def authenticate(self, credentials): # Check credentials if not isinstance(credentials, auth.PasswordCredentials): raise fault.BadRequestFault("Expecting Password Credentials!") if not credentials.tenant_id: duser = api.user.get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") else: duser = api.user.get_by_tenant(credentials.username, credentials.tenant_id) if duser == None: raise fault.UnauthorizedFault("Unauthorized on this tenant") if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") if duser.password != utils.get_hashed_password(credentials.password): raise fault.UnauthorizedFault("Unauthorized") # # Look for an existing token, or create one, # TODO: Handle tenant/token search # if not credentials.tenant_id: dtoken = api.token.get_for_user(duser.id) else: dtoken = api.token.get_for_user_by_tenant(duser.id, credentials.tenant_id) tenant_id = credentials.tenant_id or duser.tenant_id if not dtoken or dtoken.expires < datetime.now(): # Create new token dtoken = models.Token() dtoken.id = str(uuid.uuid4()) dtoken.user_id = duser.id if credentials.tenant_id: dtoken.tenant_id = credentials.tenant_id dtoken.expires = datetime.now() + timedelta(days=1) api.token.create(dtoken) #if tenant_id is passed in the call that tenant_id is passed else #user's default tenant_id is used. return self.__get_auth_data(dtoken, tenant_id)
def __check_and_use_hashed_password(self, values): if type(values) is dict and 'password' in values.keys(): values['password'] = utils.get_hashed_password(values['password']) elif type(values) is models.User: values.password = utils.get_hashed_password(values.password)
def check_password(self, user, password): return user.password == utils.get_hashed_password(password)