def do_authentication(self, **kwargs) -> str: if not self._client: logger.debug('No OpenID Connect Client configured') raise AuthenticationFailed() token: str = kwargs.get('token', None) if not token: logger.debug('No JWT token provided') raise AuthenticationFailed() try: jwt = JWT(keyjar=self._client.keyjar).unpack(token) self._client.verify_id_token(jwt, authn_req={}) username = jwt['name'] except Exception as ex: logger.info(str(ex)) raise AuthenticationFailed() # # Assuming the token is valid, if we can't find the user, we # add them as an admin # with dbm.session() as session: if not AuthManager(session=session).get_principal(username): self._create_admin(session, username) return username
def do_authentication(self, **kwargs) -> str: """ An authentication implementation that requires a username and password. :return str: the username :raises AuthenticationFailed: """ username: str = kwargs.get('username', None) password: str = kwargs.get('password', None) if not username or not password: raise AuthenticationFailed() with dbm.session() as session: auth_manager = AuthManager(session=session) principal = auth_manager.get_principal(username) if not principal: # # See if there is a new admin available # auth_manager.reloadPrincipals() principal = auth_manager.get_principal(username) if not principal: raise AuthenticationFailed() if pbkdf2_sha256.verify(password, principal.get_password()): return username raise AuthenticationFailed()
def do_authentication(self, **kwargs): # # An instance of tortuga.web_service.websocket.actions.BaseAction # action = kwargs.get('action', None) if not action: raise AuthenticationFailed() if action.method != 'jwt': raise AuthenticationFailed() token: str = action.data.get('token', None) if not token: raise AuthenticationFailed() return super().do_authentication(token=token, **kwargs)
def do_authentication(self, **kwargs) -> str: """ Authenticates trying all authentication methods in order, and stopping after the first one succeeds. """ username = None for method in self._methods: try: # # Skip the callbacks so that we can defer calling them # until we know for sure the final result of the # authentication chain # username = method.authenticate(skip_callbacks=True, **kwargs) if username: break except AuthenticationFailed: pass if username: self.on_authentication_succeeded(username) return username else: self.on_authentication_failed() raise AuthenticationFailed()
def do_authentication(self, **kwargs) -> str: scheme, value = self.parse_authorization_header() if scheme.lower() != 'basic': raise AuthenticationFailed() username, password = self.parse_username_password(value) return super().do_authentication(username=username, password=password)
def parse_authorization_header() -> Tuple[str, str]: """ Parses an authorization header. :return (str, str): the (scheme, value) of the authorization header """ if 'authorization' not in cherrypy.request.headers: raise AuthenticationFailed() header = cherrypy.request.headers['authorization'] parts = header.split(' ', 1) if len(parts) != 2: raise AuthenticationFailed() return parts[0], parts[1]
def do_authentication(self, **kwargs): # # An instance of tortuga.web_service.websocket.actions.BaseAction # action = kwargs.get('action', None) if not action: raise AuthenticationFailed() if action.method != 'password': raise AuthenticationFailed() username: str = action.data.get('username', None) password: str = action.data.get('password', None) if not username or not password: raise AuthenticationFailed() return super().do_authentication(username=username, password=password, **kwargs)
def parse_username_password(self, encoded: str) -> Tuple[str, str]: \ # pylint: disable=no-self-use """ Parses an base64 encoded header value and extracts the username and password. :param encoded: the encoded string :return (str, str): the username and password """ decoded: str = base64.b64decode(encoded).decode() parts = decoded.split(':') if len(parts) != 2: raise AuthenticationFailed() return parts[0], parts[1]
def do_authentication(self, **kwargs) -> str: username: str = cherrypy.session.get(self.SESSION_KEY, None) if not username: raise AuthenticationFailed() return username
def do_authentication(self, **kwargs) -> str: scheme, value = self.parse_authorization_header() if scheme.lower() != 'bearer': raise AuthenticationFailed() return super().do_authentication(token=value)
def raise_authentication_failure_exception(username, **kwargs): raise AuthenticationFailed()