Commit 844dcc69 authored by Daniele Venzano's avatar Daniele Venzano

Merge back login page and cookies

parents 9b0e132e 57f8e9b6
# Copyright (c) 2016, Daniele Venzano
# Copyright (c) 2016, Quang-Nhat Hoang-Xuan
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -36,11 +36,12 @@ log = logging.getLogger(__name__)
class LDAPSASLAuthenticator(zoe_api.auth.base.BaseAuthenticator):
"""A simple LDAP authenticator."""
def __init__(self):
self.connection = ldap.initialize(get_conf().ldap_server_uri)
self.base_dn = get_conf().ldap_base_dn
self.connection.protocol_version = ldap.VERSION3
self.sasl_auth = ldap.sasl.sasl({},'GSSAPI')
self.sasl_auth = ldap.sasl.sasl({}, 'GSSAPI')
def auth(self, username, password):
"""Authenticate the user or raise an exception."""
......@@ -48,9 +49,9 @@ class LDAPSASLAuthenticator(zoe_api.auth.base.BaseAuthenticator):
uid = None
role = 'guest'
try:
self.connection.sasl_interactive_bind_s('',self.sasl_auth)
self.connection.sasl_interactive_bind_s('', self.sasl_auth)
result = self.connection.search_s(self.base_dn, ldap.SCOPE_SUBTREE, search_filter)
if len(result) == 0:
raise zoe_api.exceptions.ZoeAuthException('Unknown user or wrong password.')
user_dict = result[0][1]
......
......@@ -19,10 +19,10 @@ from random import randint
import json
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
from zoe_api.web.utils import get_auth, catch_exceptions
from zoe_api.web.utils import get_auth_login, get_auth, catch_exceptions
from zoe_api.web.custom_request_handler import ZoeRequestHandler
class RootWeb(ZoeRequestHandler):
"""Handler class"""
def initialize(self, **kwargs):
......@@ -35,7 +35,9 @@ class RootWeb(ZoeRequestHandler):
"""Home page without authentication."""
self.render('index.html')
class LoginWeb(ZoeRequestHandler):
"""The login web page."""
def initialize(self, **kwargs):
"""Initializes the request handler."""
super().initialize(**kwargs)
......@@ -43,19 +45,22 @@ class LoginWeb(ZoeRequestHandler):
@catch_exceptions
def get(self):
"""Login page."""
self.render('login.html')
@catch_exceptions
def post(self):
"""Try to authenticate."""
username = self.get_argument("username", "")
password = self.get_argument("password", "")
uid, role = get_auth_login(username, password)
if not self.get_secure_cookie('zoe'):
cookieVal = uid + '.' + role
self.set_secure_cookie('zoe',cookieVal)
cookie_val = uid + '.' + role
self.set_secure_cookie('zoe', cookie_val)
self.redirect(self.get_argument("next", u"/user"))
class HomeWeb(ZoeRequestHandler):
"""Handler class"""
def initialize(self, **kwargs):
......
......@@ -15,7 +15,6 @@
"""Functions needed by the Zoe web interface."""
import base64
import logging
from zoe_lib.config import get_conf
......@@ -53,18 +52,20 @@ def catch_exceptions(func):
return func_wrapper
def missing_auth(handler: ZoeRequestHandler):
handler.redirect(handler.get_argument('next', u'login'))
"""Sends a 401 response that enables basic auth"""
"""Redirect to login page."""
handler.redirect(handler.get_argument('next', u'/login'))
def get_auth_login(username, password):
"""Authenticate username and password against the configured user store."""
if get_conf().auth_type == 'text':
authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
elif get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator()
authenticator = LDAPAuthenticator() # type: BaseAuthenticator
elif get_conf().auth_type == 'ldapsasl':
authenticator = LDAPSASLAuthenticator()
authenticator = LDAPSASLAuthenticator() # type: BaseAuthenticator
else:
raise zoe_api.exceptions.ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
uid, role = authenticator.auth(username, password)
......@@ -73,6 +74,7 @@ def get_auth_login(username, password):
return uid, role
def get_auth(handler: ZoeRequestHandler):
"""Try to authenticate a request."""
......@@ -84,25 +86,6 @@ def get_auth(handler: ZoeRequestHandler):
else:
handler.redirect(handler.get_argument('next', u'/login'))
# auth_header = handler.request.headers.get('Authorization')
# if auth_header is None or not auth_header.startswith('Basic '):
# raise zoe_api.exceptions.ZoeAuthException
# auth_decoded = base64.decodebytes(bytes(auth_header[6:], 'ascii')).decode('utf-8')
# username, password = auth_decoded.split(':', 2)
# if get_conf().auth_type == 'text':
# authenticator = PlainTextAuthenticator() # type: BaseAuthenticator
# elif get_conf().auth_type == 'ldap':
# authenticator = LDAPAuthenticator()
# else:
# raise zoe_api.exceptions.ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
# uid, role = authenticator.auth(username, password)
# if uid is None:
# raise zoe_api.exceptions.ZoeAuthException
# log.info('Authentication done using auth-mechanism')
# return uid, role
def error_page(handler: ZoeRequestHandler, error_message: str, status: int):
"""Generate an error page."""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment