def authenticate(self, session): ''' @see: IAuthenticationService.authenticate ''' olderThan = self.session().query(current_timestamp()).scalar() olderThan -= self._sessionTimeOut sql = self.session().query(LoginMapped) sql = sql.filter(LoginMapped.Session == session) sql = sql.filter(LoginMapped.AccessedOn > olderThan) try: login = sql.one() except NoResultFound: raise InputError(Ref(_('Invalid session'), ref=Login.Session)) assert isinstance(login, LoginMapped), 'Invalid login %s' % login login.AccessedOn = current_timestamp() self.session().flush((login,)) self.session().expunge(login) commitNow() # We need to fore the commit because if there is an exception while processing the request we need to make # sure that the last access has been updated. proc = self._processing assert isinstance(proc, Processing), 'Invalid processing %s' % proc solicitation = proc.ctx.solicitation() assert isinstance(solicitation, Solicitation), 'Invalid solicitation %s' % solicitation solicitation.userId = login.User solicitation.types = self.acl.types chain = Chain(proc) chain.process(**proc.fillIn(solicitation=solicitation, reply=proc.ctx.reply())).doAll() reply = chain.arg.reply assert isinstance(reply, Reply), 'Invalid reply %s' % reply if reply.gateways is None: return () return sorted(reply.gateways, key=lambda gateway: (gateway.Pattern, gateway.Methods))
def authenticate(self, session): ''' @see: IAuthenticationService.authenticate ''' olderThan = self.session().query(current_timestamp()).scalar() olderThan -= self._sessionTimeOut sql = self.session().query(LoginMapped) sql = sql.filter(LoginMapped.Session == session) sql = sql.filter(LoginMapped.AccessedOn > olderThan) try: login = sql.one() except NoResultFound: raise InputError(Ref(_('Invalid session'), ref=Login.Session)) assert isinstance(login, LoginMapped), 'Invalid login %s' % login login.AccessedOn = current_timestamp() self.session().flush((login,)) self.session().expunge(login) commitNow() # We need to fore the commit because if there is an exception while processing the request we need to make # sure that the last access has been updated. userId = str(login.User) rights = (right.Name for right in self.userRbacService.getRights(login.User)) accesses = self.aclAccessService.accessFor(self.aclAccessService.rightsFor(rights)) allowed = [] for access in accesses: assert isinstance(access, AclAccess), 'Invalid access %s' % access for propertyType, mark in access.markers.items(): assert isinstance(propertyType, TypeProperty), 'Invalid property type %s' % propertyType assert isinstance(propertyType.parent, TypeModel) if propertyType.parent.clazz == User or issubclass(propertyType.parent.clazz, User): for k in range(len(access.Filter)): access.Filter[k] = access.Filter[k].replace(mark, userId) allowed.append(access) return allowed
def authenticate(self, identifier, attributes, arguments): ''' @see: IAuthenticationSupport.authenticate ''' assert isinstance(identifier, str), 'Invalid identifier %s' % identifier assert isinstance(attributes, dict), 'Invalid attributes %s' % attributes assert isinstance(arguments, dict), 'Invalid arguments %s' % arguments olderThan = self.session().query(current_timestamp()).scalar() olderThan -= self.sessionTimeOut sql = self.session().query(LoginMapped) sql = sql.filter(LoginMapped.Session == identifier) sql = sql.filter(LoginMapped.AccessedOn > olderThan) try: login = sql.one() except NoResultFound: return False assert isinstance(login, LoginMapped), 'Invalid login %s' % login login.AccessedOn = current_timestamp() self.session().flush((login,)) self.session().expunge(login) commitNow() # We need to fore the commit because if there is an exception while processing the request we need to make # sure that the last access has been updated. for authType in arguments: assert isinstance(authType, Type), 'Invalid type %s' % authType if authType == typeFor(User.Id): arguments[authType] = login.User else: raise DevelError('Invalid authenticated type %s' % authType) return True
def authenticate(self, identifier, attributes, arguments): ''' @see: IAuthenticationSupport.authenticate ''' assert isinstance(identifier, str), 'Invalid identifier %s' % identifier assert isinstance(attributes, dict), 'Invalid attributes %s' % attributes assert isinstance(arguments, dict), 'Invalid arguments %s' % arguments olderThan = self.session().query(current_timestamp()).scalar() olderThan -= self.sessionTimeOut sql = self.session().query(LoginMapped) sql = sql.filter(LoginMapped.Session == identifier) sql = sql.filter(LoginMapped.AccessedOn > olderThan) try: login = sql.one() except NoResultFound: return False assert isinstance(login, LoginMapped), 'Invalid login %s' % login login.AccessedOn = current_timestamp() self.session().flush((login, )) self.session().expunge(login) commitNow() # We need to fore the commit because if there is an exception while processing the request we need to make # sure that the last access has been updated. for authType in arguments: assert isinstance(authType, Type), 'Invalid type %s' % authType if authType == typeFor(User.Id): arguments[authType] = login.User else: raise DevelError('Invalid authenticated type %s' % authType) return True
