diff options
author | Bruno Wagner <bwagner@riseup.net> | 2016-10-20 19:13:00 -0200 |
---|---|---|
committer | Denis Costa <deniscostadsc@gmail.com> | 2016-10-26 14:34:31 -0200 |
commit | 7e805dff08d4cbe14abab567edb7a301bdde6dda (patch) | |
tree | ebeb7489008ac26030707d9588ac08813400b5ce /service/pixelated | |
parent | fb72ea1b893a9152f6bbc798e9d734e01fe42b3b (diff) |
Moving authentication out of login_resource
This is ongoing work to be able to accept and validate user domain
on login (so the user can use <username> or <username@domain.com>)
We are extracting the authentication logic from login_resource to be
able to test and cover the cases we need
Diffstat (limited to 'service/pixelated')
-rw-r--r-- | service/pixelated/authentication.py | 32 | ||||
-rw-r--r-- | service/pixelated/config/authentication.py | 11 | ||||
-rw-r--r-- | service/pixelated/config/leap.py | 2 |
3 files changed, 33 insertions, 12 deletions
diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py new file mode 100644 index 00000000..4b268435 --- /dev/null +++ b/service/pixelated/authentication.py @@ -0,0 +1,32 @@ +import re +from email.utils import parseaddr + +class Authentication(object): + + def __init__(self, domain): + self.domain = domain + # self.token = token + # self.uuid = uuid + # self.session_id = session_id + # self._user_attributes = user_attributes + + def authenticate(self, username, password): + self.username = self.validate_username(username) + self.srp_auth(username, password) + + def validate_username(self, username): + if '@' not in username: return True + extracted_username = self.extract_username(username) + if self.username_with_domain(extracted_username) == username: + return True + else: + return False + + def extract_username(self, username): + return re.search('^([^@]+)@?.*$', username).group(1) + + def username_with_domain(self, username): + return '%s@%s' % (username, self.domain) + + def is_admin(self): + return self._user_attributes.get('is_admin', False) diff --git a/service/pixelated/config/authentication.py b/service/pixelated/config/authentication.py deleted file mode 100644 index dc8439cc..00000000 --- a/service/pixelated/config/authentication.py +++ /dev/null @@ -1,11 +0,0 @@ -class Authentication(object): - - def __init__(self, username, token, uuid, session_id, user_attributes): - self.username = username - self.token = token - self.uuid = uuid - self.session_id = session_id - self._user_attributes = user_attributes - - def is_admin(self): - return self._user_attributes.get('is_admin', False) diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py index b060170f..5dbfe21b 100644 --- a/service/pixelated/config/leap.py +++ b/service/pixelated/config/leap.py @@ -13,7 +13,7 @@ from leap.bitmask.bonafide.provider import Api from pixelated.config import credentials from pixelated.config import leap_config -from pixelated.config.authentication import Authentication +from pixelated.authentication import Authentication from pixelated.bitmask_libraries.certs import LeapCertificate from pixelated.bitmask_libraries.provider import LeapProvider from pixelated.config.sessions import LeapSessionFactory |