Fix is_authenticated mechanism

This commit is contained in:
Alexandre Aubin 2019-08-21 16:12:03 +02:00
parent d7a33e5a14
commit 0a13e5b000
2 changed files with 18 additions and 24 deletions

View file

@ -32,6 +32,7 @@ class BaseAuthenticator(object):
def __init__(self, name):
self._name = name
self.is_authenticated = False
@property
def name(self):
@ -44,12 +45,6 @@ class BaseAuthenticator(object):
"""The vendor name of the authenticator"""
vendor = None
@property
def is_authenticated(self):
"""Either the instance is authenticated or not"""
raise NotImplementedError("derived class '%s' must override this property" %
self.__class__.__name__)
# Virtual methods
# Each authenticator classes must implement these methods.
@ -103,6 +98,8 @@ class BaseAuthenticator(object):
self.name, self.vendor, e)
raise MoulinetteError('unable_authenticate')
self.is_authenticated = True
# Store session for later using the provided (new) token if any
if token:
try:
@ -123,12 +120,14 @@ class BaseAuthenticator(object):
s_id, s_token = token
# Attempt to authenticate
self._authenticate_session(s_id, s_token)
except MoulinetteError:
except MoulinetteError as e:
raise
except Exception as e:
logger.exception("authentication (name: '%s', vendor: '%s') fails because '%s'",
self.name, self.vendor, e)
raise MoulinetteError('unable_authenticate')
else:
self.is_authenticated = True
#
# No credentials given, can't authenticate

View file

@ -57,21 +57,6 @@ class Authenticator(BaseAuthenticator):
vendor = 'ldap'
@property
def is_authenticated(self):
if self.con is None:
return False
try:
# Retrieve identity
who = self.con.whoami_s()
except Exception as e:
logger.warning("Error during ldap authentication process: %s", e)
return False
else:
if who[3:] == self.userdn:
return True
return False
# Implement virtual methods
def authenticate(self, password):
@ -89,6 +74,16 @@ class Authenticator(BaseAuthenticator):
except ldap.SERVER_DOWN:
logger.exception('unable to reach the server to authenticate')
raise MoulinetteError('ldap_server_down')
# Check that we are indeed logged in with the right identity
try:
who = con.whoami_s()
except Exception as e:
logger.warning("Error during ldap authentication process: %s", e)
raise
else:
if who[3:] != self.userdn:
raise MoulinetteError("Not logged in with the expected userdn ?!")
else:
self.con = con
self._ensure_password_uses_strong_hash(password)