def get_authenticated_account(self): from r2.models import Account, NotFound, register try: authorization = request.environ.get("HTTP_AUTHORIZATION") username, password = parse_http_basic(authorization) except RequirementException: return None try: account = Account._by_name(username) except NotFound: if g.auth_trust_http_authorization: # note: we're explicitly allowing automatic re-registration of # _deleted accounts and login of _banned accounts here because # we're trusting you know what you're doing in an SSO situation account = register(username, password, request.ip) else: return None # if we're to trust the authorization headers, don't check passwords if g.auth_trust_http_authorization: return account # not all systems support bcrypt in the standard crypt if account.password.startswith("$2a$"): expected_hash = bcrypt.hashpw(password, account.password) else: expected_hash = crypt.crypt(password, account.password) if not constant_time_compare(expected_hash, account.password): return None return account
def _get_client_auth(self): auth = request.headers.get("Authorization") try: client_id, client_secret = parse_http_basic(auth) client = OAuth2Client.get_token(client_id) require(client) require(constant_time_compare(client.secret, client_secret)) return client except RequirementException: abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def http_basic(): """Authenticate the user based on their HTTP "Authorization" header.""" import crypt try: authorization = request.environ.get("HTTP_AUTHORIZATION") username, password = parse_http_basic(authorization) except RequirementException: return None try: account = Account._by_name(username) except NotFound: return None # not all systems support bcrypt in the standard crypt if account.password.startswith("$2a$"): expected_hash = bcrypt.hashpw(password, account.password) else: expected_hash = crypt.crypt(password, account.password) if not constant_time_compare(expected_hash, account.password): return None return account