Add file-base user store so LDAP is not an hard dependency

.gitignore

@@ -60,3 +60,4 @@ target/
 .idea/
 state.zoe
 /zoe*.conf
+zoepass.csv

zoe_api/auth/file.py

+# Copyright (c) 2016, Daniele Venzano
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Plain text file authentication module."""
+
+import csv
+import logging
+import os
+
+import zoe_api.auth.base
+import zoe_api.exceptions
+from zoe_lib.config import get_conf
+
+log = logging.getLogger(__name__)
+
+
+class PlainTextAuthenticator(zoe_api.auth.base.BaseAuthenticator):
+    """A basic plain text file authenticator."""
+    def __init__(self):
+        self.passwd_file = get_conf().auth_file
+        if not os.access(self.passwd_file, os.R_OK):
+            raise zoe_api.exceptions.ZoeNotFoundException('Password file not found at: {}'.format(self.passwd_file))
+
+    def auth(self, username, password):
+        """Authenticate the user or raise an exception."""
+        with open(self.passwd_file, "r") as passwd:
+            passwd_reader = csv.reader(passwd)
+            for row in passwd_reader:
+                if len(row) != 3:
+                    continue
+                file_username = row[0]
+                file_password = row[1]
+                file_role = row[2]
+                if file_username == username and file_password == password:
+                    return username, file_role
+            raise zoe_api.exceptions.ZoeAuthException('Unknown user or password.')

zoe_api/web/utils.py

@@ -19,7 +19,10 @@ import logging
 
 from flask import Response, render_template
 
+from zoe_lib.config import get_conf
+
 from zoe_api.auth.ldap import LDAPAuthenticator
+from zoe_api.auth.file import PlainTextAuthenticator
 import zoe_api.exceptions
 
 log = logging.getLogger(__name__)
@@ -62,7 +65,12 @@ def get_auth(request):
     if not auth:
         raise zoe_api.exceptions.ZoeAuthException
 
-    authenticator = LDAPAuthenticator()
+    if get_conf().auth_type == 'text':
+        authenticator = PlainTextAuthenticator()
+    elif get_conf().auth_type == 'ldap':
+        authenticator = LDAPAuthenticator()
+    else:
+        raise zoe_api.exceptions.ZoeException('Configuration error, unknown authentication method: {}'.format(get_conf().auth_type))
     uid, role = authenticator.auth(auth.username, auth.password)
     if uid is None:
         raise zoe_api.exceptions.ZoeAuthException

zoe_lib/config.py

@@ -72,6 +72,11 @@ def load_configuration(test_conf=None):
         argparser.add_argument('--listen-port', type=int, help='Port to listen to for incoming connections', default=5001)
         argparser.add_argument('--master-url', help='URL of the Zoe master process', default='tcp://127.0.0.1:4850')
 
+        # API auth options
+        argparser.add_argument('--auth-type', help='Authentication type (text or ldap)', default='text')
+
+        argparser.add_argument('--auth-file', help='Path to the CSV file containing user,pass,role lines for text authentication', default='zoepass.csv')
+
         argparser.add_argument('--ldap-server-uri', help='LDAP server to use for authentication', default='ldap://localhost')
         argparser.add_argument('--ldap-base-dn', help='LDAP base DN for users', default='ou=something,dc=any,dc=local')
         argparser.add_argument('--ldap-admin-gid', type=int, help='LDAP group ID for admins', default=5000)