From 5bfa305c414899fbeb52417849e21a5c14d55174 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <rpm@fthiessen.de>
Date: Wed, 2 Sep 2020 13:07:21 +0200
Subject: [PATCH] Fixed auth. Some cleanup

---
 flaschengeist/modules/auth/__init__.py         |  4 ++--
 flaschengeist/modules/auth_ldap/__init__.py    | 12 ++++++------
 flaschengeist/modules/auth_plain/__init__.py   | 18 +++++++++---------
 .../system/controller/accessTokenController.py |  4 ++--
 .../mainController/mainUserController.py       |  1 +
 flaschengeist/system/models/accessToken.py     |  2 +-
 flaschengeist/system/models/user.py            |  2 +-
 7 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/flaschengeist/modules/auth/__init__.py b/flaschengeist/modules/auth/__init__.py
index e17e143..1426083 100644
--- a/flaschengeist/modules/auth/__init__.py
+++ b/flaschengeist/modules/auth/__init__.py
@@ -50,8 +50,8 @@ def _login():
         token = access_controller.create(user, user_agent=request.user_agent)
         logger.debug("access token is {{ {} }}".format(token))
         logger.debug("validate access token")
-        dic = user.toJSON()
-        dic["accessToken"] = token
+        dic = user.default()
+        dic["accessToken"] = token.token
         logger.info("User {{ {} }} success login.".format(username))
         logger.debug("return login {{ {} }}".format(dic))
         return jsonify(dic)
diff --git a/flaschengeist/modules/auth_ldap/__init__.py b/flaschengeist/modules/auth_ldap/__init__.py
index 00e5803..1eb1530 100644
--- a/flaschengeist/modules/auth_ldap/__init__.py
+++ b/flaschengeist/modules/auth_ldap/__init__.py
@@ -110,17 +110,17 @@ class AuthLDAP(modules.Auth):
                                     attributes=['uid', 'givenName', 'sn', 'mail'])
         r = self.ldap.connection.response[0]['attributes']
         if r['uid'][0] == user.uid:
-            user.setAttribute('DN', self.ldap.connection.response[0]['dn'])
+            user.set_attribute('DN', self.ldap.connection.response[0]['dn'])
             user.firstname = r['givenName'][0]
             user.lastname = r['sn'][0]
             if r['mail']:
                 user.mail = r['mail'][0]
             if 'displayName' in r:
-                user.displayname = r['displayName'][0]
-            for group in self._getGroups(user.uid):
-                user.addGroup(group)
+                user.display_name = r['displayName'][0]
+            for group in self._get_groups(user.uid):
+                user.add_group(group)
 
-    def _getGroups(self, uid):
+    def _get_groups(self, uid):
         try:
             groups = []
 
@@ -141,7 +141,7 @@ class AuthLDAP(modules.Auth):
                 groups.append(data['attributes']['cn'][0])
             return groups
         except Exception as err:
-            debug.warning("exception in get groups from ldap", exc_info=True)
+            logger.warning("exception in get groups from ldap", exc_info=True)
         return []
 
 #    def getAllUser(self):
diff --git a/flaschengeist/modules/auth_plain/__init__.py b/flaschengeist/modules/auth_plain/__init__.py
index 908c642..2677d19 100644
--- a/flaschengeist/modules/auth_plain/__init__.py
+++ b/flaschengeist/modules/auth_plain/__init__.py
@@ -10,18 +10,18 @@ class AuthPlain(modules.Auth):
         if not user:
             return False
         if 'password' in user.attributes:
-            return self.__verify_password(user.attributes['password'].value, password)
+            return self._verify_password(user.attributes['password'].value, password)
         return False
 
-    def __hash_password(self, password):
+    def _hash_password(self, password):
         salt = hashlib.sha256(os.urandom(60)).hexdigest().encode('ascii')
-        pwdhash = hashlib.pbkdf2_hmac('sha3-512', password.encode('utf-8'), salt, 100000)
-        pwdhash = binascii.hexlify(pwdhash)
-        return (salt + pwdhash).decode('ascii')
+        pass_hash = hashlib.pbkdf2_hmac('sha3-512', password.encode('utf-8'), salt, 100000)
+        pass_hash = binascii.hexlify(pass_hash)
+        return (salt + pass_hash).decode('ascii')
 
-    def __verify_password(self, stored_password, provided_password):
+    def _verify_password(self, stored_password, provided_password):
         salt = stored_password[:64]
         stored_password = stored_password[64:]
-        pwdhash = hashlib.pbkdf2_hmac('sha3-512', provided_password.encode('utf-8'), salt.encode('ascii'), 100000)
-        pwdhash = binascii.hexlify(pwdhash).decode('ascii')
-        return pwdhash == stored_password
+        pass_hash = hashlib.pbkdf2_hmac('sha3-512', provided_password.encode('utf-8'), salt.encode('ascii'), 100000)
+        pass_hash = binascii.hexlify(pass_hash).decode('ascii')
+        return pass_hash == stored_password
diff --git a/flaschengeist/system/controller/accessTokenController.py b/flaschengeist/system/controller/accessTokenController.py
index 3b0ed76..f0cf293 100644
--- a/flaschengeist/system/controller/accessTokenController.py
+++ b/flaschengeist/system/controller/accessTokenController.py
@@ -65,7 +65,7 @@ class AccessTokenController(metaclass=Singleton):
                     return True
         return False
 
-    def create(self, user, user_agent=None):
+    def create(self, user, user_agent=None) -> AccessToken:
         """ Create an AccessToken
 
             Create an AccessToken for an User and add it to the tokenList.
@@ -75,7 +75,7 @@ class AccessTokenController(metaclass=Singleton):
                 user_agent: User agent to identify session
 
             Returns:
-                A created Token for User
+                AccessToken: A created Token for User
         """
         logger.debug("create access token")
         token_str = secrets.token_hex(16)
diff --git a/flaschengeist/system/controller/mainController/mainUserController.py b/flaschengeist/system/controller/mainController/mainUserController.py
index 761c9ba..4927650 100644
--- a/flaschengeist/system/controller/mainController/mainUserController.py
+++ b/flaschengeist/system/controller/mainController/mainUserController.py
@@ -5,6 +5,7 @@ from flaschengeist.system.models.user import User
 from flaschengeist.system.database import db
 from flaschengeist import logger
 
+
 class Base:
     def loginUser(self, username, password):
         logger.info("login user {{ {} }}".format(username))
diff --git a/flaschengeist/system/models/accessToken.py b/flaschengeist/system/models/accessToken.py
index 6003568..1383dd7 100644
--- a/flaschengeist/system/models/accessToken.py
+++ b/flaschengeist/system/models/accessToken.py
@@ -33,7 +33,7 @@ class AccessToken(db.Model):
         logger.debug("update timestamp from access token {{ {} }}".format(self))
         self.timestamp = datetime.utcnow()
 
-    def toJSON(self):
+    def default(self):
         """ Create Dic to dump in JSON
 
             Returns:
diff --git a/flaschengeist/system/models/user.py b/flaschengeist/system/models/user.py
index 0dd0321..c636be0 100644
--- a/flaschengeist/system/models/user.py
+++ b/flaschengeist/system/models/user.py
@@ -61,7 +61,7 @@ class User(db.Model):
         if 'display_name' in data:
             self.display_name = data['display_name']
 
-    def toJSON(self):
+    def default(self):
         return {
             # TODO: username should be UID?
             "username": self.uid,