diff options
author | Kali Kaneko <kali@leap.se> | 2017-07-25 11:40:11 -0400 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-07-25 11:40:29 -0400 |
commit | 91e4481c450eb7eb928debc1cb7fa59bdb63dd7b (patch) | |
tree | 8fd7e6e77b6df669c33d96b7edad6db3cbe14dfe /service/pixelated/authentication.py | |
parent | e4f755309d4cf5cfb6b0bcc62ed73d6070956ab5 (diff) |
[pkg] packaging and path changes
- move all the pixelated python package under src/
- move the pixelated_www package under the leap namespace
- allow to set globally the static folder
- add hours and minutes to the timestamp in package version, to allow
for several releases a day.
Diffstat (limited to 'service/pixelated/authentication.py')
-rw-r--r-- | service/pixelated/authentication.py | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py deleted file mode 100644 index b5edbec0..00000000 --- a/service/pixelated/authentication.py +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see <http://www.gnu.org/licenses/>. -import re -from collections import namedtuple - -from leap.bitmask.bonafide.provider import Api -from leap.bitmask.bonafide.session import Session -from leap.bitmask.bonafide._srp import SRPAuthError - -from twisted.cred.error import UnauthorizedLogin -from twisted.internet.defer import inlineCallbacks, returnValue - -Credentials = namedtuple('Credentials', 'username, password') - - -class Authenticator(object): - def __init__(self, leap_provider): - self._leap_provider = leap_provider - self.domain = leap_provider.server_name - self.bonafide_session = None - - @inlineCallbacks - def authenticate(self, username, password): - username = self.clean_username(username) - auth = yield self._srp_auth(username, password) - returnValue(auth) - - @inlineCallbacks - def _srp_auth(self, username, password): - try: - auth = yield self._bonafide_auth(username, password) - except SRPAuthError: - raise UnauthorizedLogin("User typed wrong password/username combination.") - returnValue(auth) - - @inlineCallbacks - def _bonafide_auth(self, user, password): - srp_provider = Api(self._leap_provider.api_uri) - credentials = Credentials(user, password) - self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) - yield self.bonafide_session.authenticate() - returnValue(Authentication(user, - self.bonafide_session.token, - self.bonafide_session.uuid, - 'session_id', - {'is_admin': False})) - - def clean_username(self, username): - if '@' not in username: - return username - extracted_username = self.extract_username(username) - if self.username_with_domain(extracted_username) == username: - return extracted_username - raise UnauthorizedLogin('User typed a wrong domain.') - - def extract_username(self, username): - return re.search('^([^@]+)@?.*$', username).group(1) - - def username_with_domain(self, username): - return '%s@%s' % (username, self.domain) - - -class Authentication(object): - def __init__(self, username, token, uuid, session_id, user_attributes): - self.username = username - self.token = token - self.uuid = uuid - self.session_id = session_id - self._user_attributes = user_attributes - - def is_admin(self): - return self._user_attributes.get('is_admin', False) |