lenticular_cloud2/lenticular_cloud/auth_providers.py

89 lines
1.9 KiB
Python
Raw Normal View History

2020-05-09 18:00:07 +00:00
from flask import current_app
from .form.auth import PasswordForm, TotpForm, Fido2Form
from ldap3 import Server, Connection, HASHED_SALTED_SHA256
2020-05-09 18:00:07 +00:00
from ldap3.core.exceptions import LDAPException
from .model import User
import logging
logger = logging.getLogger(__name__)
2020-05-09 18:00:07 +00:00
class AuthProvider:
@classmethod
def get_name(csl):
return csl.__name__
@staticmethod
def get_form():
return
@staticmethod
def check_auth(user, form) -> bool:
'''
checks the submited form is valid
return true if user is allowed to auth
'''
return False
class LdapAuthProvider(AuthProvider):
@staticmethod
def get_form():
return PasswordForm(prefix='password')
@staticmethod
def check_auth(user: User, form):
return LdapAuthProvider.check_auth_internal(
user, form.data['password'])
2020-05-21 11:20:27 +00:00
@staticmethod
def check_auth_internal(user, password):
2020-05-09 18:00:07 +00:00
server = Server(current_app.config['LDAP_URL'])
2020-05-21 11:20:27 +00:00
ldap_conn = Connection(server, user.entry_dn, password)
2020-05-09 18:00:07 +00:00
try:
return ldap_conn.bind()
except LDAPException:
return False
class U2FAuthProvider(AuthProvider):
@staticmethod
def get_from():
return Fido2Form(prefix='fido2')
class WebAuthProvider(AuthProvider):
pass
class TotpAuthProvider(AuthProvider):
@staticmethod
def get_form():
return TotpForm(prefix='totp')
@staticmethod
def check_auth(user, form):
data = form.data['totp']
if data is not None:
print(f'data totp: {data}')
2020-05-10 12:34:28 +00:00
if len(user.totps) == 0: # migration, TODO remove
return True
2020-05-09 18:00:07 +00:00
for totp in user.totps:
2020-05-10 12:34:28 +00:00
if totp.verify(data):
2020-05-09 18:00:07 +00:00
return True
return False
AUTH_PROVIDER_LIST = [
LdapAuthProvider,
TotpAuthProvider
]
print(LdapAuthProvider.get_name())