Fixed auth. Some cleanup

2020-09-02 13:07:21 +02:00 · 2020-09-02 13:07:21 +02:00 · 5bfa305c41
parent b4505de253
commit 5bfa305c41
7 changed files with 22 additions and 21 deletions
--- a/flaschengeist/modules/auth/init.py
+++ b/flaschengeist/modules/auth/init.py
@ -50,8 +50,8 @@ def _login():
        token = access_controller.create(user, user_agent=request.user_agent)
        logger.debug("access token is {{ {} }}".format(token))
        logger.debug("validate access token")
-        dic = user.toJSON()
-        dic["accessToken"] = token
+        dic = user.default()
+        dic["accessToken"] = token.token
        logger.info("User {{ {} }} success login.".format(username))
        logger.debug("return login {{ {} }}".format(dic))
        return jsonify(dic)
--- a/flaschengeist/modules/auth_ldap/init.py
+++ b/flaschengeist/modules/auth_ldap/init.py
@ -110,17 +110,17 @@ class AuthLDAP(modules.Auth):
                                    attributes=['uid', 'givenName', 'sn', 'mail'])
        r = self.ldap.connection.response[0]['attributes']
        if r['uid'][0] == user.uid:
-            user.setAttribute('DN', self.ldap.connection.response[0]['dn'])
+            user.set_attribute('DN', self.ldap.connection.response[0]['dn'])
            user.firstname = r['givenName'][0]
            user.lastname = r['sn'][0]
            if r['mail']:
                user.mail = r['mail'][0]
            if 'displayName' in r:
-                user.displayname = r['displayName'][0]
-            for group in self._getGroups(user.uid):
-                user.addGroup(group)
+                user.display_name = r['displayName'][0]
+            for group in self._get_groups(user.uid):
+                user.add_group(group)

-    def _getGroups(self, uid):
+    def _get_groups(self, uid):
        try:
            groups = []

@ -141,7 +141,7 @@ class AuthLDAP(modules.Auth):
                groups.append(data['attributes']['cn'][0])
            return groups
        except Exception as err:
-            debug.warning("exception in get groups from ldap", exc_info=True)
+            logger.warning("exception in get groups from ldap", exc_info=True)
        return []

 #    def getAllUser(self):
--- a/flaschengeist/modules/auth_plain/init.py
+++ b/flaschengeist/modules/auth_plain/init.py
@ -10,18 +10,18 @@ class AuthPlain(modules.Auth):
        if not user:
            return False
        if 'password' in user.attributes:
-            return self.__verify_password(user.attributes['password'].value, password)
+            return self._verify_password(user.attributes['password'].value, password)
        return False

-    def __hash_password(self, password):
+    def _hash_password(self, password):
        salt = hashlib.sha256(os.urandom(60)).hexdigest().encode('ascii')
-        pwdhash = hashlib.pbkdf2_hmac('sha3-512', password.encode('utf-8'), salt, 100000)
-        pwdhash = binascii.hexlify(pwdhash)
-        return (salt + pwdhash).decode('ascii')
+        pass_hash = hashlib.pbkdf2_hmac('sha3-512', password.encode('utf-8'), salt, 100000)
+        pass_hash = binascii.hexlify(pass_hash)
+        return (salt + pass_hash).decode('ascii')

-    def __verify_password(self, stored_password, provided_password):
+    def _verify_password(self, stored_password, provided_password):
        salt = stored_password[:64]
        stored_password = stored_password[64:]
-        pwdhash = hashlib.pbkdf2_hmac('sha3-512', provided_password.encode('utf-8'), salt.encode('ascii'), 100000)
-        pwdhash = binascii.hexlify(pwdhash).decode('ascii')
-        return pwdhash == stored_password
+        pass_hash = hashlib.pbkdf2_hmac('sha3-512', provided_password.encode('utf-8'), salt.encode('ascii'), 100000)
+        pass_hash = binascii.hexlify(pass_hash).decode('ascii')
+        return pass_hash == stored_password
--- a/flaschengeist/system/controller/accessTokenController.py
+++ b/flaschengeist/system/controller/accessTokenController.py
@ -65,7 +65,7 @@ class AccessTokenController(metaclass=Singleton):
                    return True
        return False

-    def create(self, user, user_agent=None):
+    def create(self, user, user_agent=None) -> AccessToken:
        """ Create an AccessToken

            Create an AccessToken for an User and add it to the tokenList.
@ -75,7 +75,7 @@ class AccessTokenController(metaclass=Singleton):
                user_agent: User agent to identify session

            Returns:
-                A created Token for User
+                AccessToken: A created Token for User
        """
        logger.debug("create access token")
        token_str = secrets.token_hex(16)
--- a/flaschengeist/system/controller/mainController/mainUserController.py
+++ b/flaschengeist/system/controller/mainController/mainUserController.py
@ -5,6 +5,7 @@ from flaschengeist.system.models.user import User
 from flaschengeist.system.database import db
 from flaschengeist import logger

+
 class Base:
    def loginUser(self, username, password):
        logger.info("login user {{ {} }}".format(username))
--- a/flaschengeist/system/models/accessToken.py
+++ b/flaschengeist/system/models/accessToken.py
@ -33,7 +33,7 @@ class AccessToken(db.Model):
        logger.debug("update timestamp from access token {{ {} }}".format(self))
        self.timestamp = datetime.utcnow()

-    def toJSON(self):
+    def default(self):
        """ Create Dic to dump in JSON

            Returns:
--- a/flaschengeist/system/models/user.py
+++ b/flaschengeist/system/models/user.py
@ -61,7 +61,7 @@ class User(db.Model):
        if 'display_name' in data:
            self.display_name = data['display_name']

-    def toJSON(self):
+    def default(self):
        return {
            # TODO: username should be UID?
            "username": self.uid,