diff options
author | Denis Costa <deniscostadsc@gmail.com> | 2016-10-25 12:16:23 -0200 |
---|---|---|
committer | Denis Costa <deniscostadsc@gmail.com> | 2016-10-26 14:34:31 -0200 |
commit | e3006fff2f71787e9879e2f88e57dc9b935b7782 (patch) | |
tree | 1ca0033036960988167fb5111cb92303ba3dc49f /service/pixelated | |
parent | d9c4fb3707d85aa400f7042df2fbf7088f18739e (diff) |
Adds real authentication
We also did some refactoring in order to have things working. #795
Diffstat (limited to 'service/pixelated')
-rw-r--r-- | service/pixelated/authentication.py | 36 | ||||
-rw-r--r-- | service/pixelated/config/leap.py | 13 |
2 files changed, 32 insertions, 17 deletions
diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py index c9961476..a8326fb9 100644 --- a/service/pixelated/authentication.py +++ b/service/pixelated/authentication.py @@ -1,29 +1,33 @@ import re +from pixelated.config.leap import authenticate +from leap.bitmask.bonafide._srp import SRPAuthError - -class Authentication(object): - def __init__(self, username, token, uuid, session_id, user_attributes): - self.username = username - self.token = token - self.uuid = uuid - self.session_id = session_id - self._user_attributes = user_attributes - - def is_admin(self): - return self._user_attributes.get('is_admin', False) +from twisted.cred.error import UnauthorizedLogin +from twisted.internet.defer import inlineCallbacks class Authenticator(object): - def __init__(self, domain): - self.domain = domain + def __init__(self, leap_provider): + self._leap_provider = leap_provider + self.domain = leap_provider.server_name + @inlineCallbacks def authenticate(self, username, password): - self.username = self.validate_username(username) - self.srp_auth(username, password) + if self.validate_username(username): + yield self._srp_auth(username, password) + else: + raise UnauthorizedLogin() + + @inlineCallbacks + def _srp_auth(self, username, password): + try: + auth = yield authenticate(self._leap_provider, username, password) + except SRPAuthError: + raise UnauthorizedLogin() def validate_username(self, username): if '@' not in username: - return True + return True extracted_username = self.extract_username(username) return self.username_with_domain(extracted_username) == username diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py index 5dbfe21b..b86b756e 100644 --- a/service/pixelated/config/leap.py +++ b/service/pixelated/config/leap.py @@ -13,7 +13,6 @@ from leap.bitmask.bonafide.provider import Api from pixelated.config import credentials from pixelated.config import leap_config -from pixelated.authentication import Authentication from pixelated.bitmask_libraries.certs import LeapCertificate from pixelated.bitmask_libraries.provider import LeapProvider from pixelated.config.sessions import LeapSessionFactory @@ -86,3 +85,15 @@ def authenticate(provider, user, password): def init_monkeypatches(): import pixelated.extensions.requests_urllib3 + + +class Authentication(object): + def __init__(self, username, token, uuid, session_id, user_attributes): + self.username = username + self.token = token + self.uuid = uuid + self.session_id = session_id + self._user_attributes = user_attributes + + def is_admin(self): + return self._user_attributes.get('is_admin', False) |