mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
Fix is_authenticated mechanism
This commit is contained in:
parent
d7a33e5a14
commit
0a13e5b000
2 changed files with 18 additions and 24 deletions
|
@ -32,6 +32,7 @@ class BaseAuthenticator(object):
|
||||||
|
|
||||||
def __init__(self, name):
|
def __init__(self, name):
|
||||||
self._name = name
|
self._name = name
|
||||||
|
self.is_authenticated = False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def name(self):
|
def name(self):
|
||||||
|
@ -44,12 +45,6 @@ class BaseAuthenticator(object):
|
||||||
"""The vendor name of the authenticator"""
|
"""The vendor name of the authenticator"""
|
||||||
vendor = None
|
vendor = None
|
||||||
|
|
||||||
@property
|
|
||||||
def is_authenticated(self):
|
|
||||||
"""Either the instance is authenticated or not"""
|
|
||||||
raise NotImplementedError("derived class '%s' must override this property" %
|
|
||||||
self.__class__.__name__)
|
|
||||||
|
|
||||||
# Virtual methods
|
# Virtual methods
|
||||||
# Each authenticator classes must implement these methods.
|
# Each authenticator classes must implement these methods.
|
||||||
|
|
||||||
|
@ -103,6 +98,8 @@ class BaseAuthenticator(object):
|
||||||
self.name, self.vendor, e)
|
self.name, self.vendor, e)
|
||||||
raise MoulinetteError('unable_authenticate')
|
raise MoulinetteError('unable_authenticate')
|
||||||
|
|
||||||
|
self.is_authenticated = True
|
||||||
|
|
||||||
# Store session for later using the provided (new) token if any
|
# Store session for later using the provided (new) token if any
|
||||||
if token:
|
if token:
|
||||||
try:
|
try:
|
||||||
|
@ -123,12 +120,14 @@ class BaseAuthenticator(object):
|
||||||
s_id, s_token = token
|
s_id, s_token = token
|
||||||
# Attempt to authenticate
|
# Attempt to authenticate
|
||||||
self._authenticate_session(s_id, s_token)
|
self._authenticate_session(s_id, s_token)
|
||||||
except MoulinetteError:
|
except MoulinetteError as e:
|
||||||
raise
|
raise
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.exception("authentication (name: '%s', vendor: '%s') fails because '%s'",
|
logger.exception("authentication (name: '%s', vendor: '%s') fails because '%s'",
|
||||||
self.name, self.vendor, e)
|
self.name, self.vendor, e)
|
||||||
raise MoulinetteError('unable_authenticate')
|
raise MoulinetteError('unable_authenticate')
|
||||||
|
else:
|
||||||
|
self.is_authenticated = True
|
||||||
|
|
||||||
#
|
#
|
||||||
# No credentials given, can't authenticate
|
# No credentials given, can't authenticate
|
||||||
|
|
|
@ -57,21 +57,6 @@ class Authenticator(BaseAuthenticator):
|
||||||
|
|
||||||
vendor = 'ldap'
|
vendor = 'ldap'
|
||||||
|
|
||||||
@property
|
|
||||||
def is_authenticated(self):
|
|
||||||
if self.con is None:
|
|
||||||
return False
|
|
||||||
try:
|
|
||||||
# Retrieve identity
|
|
||||||
who = self.con.whoami_s()
|
|
||||||
except Exception as e:
|
|
||||||
logger.warning("Error during ldap authentication process: %s", e)
|
|
||||||
return False
|
|
||||||
else:
|
|
||||||
if who[3:] == self.userdn:
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
# Implement virtual methods
|
# Implement virtual methods
|
||||||
|
|
||||||
def authenticate(self, password):
|
def authenticate(self, password):
|
||||||
|
@ -89,6 +74,16 @@ class Authenticator(BaseAuthenticator):
|
||||||
except ldap.SERVER_DOWN:
|
except ldap.SERVER_DOWN:
|
||||||
logger.exception('unable to reach the server to authenticate')
|
logger.exception('unable to reach the server to authenticate')
|
||||||
raise MoulinetteError('ldap_server_down')
|
raise MoulinetteError('ldap_server_down')
|
||||||
|
|
||||||
|
# Check that we are indeed logged in with the right identity
|
||||||
|
try:
|
||||||
|
who = con.whoami_s()
|
||||||
|
except Exception as e:
|
||||||
|
logger.warning("Error during ldap authentication process: %s", e)
|
||||||
|
raise
|
||||||
|
else:
|
||||||
|
if who[3:] != self.userdn:
|
||||||
|
raise MoulinetteError("Not logged in with the expected userdn ?!")
|
||||||
else:
|
else:
|
||||||
self.con = con
|
self.con = con
|
||||||
self._ensure_password_uses_strong_hash(password)
|
self._ensure_password_uses_strong_hash(password)
|
||||||
|
|
Loading…
Reference in a new issue