Commit cb5aeb6f authored by Daniele Venzano's avatar Daniele Venzano

Add file-base user store so LDAP is not an hard dependency

parent 1b991efd
......@@ -60,3 +60,4 @@ target/
.idea/
state.zoe
/zoe*.conf
zoepass.csv
# Copyright (c) 2016, Daniele Venzano
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Plain text file authentication module."""
import csv
import logging
import os
import zoe_api.auth.base
import zoe_api.exceptions
from zoe_lib.config import get_conf
log = logging.getLogger(__name__)
class PlainTextAuthenticator(zoe_api.auth.base.BaseAuthenticator):
"""A basic plain text file authenticator."""
def __init__(self):
self.passwd_file = get_conf().auth_file
if not os.access(self.passwd_file, os.R_OK):
raise zoe_api.exceptions.ZoeNotFoundException('Password file not found at: {}'.format(self.passwd_file))
def auth(self, username, password):
"""Authenticate the user or raise an exception."""
with open(self.passwd_file, "r") as passwd:
passwd_reader = csv.reader(passwd)
for row in passwd_reader:
if len(row) != 3:
continue
file_username = row[0]
file_password = row[1]
file_role = row[2]
if file_username == username and file_password == password:
return username, file_role
raise zoe_api.exceptions.ZoeAuthException('Unknown user or password.')
......@@ -19,7 +19,10 @@ import logging
from flask import Response, render_template
from zoe_lib.config import get_conf
from zoe_api.auth.ldap import LDAPAuthenticator
from zoe_api.auth.file import PlainTextAuthenticator
import zoe_api.exceptions
log = logging.getLogger(__name__)
......@@ -62,7 +65,12 @@ def get_auth(request):
if not auth:
raise zoe_api.exceptions.ZoeAuthException
authenticator = LDAPAuthenticator()
if get_conf().auth_type == 'text':
authenticator = PlainTextAuthenticator()
elif get_conf().auth_type == 'ldap':
authenticator = LDAPAuthenticator()
else:
raise zoe_api.exceptions.ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
uid, role = authenticator.auth(auth.username, auth.password)
if uid is None:
raise zoe_api.exceptions.ZoeAuthException
......
......@@ -72,6 +72,11 @@ def load_configuration(test_conf=None):
argparser.add_argument('--listen-port', type=int, help='Port to listen to for incoming connections', default=5001)
argparser.add_argument('--master-url', help='URL of the Zoe master process', default='tcp://127.0.0.1:4850')
# API auth options
argparser.add_argument('--auth-type', help='Authentication type (text or ldap)', default='text')
argparser.add_argument('--auth-file', help='Path to the CSV file containing user,pass,role lines for text authentication', default='zoepass.csv')
argparser.add_argument('--ldap-server-uri', help='LDAP server to use for authentication', default='ldap://localhost')
argparser.add_argument('--ldap-base-dn', help='LDAP base DN for users', default='ou=something,dc=any,dc=local')
argparser.add_argument('--ldap-admin-gid', type=int, help='LDAP group ID for admins', default=5000)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment