mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
Fix is_authenticated mechanism
This commit is contained in:
parent
d7a33e5a14
commit
0a13e5b000
2 changed files with 18 additions and 24 deletions
|
@ -32,6 +32,7 @@ class BaseAuthenticator(object):
|
|||
|
||||
def __init__(self, name):
|
||||
self._name = name
|
||||
self.is_authenticated = False
|
||||
|
||||
@property
|
||||
def name(self):
|
||||
|
@ -44,12 +45,6 @@ class BaseAuthenticator(object):
|
|||
"""The vendor name of the authenticator"""
|
||||
vendor = None
|
||||
|
||||
@property
|
||||
def is_authenticated(self):
|
||||
"""Either the instance is authenticated or not"""
|
||||
raise NotImplementedError("derived class '%s' must override this property" %
|
||||
self.__class__.__name__)
|
||||
|
||||
# Virtual methods
|
||||
# Each authenticator classes must implement these methods.
|
||||
|
||||
|
@ -103,6 +98,8 @@ class BaseAuthenticator(object):
|
|||
self.name, self.vendor, e)
|
||||
raise MoulinetteError('unable_authenticate')
|
||||
|
||||
self.is_authenticated = True
|
||||
|
||||
# Store session for later using the provided (new) token if any
|
||||
if token:
|
||||
try:
|
||||
|
@ -123,12 +120,14 @@ class BaseAuthenticator(object):
|
|||
s_id, s_token = token
|
||||
# Attempt to authenticate
|
||||
self._authenticate_session(s_id, s_token)
|
||||
except MoulinetteError:
|
||||
except MoulinetteError as e:
|
||||
raise
|
||||
except Exception as e:
|
||||
logger.exception("authentication (name: '%s', vendor: '%s') fails because '%s'",
|
||||
self.name, self.vendor, e)
|
||||
raise MoulinetteError('unable_authenticate')
|
||||
else:
|
||||
self.is_authenticated = True
|
||||
|
||||
#
|
||||
# No credentials given, can't authenticate
|
||||
|
|
|
@ -57,21 +57,6 @@ class Authenticator(BaseAuthenticator):
|
|||
|
||||
vendor = 'ldap'
|
||||
|
||||
@property
|
||||
def is_authenticated(self):
|
||||
if self.con is None:
|
||||
return False
|
||||
try:
|
||||
# Retrieve identity
|
||||
who = self.con.whoami_s()
|
||||
except Exception as e:
|
||||
logger.warning("Error during ldap authentication process: %s", e)
|
||||
return False
|
||||
else:
|
||||
if who[3:] == self.userdn:
|
||||
return True
|
||||
return False
|
||||
|
||||
# Implement virtual methods
|
||||
|
||||
def authenticate(self, password):
|
||||
|
@ -89,6 +74,16 @@ class Authenticator(BaseAuthenticator):
|
|||
except ldap.SERVER_DOWN:
|
||||
logger.exception('unable to reach the server to authenticate')
|
||||
raise MoulinetteError('ldap_server_down')
|
||||
|
||||
# Check that we are indeed logged in with the right identity
|
||||
try:
|
||||
who = con.whoami_s()
|
||||
except Exception as e:
|
||||
logger.warning("Error during ldap authentication process: %s", e)
|
||||
raise
|
||||
else:
|
||||
if who[3:] != self.userdn:
|
||||
raise MoulinetteError("Not logged in with the expected userdn ?!")
|
||||
else:
|
||||
self.con = con
|
||||
self._ensure_password_uses_strong_hash(password)
|
||||
|
|
Loading…
Reference in a new issue