YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix is_authenticated mechanism

Browse source
This commit is contained in:
Alexandre Aubin 2019-08-21 16:12:03 +02:00
parent d7a33e5a14
commit 0a13e5b000
2 changed files with 18 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
moulinette/authenticators/__init__.py
View file

@ -32,6 +32,7 @@ class BaseAuthenticator(object):
def __init__(self, name): def __init__(self, name):
self._name = name self._name = name
self.is_authenticated = False
@property @property
def name(self): def name(self):
@ -44,12 +45,6 @@ class BaseAuthenticator(object):
"""The vendor name of the authenticator""" """The vendor name of the authenticator"""
vendor = None vendor = None
@property
def is_authenticated(self):
"""Either the instance is authenticated or not"""
raise NotImplementedError("derived class '%s' must override this property" %
self.__class__.__name__)
# Virtual methods # Virtual methods
# Each authenticator classes must implement these methods. # Each authenticator classes must implement these methods.
@ -103,6 +98,8 @@ class BaseAuthenticator(object):
self.name, self.vendor, e) self.name, self.vendor, e)
raise MoulinetteError('unable_authenticate') raise MoulinetteError('unable_authenticate')
self.is_authenticated = True
# Store session for later using the provided (new) token if any # Store session for later using the provided (new) token if any
if token: if token:
try: try:
@ -123,12 +120,14 @@ class BaseAuthenticator(object):
s_id, s_token = token s_id, s_token = token
# Attempt to authenticate # Attempt to authenticate
self._authenticate_session(s_id, s_token) self._authenticate_session(s_id, s_token)
except MoulinetteError: except MoulinetteError as e:
raise raise
except Exception as e: except Exception as e:
logger.exception("authentication (name: '%s', vendor: '%s') fails because '%s'", logger.exception("authentication (name: '%s', vendor: '%s') fails because '%s'",
self.name, self.vendor, e) self.name, self.vendor, e)
raise MoulinetteError('unable_authenticate') raise MoulinetteError('unable_authenticate')
else:
self.is_authenticated = True
# #
# No credentials given, can't authenticate # No credentials given, can't authenticate

29
moulinette/authenticators/ldap.py
View file

@ -57,21 +57,6 @@ class Authenticator(BaseAuthenticator):
vendor = 'ldap' vendor = 'ldap'
@property
def is_authenticated(self):
if self.con is None:
return False
try:
# Retrieve identity
who = self.con.whoami_s()
except Exception as e:
logger.warning("Error during ldap authentication process: %s", e)
return False
else:
if who[3:] == self.userdn:
return True
return False
# Implement virtual methods # Implement virtual methods
def authenticate(self, password): def authenticate(self, password):
@ -89,9 +74,19 @@ class Authenticator(BaseAuthenticator):
except ldap.SERVER_DOWN: except ldap.SERVER_DOWN:
logger.exception('unable to reach the server to authenticate') logger.exception('unable to reach the server to authenticate')
raise MoulinetteError('ldap_server_down') raise MoulinetteError('ldap_server_down')
# Check that we are indeed logged in with the right identity
try:
who = con.whoami_s()
except Exception as e:
logger.warning("Error during ldap authentication process: %s", e)
raise
else: else:
self.con = con if who[3:] != self.userdn:
self._ensure_password_uses_strong_hash(password) raise MoulinetteError("Not logged in with the expected userdn ?!")
else:
self.con = con
self._ensure_password_uses_strong_hash(password)
def _ensure_password_uses_strong_hash(self, password): def _ensure_password_uses_strong_hash(self, password):
# XXX this has been copy pasted from YunoHost, should we put that into moulinette? # XXX this has been copy pasted from YunoHost, should we put that into moulinette?