def authenticate(self, credentials):
# Check credentials
if not isinstance(credentials, auth.PasswordCredentials):
raise fault.BadRequestFault("Expecting Password Credentials!")
if not credentials.tenant_id:
duser = api.user.get(credentials.username)
if duser == None:
raise fault.UnauthorizedFault("Unauthorized")
else:
duser = api.user.get_by_tenant(credentials.username,
credentials.tenant_id)
if duser == None:
raise fault.UnauthorizedFault("Unauthorized on this tenant")
if not duser.enabled:
raise fault.UserDisabledFault("Your account has been disabled")
if duser.password != utils.get_hashed_password(credentials.password):
raise fault.UnauthorizedFault("Unauthorized")
#
# Look for an existing token, or create one,
# TODO: Handle tenant/token search
#
if not credentials.tenant_id:
dtoken = api.token.get_for_user(duser.id)
else:
dtoken = api.token.get_for_user_by_tenant(duser.id,
credentials.tenant_id)
tenant_id = credentials.tenant_id or duser.tenant_id
if not dtoken or dtoken.expires < datetime.now():
# Create new token
dtoken = models.Token()
dtoken.id = str(uuid.uuid4())
dtoken.user_id = duser.id
if credentials.tenant_id:
dtoken.tenant_id = credentials.tenant_id
dtoken.expires = datetime.now() + timedelta(days=1)
api.token.create(dtoken)
#if tenant_id is passed in the call that tenant_id is passed else
#user's default tenant_id is used.
return self.__get_auth_data(dtoken, tenant_id)
def __check_and_use_hashed_password(self, values):
if type(values) is dict and 'password' in values.keys():
values['password'] = utils.get_hashed_password(values['password'])
elif type(values) is models.User:
values.password = utils.get_hashed_password(values.password)
def check_password(self, user, password):
return user.password == utils.get_hashed_password(password)
