lenticular_cloud2/lenticular_cloud/auth_providers.py
2022-06-18 19:35:05 +02:00

86 lines
2 KiB
Python

from flask import current_app
from flask_wtf import FlaskForm
from .form.auth import PasswordForm, TotpForm, Fido2Form
from hmac import compare_digest as compare_hash
import crypt
from .model import User
import logging
logger = logging.getLogger(__name__)
class AuthProvider:
@classmethod
def get_name(csl):
return csl.__name__
@staticmethod
def get_form() -> FlaskForm:
return
@staticmethod
def check_auth(user: User, form) -> bool:
'''
checks the submited form is valid
return true if user is allowed to auth
'''
return False
class PasswordAuthProvider(AuthProvider):
@staticmethod
def get_form() -> FlaskForm:
return PasswordForm(prefix='password')
@staticmethod
def check_auth(user: User, form: FlaskForm) -> bool:
if isinstance(form.data['password'], str):
return PasswordAuthProvider.check_auth_internal(user, form.data['password'])
else:
return False
@staticmethod
def check_auth_internal(user: User, password: str) -> bool:
return compare_hash(crypt.crypt(password, user.password_hashed),user.password_hashed)
class U2FAuthProvider(AuthProvider):
@staticmethod
def get_from() -> FlaskForm:
return Fido2Form(prefix='fido2')
class WebAuthProvider(AuthProvider):
pass
class TotpAuthProvider(AuthProvider):
@staticmethod
def get_form():
return TotpForm(prefix='totp')
@staticmethod
def check_auth(user: User, form: FlaskForm) -> bool:
data = form.data['totp']
if data is not None:
#print(f'data totp: {data}')
if len(user.totps) == 0: # migration, TODO remove
return True
for totp in user.totps:
if totp.verify(data):
return True
return False
AUTH_PROVIDER_LIST = [
PasswordAuthProvider,
TotpAuthProvider
]
#print(LdapAuthProvider.get_name())