lenticular_cloud2/lenticular_cloud/auth_providers.py

89 lines
1.9 KiB
Python

from flask import current_app
from .form.auth import PasswordForm, TotpForm, Fido2Form
from ldap3 import Server, Connection, HASHED_SALTED_SHA256
from ldap3.core.exceptions import LDAPException
from .model import User
import logging
logger = logging.getLogger(__name__)
class AuthProvider:
@classmethod
def get_name(csl):
return csl.__name__
@staticmethod
def get_form():
return
@staticmethod
def check_auth(user, form) -> bool:
'''
checks the submited form is valid
return true if user is allowed to auth
'''
return False
class LdapAuthProvider(AuthProvider):
@staticmethod
def get_form():
return PasswordForm(prefix='password')
@staticmethod
def check_auth(user: User, form):
return LdapAuthProvider.check_auth_internal(
user, form.data['password'])
@staticmethod
def check_auth_internal(user, password):
server = Server(current_app.config['LDAP_URL'])
ldap_conn = Connection(server, user.entry_dn, password)
try:
return ldap_conn.bind()
except LDAPException:
return False
class U2FAuthProvider(AuthProvider):
@staticmethod
def get_from():
return Fido2Form(prefix='fido2')
class WebAuthProvider(AuthProvider):
pass
class TotpAuthProvider(AuthProvider):
@staticmethod
def get_form():
return TotpForm(prefix='totp')
@staticmethod
def check_auth(user, form):
data = form.data['totp']
if data is not None:
print(f'data totp: {data}')
if len(user.totps) == 0: # migration, TODO remove
return True
for totp in user.totps:
if totp.verify(data):
return True
return False
AUTH_PROVIDER_LIST = [
LdapAuthProvider,
TotpAuthProvider
]
print(LdapAuthProvider.get_name())