lenticular_cloud2/lenticular_cloud/auth_providers.py

from flask import current_app
from flask_wtf import FlaskForm
from .form.auth import PasswordForm, TotpForm, Fido2Form
from hmac import compare_digest as compare_hash
import crypt
from .model import User
import logging


logger = logging.getLogger(__name__)


class AuthProvider:

    @classmethod
    def get_name(csl):
        return csl.__name__

    @staticmethod
    def get_form() -> FlaskForm:
        return

    @staticmethod
    def check_auth(user: User, form) -> bool:
        '''
        checks the submited form is valid
        return true if user is allowed to auth
        '''
        return False


class PasswordAuthProvider(AuthProvider):

    @staticmethod
    def get_form() -> FlaskForm:
        return PasswordForm(prefix='password')

    @staticmethod
    def check_auth(user: User, form: FlaskForm) -> bool:
        if isinstance(form.data['password'], str):
            return PasswordAuthProvider.check_auth_internal(user, form.data['password'])
        else:
            return False
    @staticmethod
    def check_auth_internal(user: User, password: str) -> bool:
        return compare_hash(crypt.crypt(password, user.password_hashed),user.password_hashed) 


class U2FAuthProvider(AuthProvider):
    @staticmethod
    def get_from() -> FlaskForm:
        return Fido2Form(prefix='fido2')


class WebAuthProvider(AuthProvider):
    pass


class TotpAuthProvider(AuthProvider):

    @staticmethod
    def get_form():
        return TotpForm(prefix='totp')

    @staticmethod
    def check_auth(user: User, form: FlaskForm) -> bool:
        data = form.data['totp']
        if data is not None:
            #print(f'data totp: {data}')
            if len(user.totps) == 0:  # migration, TODO remove
                return True
            for totp in user.totps:
                if totp.verify(data):
                    return True
        return False


AUTH_PROVIDER_LIST = [
    PasswordAuthProvider,
    TotpAuthProvider
]

#print(LdapAuthProvider.get_name())
init commit 2020-05-09 18:00:07 +00:00			`from flask import current_app`
more ldap migration 2022-06-18 17:35:05 +00:00			`from flask_wtf import FlaskForm`
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`from .form.auth import PasswordForm, TotpForm, Fido2Form`
more ldap migration 2022-06-18 17:35:05 +00:00			`from hmac import compare_digest as compare_hash`
			`import crypt`
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`from .model import User`
			`import logging`


			`logger = logging.getLogger(__name__)`

init commit 2020-05-09 18:00:07 +00:00

			`class AuthProvider:`

			`@classmethod`
			`def get_name(csl):`
			`return csl.__name__`

			`@staticmethod`
more ldap migration 2022-06-18 17:35:05 +00:00			`def get_form() -> FlaskForm:`
init commit 2020-05-09 18:00:07 +00:00			`return`

			`@staticmethod`
more ldap migration 2022-06-18 17:35:05 +00:00			`def check_auth(user: User, form) -> bool:`
init commit 2020-05-09 18:00:07 +00:00			`'''`
			`checks the submited form is valid`
			`return true if user is allowed to auth`
			`'''`
			`return False`


more ldap migration 2022-06-18 17:35:05 +00:00			`class PasswordAuthProvider(AuthProvider):`
init commit 2020-05-09 18:00:07 +00:00
			`@staticmethod`
more ldap migration 2022-06-18 17:35:05 +00:00			`def get_form() -> FlaskForm:`
init commit 2020-05-09 18:00:07 +00:00			`return PasswordForm(prefix='password')`

			`@staticmethod`
more ldap migration 2022-06-18 17:35:05 +00:00			`def check_auth(user: User, form: FlaskForm) -> bool:`
			`if isinstance(form.data['password'], str):`
			`return PasswordAuthProvider.check_auth_internal(user, form.data['password'])`
			`else:`
init commit 2020-05-09 18:00:07 +00:00			`return False`
more ldap migration 2022-06-18 17:35:05 +00:00			`@staticmethod`
			`def check_auth_internal(user: User, password: str) -> bool:`
			`return compare_hash(crypt.crypt(password, user.password_hashed),user.password_hashed)`
init commit 2020-05-09 18:00:07 +00:00

			`class U2FAuthProvider(AuthProvider):`
			`@staticmethod`
more ldap migration 2022-06-18 17:35:05 +00:00			`def get_from() -> FlaskForm:`
init commit 2020-05-09 18:00:07 +00:00			`return Fido2Form(prefix='fido2')`


			`class WebAuthProvider(AuthProvider):`
			`pass`


			`class TotpAuthProvider(AuthProvider):`

			`@staticmethod`
			`def get_form():`
			`return TotpForm(prefix='totp')`

			`@staticmethod`
more ldap migration 2022-06-18 17:35:05 +00:00			`def check_auth(user: User, form: FlaskForm) -> bool:`
init commit 2020-05-09 18:00:07 +00:00			`data = form.data['totp']`
			`if data is not None:`
bugfixes, cleanup 2022-02-06 22:57:01 +00:00			`#print(f'data totp: {data}')`
add 2fa totp 2020-05-10 12:34:28 +00:00			`if len(user.totps) == 0: # migration, TODO remove`
			`return True`
init commit 2020-05-09 18:00:07 +00:00			`for totp in user.totps:`
add 2fa totp 2020-05-10 12:34:28 +00:00			`if totp.verify(data):`
init commit 2020-05-09 18:00:07 +00:00			`return True`
			`return False`


			`AUTH_PROVIDER_LIST = [`
more ldap migration 2022-06-18 17:35:05 +00:00			`PasswordAuthProvider,`
init commit 2020-05-09 18:00:07 +00:00			`TotpAuthProvider`
			`]`

bugfixes, cleanup 2022-02-06 22:57:01 +00:00			`#print(LdapAuthProvider.get_name())`
init commit 2020-05-09 18:00:07 +00:00