diff options
| author | Denis Costa <deniscostadsc@gmail.com> | 2016-10-25 12:16:23 -0200 |
|---|---|---|
| committer | Denis Costa <deniscostadsc@gmail.com> | 2016-10-26 14:34:31 -0200 |
| commit | e3006fff2f71787e9879e2f88e57dc9b935b7782 (patch) | |
| tree | 1ca0033036960988167fb5111cb92303ba3dc49f /service/pixelated/authentication.py | |
| parent | d9c4fb3707d85aa400f7042df2fbf7088f18739e (diff) | |
Adds real authentication
We also did some refactoring in order to have things working. #795
Diffstat (limited to 'service/pixelated/authentication.py')
| -rw-r--r-- | service/pixelated/authentication.py | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py index c9961476..a8326fb9 100644 --- a/service/pixelated/authentication.py +++ b/service/pixelated/authentication.py @@ -1,29 +1,33 @@ import re +from pixelated.config.leap import authenticate +from leap.bitmask.bonafide._srp import SRPAuthError - -class Authentication(object): - def __init__(self, username, token, uuid, session_id, user_attributes): - self.username = username - self.token = token - self.uuid = uuid - self.session_id = session_id - self._user_attributes = user_attributes - - def is_admin(self): - return self._user_attributes.get('is_admin', False) +from twisted.cred.error import UnauthorizedLogin +from twisted.internet.defer import inlineCallbacks class Authenticator(object): - def __init__(self, domain): - self.domain = domain + def __init__(self, leap_provider): + self._leap_provider = leap_provider + self.domain = leap_provider.server_name + @inlineCallbacks def authenticate(self, username, password): - self.username = self.validate_username(username) - self.srp_auth(username, password) + if self.validate_username(username): + yield self._srp_auth(username, password) + else: + raise UnauthorizedLogin() + + @inlineCallbacks + def _srp_auth(self, username, password): + try: + auth = yield authenticate(self._leap_provider, username, password) + except SRPAuthError: + raise UnauthorizedLogin() def validate_username(self, username): if '@' not in username: - return True + return True extracted_username = self.extract_username(username) return self.username_with_domain(extracted_username) == username |