summaryrefslogtreecommitdiff
path: root/service/pixelated
diff options
context:
space:
mode:
Diffstat (limited to 'service/pixelated')
-rw-r--r--service/pixelated/authentication.py36
-rw-r--r--service/pixelated/config/leap.py13
2 files changed, 32 insertions, 17 deletions
diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py
index c9961476..a8326fb9 100644
--- a/service/pixelated/authentication.py
+++ b/service/pixelated/authentication.py
@@ -1,29 +1,33 @@
import re
+from pixelated.config.leap import authenticate
+from leap.bitmask.bonafide._srp import SRPAuthError
-
-class Authentication(object):
- def __init__(self, username, token, uuid, session_id, user_attributes):
- self.username = username
- self.token = token
- self.uuid = uuid
- self.session_id = session_id
- self._user_attributes = user_attributes
-
- def is_admin(self):
- return self._user_attributes.get('is_admin', False)
+from twisted.cred.error import UnauthorizedLogin
+from twisted.internet.defer import inlineCallbacks
class Authenticator(object):
- def __init__(self, domain):
- self.domain = domain
+ def __init__(self, leap_provider):
+ self._leap_provider = leap_provider
+ self.domain = leap_provider.server_name
+ @inlineCallbacks
def authenticate(self, username, password):
- self.username = self.validate_username(username)
- self.srp_auth(username, password)
+ if self.validate_username(username):
+ yield self._srp_auth(username, password)
+ else:
+ raise UnauthorizedLogin()
+
+ @inlineCallbacks
+ def _srp_auth(self, username, password):
+ try:
+ auth = yield authenticate(self._leap_provider, username, password)
+ except SRPAuthError:
+ raise UnauthorizedLogin()
def validate_username(self, username):
if '@' not in username:
- return True
+ return True
extracted_username = self.extract_username(username)
return self.username_with_domain(extracted_username) == username
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 5dbfe21b..b86b756e 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -13,7 +13,6 @@ from leap.bitmask.bonafide.provider import Api
from pixelated.config import credentials
from pixelated.config import leap_config
-from pixelated.authentication import Authentication
from pixelated.bitmask_libraries.certs import LeapCertificate
from pixelated.bitmask_libraries.provider import LeapProvider
from pixelated.config.sessions import LeapSessionFactory
@@ -86,3 +85,15 @@ def authenticate(provider, user, password):
def init_monkeypatches():
import pixelated.extensions.requests_urllib3
+
+
+class Authentication(object):
+ def __init__(self, username, token, uuid, session_id, user_attributes):
+ self.username = username
+ self.token = token
+ self.uuid = uuid
+ self.session_id = session_id
+ self._user_attributes = user_attributes
+
+ def is_admin(self):
+ return self._user_attributes.get('is_admin', False)