89 lines
1.9 KiB
Python
89 lines
1.9 KiB
Python
from flask import current_app
|
|
from .form.auth import PasswordForm, TotpForm, Fido2Form
|
|
from ldap3 import Server, Connection, HASHED_SALTED_SHA256
|
|
from ldap3.core.exceptions import LDAPException
|
|
from .model import User
|
|
import logging
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
class AuthProvider:
|
|
|
|
@classmethod
|
|
def get_name(csl):
|
|
return csl.__name__
|
|
|
|
@staticmethod
|
|
def get_form():
|
|
return
|
|
|
|
@staticmethod
|
|
def check_auth(user, form) -> bool:
|
|
'''
|
|
checks the submited form is valid
|
|
return true if user is allowed to auth
|
|
'''
|
|
return False
|
|
|
|
|
|
class LdapAuthProvider(AuthProvider):
|
|
|
|
@staticmethod
|
|
def get_form():
|
|
return PasswordForm(prefix='password')
|
|
|
|
@staticmethod
|
|
def check_auth(user: User, form):
|
|
return LdapAuthProvider.check_auth_internal(
|
|
user, form.data['password'])
|
|
|
|
@staticmethod
|
|
def check_auth_internal(user, password):
|
|
server = Server(current_app.config['LDAP_URL'])
|
|
ldap_conn = Connection(server, user.entry_dn, password)
|
|
try:
|
|
return ldap_conn.bind()
|
|
except LDAPException:
|
|
return False
|
|
|
|
|
|
class U2FAuthProvider(AuthProvider):
|
|
@staticmethod
|
|
def get_from():
|
|
return Fido2Form(prefix='fido2')
|
|
|
|
|
|
class WebAuthProvider(AuthProvider):
|
|
pass
|
|
|
|
|
|
class TotpAuthProvider(AuthProvider):
|
|
|
|
@staticmethod
|
|
def get_form():
|
|
return TotpForm(prefix='totp')
|
|
|
|
@staticmethod
|
|
def check_auth(user, form):
|
|
data = form.data['totp']
|
|
if data is not None:
|
|
#print(f'data totp: {data}')
|
|
if len(user.totps) == 0: # migration, TODO remove
|
|
return True
|
|
for totp in user.totps:
|
|
if totp.verify(data):
|
|
return True
|
|
return False
|
|
|
|
|
|
AUTH_PROVIDER_LIST = [
|
|
LdapAuthProvider,
|
|
TotpAuthProvider
|
|
]
|
|
|
|
#print(LdapAuthProvider.get_name())
|
|
|