From 7e805dff08d4cbe14abab567edb7a301bdde6dda Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Thu, 20 Oct 2016 19:13:00 -0200 Subject: Moving authentication out of login_resource This is ongoing work to be able to accept and validate user domain on login (so the user can use or ) We are extracting the authentication logic from login_resource to be able to test and cover the cases we need --- service/pixelated/authentication.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 service/pixelated/authentication.py (limited to 'service/pixelated/authentication.py') diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py new file mode 100644 index 00000000..4b268435 --- /dev/null +++ b/service/pixelated/authentication.py @@ -0,0 +1,32 @@ +import re +from email.utils import parseaddr + +class Authentication(object): + + def __init__(self, domain): + self.domain = domain + # self.token = token + # self.uuid = uuid + # self.session_id = session_id + # self._user_attributes = user_attributes + + def authenticate(self, username, password): + self.username = self.validate_username(username) + self.srp_auth(username, password) + + def validate_username(self, username): + if '@' not in username: return True + extracted_username = self.extract_username(username) + if self.username_with_domain(extracted_username) == username: + return True + else: + return False + + def extract_username(self, username): + return re.search('^([^@]+)@?.*$', username).group(1) + + def username_with_domain(self, username): + return '%s@%s' % (username, self.domain) + + def is_admin(self): + return self._user_attributes.get('is_admin', False) -- cgit v1.2.3