def performLogin(self, authentication): ''' @see: IAuthenticationService.performLogin ''' assert isinstance(authentication, Authentication), 'Invalid authentication %s' % authentication if authentication.Token is None: raise InputError(Ref(_('The login token is required'), ref=Authentication.Token)) if authentication.HashedToken is None: raise InputError(Ref(_('The hashed login token is required'), ref=Authentication.HashedToken)) if authentication.UserName is None: raise InputError(Ref(_('A user name is required for authentication'), ref=Authentication.UserName)) olderThan = self.session().query(current_timestamp()).scalar() olderThan -= self._authenticationTimeOut sql = self.session().query(TokenMapped) sql = sql.filter(TokenMapped.Token == authentication.Token) sql = sql.filter(TokenMapped.requestedOn > olderThan) if sql.delete() > 0: commitNow() # We make sure that the delete has been performed try: user = self.session().query(UserMapped).filter(UserMapped.Name == authentication.UserName).filter(UserMapped.DeletedOn == None).one() except NoResultFound: user = None if user is not None: assert isinstance(user, UserMapped), 'Invalid user %s' % user hashedToken = hmac.new(bytes(user.Name, 'utf8'), bytes(user.password, 'utf8'), hashlib.sha512).hexdigest() hashedToken = hmac.new(bytes(hashedToken, 'utf8'), bytes(authentication.Token, 'utf8'), hashlib.sha512).hexdigest() if authentication.HashedToken == hashedToken: hash = hashlib.sha512() hash.update(urandom(self.authentication_token_size)) login = LoginMapped() login.Session = hash.hexdigest() login.User = user.Id login.CreatedOn = login.AccessedOn = current_timestamp() try: self.session().add(login) except SQLAlchemyError as e: handle(e, login) return login raise InputError(_('Invalid credentials'))
def authenticate(self, session): ''' @see: IAuthenticationService.authenticate ''' olderThan = self.session().query(current_timestamp()).scalar() olderThan -= self._sessionTimeOut sql = self.session().query(LoginMapped) sql = sql.filter(LoginMapped.Session == session) sql = sql.filter(LoginMapped.AccessedOn > olderThan) try: login = sql.one() except NoResultFound: raise InputError(Ref(_('Invalid session'), ref=Login.Session)) assert isinstance(login, LoginMapped), 'Invalid login %s' % login login.AccessedOn = current_timestamp() self.session().flush((login, )) self.session().expunge(login) commitNow() # We need to fore the commit because if there is an exception while processing the request we need to make # sure that the last access has been updated. proc = self._processing assert isinstance(proc, Processing), 'Invalid processing %s' % proc solicitation = proc.ctx.solicitation() assert isinstance( solicitation, Solicitation), 'Invalid solicitation %s' % solicitation solicitation.userId = login.User solicitation.types = self.acl.types chain = Chain(proc) chain.process(**proc.fillIn(solicitation=solicitation, reply=proc.ctx.reply())).doAll() reply = chain.arg.reply assert isinstance(reply, Reply), 'Invalid reply %s' % reply if reply.gateways is None: return () return sorted(reply.gateways, key=lambda gateway: (gateway.Pattern, gateway.Methods))
def performLogin(self, authentication): ''' @see: IAuthenticationService.performLogin ''' assert isinstance( authentication, Authentication), 'Invalid authentication %s' % authentication if authentication.Token is None: raise InputError( Ref(_('The login token is required'), ref=Authentication.Token)) if authentication.HashedToken is None: raise InputError( Ref(_('The hashed login token is required'), ref=Authentication.HashedToken)) if authentication.UserName is None: raise InputError( Ref(_('A user name is required for authentication'), ref=Authentication.UserName)) olderThan = self.session().query(current_timestamp()).scalar() olderThan -= self._authenticationTimeOut sql = self.session().query(TokenMapped) sql = sql.filter(TokenMapped.Token == authentication.Token) sql = sql.filter(TokenMapped.requestedOn > olderThan) if sql.delete() > 0: commitNow() # We make sure that the delete has been performed try: user = self.session().query(UserMapped).filter( UserMapped.Name == authentication.UserName).filter( UserMapped.DeletedOn == None).one() except NoResultFound: user = None if user is not None: assert isinstance(user, UserMapped), 'Invalid user %s' % user hashedToken = hmac.new(bytes(user.Name, 'utf8'), bytes(user.password, 'utf8'), hashlib.sha512).hexdigest() hashedToken = hmac.new(bytes(hashedToken, 'utf8'), bytes(authentication.Token, 'utf8'), hashlib.sha512).hexdigest() if authentication.HashedToken == hashedToken: hash = hashlib.sha512() hash.update(urandom(self.authentication_token_size)) login = LoginMapped() login.Session = hash.hexdigest() login.User = user.Id login.CreatedOn = login.AccessedOn = current_timestamp() try: self.session().add(login) except SQLAlchemyError as e: handle(e, login) return login raise InputError(_('Invalid credentials'))