lenticular_cloud2/lenticular_cloud/auth_providers.py

from flask import current_app
from .form.auth import PasswordForm, TotpForm, Fido2Form
from ldap3 import Server, Connection, HASHED_SALTED_SHA256
from ldap3.core.exceptions import LDAPException
from .model import User
import logging


logger = logging.getLogger(__name__)



class AuthProvider:

    @classmethod
    def get_name(csl):
        return csl.__name__

    @staticmethod
    def get_form():
        return

    @staticmethod
    def check_auth(user, form) -> bool:
        '''
        checks the submited form is valid
        return true if user is allowed to auth
        '''
        return False


class LdapAuthProvider(AuthProvider):

    @staticmethod
    def get_form():
        return PasswordForm(prefix='password')

    @staticmethod
    def check_auth(user: User, form):
        return LdapAuthProvider.check_auth_internal(
                user, form.data['password'])

    @staticmethod
    def check_auth_internal(user, password):
        server = Server(current_app.config['LDAP_URL'])
        ldap_conn = Connection(server, user.entry_dn, password)
        try:
            return ldap_conn.bind()
        except LDAPException:
            return False


class U2FAuthProvider(AuthProvider):
    @staticmethod
    def get_from():
        return Fido2Form(prefix='fido2')


class WebAuthProvider(AuthProvider):
    pass


class TotpAuthProvider(AuthProvider):

    @staticmethod
    def get_form():
        return TotpForm(prefix='totp')

    @staticmethod
    def check_auth(user, form):
        data = form.data['totp']
        if data is not None:
            #print(f'data totp: {data}')
            if len(user.totps) == 0:  # migration, TODO remove
                return True
            for totp in user.totps:
                if totp.verify(data):
                    return True
        return False


AUTH_PROVIDER_LIST = [
    LdapAuthProvider,
    TotpAuthProvider
]

#print(LdapAuthProvider.get_name())