jsonify(
{
'error': AUTH_TOO_MANY,
'error_msg': AUTH_TOO_MANY_MSG,
}, 400)
if not admin.auth_check(password, otp_code, yubico_key, remote_addr):
time.sleep(random.randint(0, 100) / 1000.)
return utils.jsonify(
{
'error': AUTH_INVALID,
'error_msg': AUTH_INVALID_MSG,
}, 401)
flask.session['session_id'] = admin.new_session()
flask.session['admin_id'] = str(admin.id)
flask.session['timestamp'] = int(utils.time_now())
if not settings.app.server_ssl:
flask.session['source'] = remote_addr
utils.set_flask_sig()
return utils.jsonify({
'authenticated': True,
'default': admin.default or False,
})
def auth_session_post():
username = utils.json_filter_str('username')
password = utils.json_str('password')
otp_code = utils.json_opt_filter_str('otp_code')
yubico_key = utils.json_opt_filter_str('yubico_key')
remote_addr = utils.get_remote_addr()
time.sleep(random.randint(50, 100) / 1000.)
admin = auth.get_by_username(username, remote_addr)
if not admin:
if settings.app.sso and RADIUS_AUTH in settings.app.sso:
return _auth_radius(username, password)
time.sleep(random.randint(0, 100) / 1000.)
return _auth_plugin(username, password)
if (not otp_code and admin.otp_auth) or \
(not yubico_key and admin.yubikey_id):
return utils.jsonify({
'error': AUTH_OTP_REQUIRED,
'error_msg': AUTH_OTP_REQUIRED_MSG,
'otp_auth': admin.otp_auth,
'yubico_auth': bool(admin.yubikey_id),
}, 402)
if not admin.auth_check(password, otp_code, yubico_key, remote_addr):
time.sleep(random.randint(0, 100) / 1000.)
return utils.jsonify({
'error': AUTH_INVALID,
'error_msg': AUTH_INVALID_MSG,
}, 401)
flask.session['session_id'] = admin.new_session()
flask.session['admin_id'] = str(admin.id)
flask.session['timestamp'] = int(utils.time_now())
if not settings.app.server_ssl:
flask.session['source'] = remote_addr
utils.set_flask_sig()
return utils.jsonify({
'authenticated': True,
'default': admin.default or False,
})
def auth_session_post():
username = flask.request.json['username']
password = flask.request.json['password']
otp_code = flask.request.json.get('otp_code')
remote_addr = utils.get_remote_addr()
admin = auth.get_by_username(username, remote_addr)
if not admin:
if settings.app.sso and RADIUS_AUTH in settings.app.sso:
return _auth_radius(username, password)
time.sleep(random.randint(0, 100) / 1000.)
return _auth_plugin(username, password)
if not otp_code and admin.otp_auth:
return utils.jsonify({
'error': AUTH_OTP_REQUIRED,
'error_msg': AUTH_OTP_REQUIRED_MSG,
}, 402)
if not admin.auth_check(password, otp_code, remote_addr):
time.sleep(random.randint(0, 100) / 1000.)
return utils.jsonify({
'error': AUTH_INVALID,
'error_msg': AUTH_INVALID_MSG,
}, 401)
flask.session['session_id'] = admin.new_session()
flask.session['admin_id'] = str(admin.id)
flask.session['timestamp'] = int(utils.time_now())
if not settings.app.server_ssl:
flask.session['source'] = remote_addr
utils.set_flask_sig()
return utils.jsonify({
'authenticated': True,
'default': admin.default or False,
})
def auth_session_post():
username = utils.json_filter_str('username')[:128]
password = flask.request.json['password']
if password:
password = password[:128]
otp_code = utils.json_opt_filter_str('otp_code')
if otp_code:
otp_code = otp_code[:64]
yubico_key = utils.json_opt_filter_str('yubico_key')
if yubico_key:
yubico_key = yubico_key[:128]
remote_addr = utils.get_remote_addr()
time.sleep(random.randint(50, 100) / 1000.)
admin = auth.get_by_username(username)
if not admin:
if settings.app.sso and RADIUS_AUTH in settings.app.sso:
return _auth_radius(username, password, remote_addr)
time.sleep(random.randint(0, 100) / 1000.)
return _auth_plugin(username, password, remote_addr)
if (not otp_code and admin.otp_auth) or \
(not yubico_key and admin.yubikey_id):
return utils.jsonify(
{
'error': AUTH_OTP_REQUIRED,
'error_msg': AUTH_OTP_REQUIRED_MSG,
'otp_auth': admin.otp_auth,
'yubico_auth': bool(admin.yubikey_id),
}, 402)
if not limiter.auth_check(admin.id):
journal.entry(
journal.ADMIN_AUTH_FAILURE,
admin.journal_data,
remote_address=remote_addr,
reason=journal.ADMIN_AUTH_REASON_RATE_LIMIT,
reason_long='Too many authentication attempts',
)
return utils.jsonify(
{
'error': AUTH_TOO_MANY,
'error_msg': AUTH_TOO_MANY_MSG,
}, 400)
if not admin.auth_check(password, otp_code, yubico_key, remote_addr):
time.sleep(random.randint(0, 100) / 1000.)
return utils.jsonify(
{
'error': AUTH_INVALID,
'error_msg': AUTH_INVALID_MSG,
}, 401)
flask.session['session_id'] = admin.new_session()
flask.session['admin_id'] = str(admin.id)
flask.session['timestamp'] = int(utils.time_now())
if not settings.app.server_ssl:
flask.session['source'] = remote_addr
journal.entry(
journal.ADMIN_SESSION_START,
admin.journal_data,
remote_address=remote_addr,
session_id=flask.session['session_id'],
)
utils.set_flask_sig()
return utils.jsonify({
'authenticated': True,
'default': admin.default or False,
})