Mercurial > kallithea

comparison pylons_app/lib/auth.py @ 190:d8eb7ee27b4c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added LoginRequired decorator, empty User data container, hash functions
author Marcin Kuzminski <marcin@python-works.com>
date Sat, 22 May 2010 01:43:42 +0200
parents f24b9a2934cf
children 3d1dd13887f9
comparison
equal deleted inserted replaced
189:410101210923 190:d8eb7ee27b4c
1 import logging
2 from datetime import datetime 1 from datetime import datetime
3 import crypt 2 from decorator import decorator
3 from functools import wraps
4 from pylons import session, url 4 from pylons import session, url
5 from pylons.controllers.util import abort, redirect 5 from pylons.controllers.util import abort, redirect
6 from decorator import decorator
7 from sqlalchemy.exc import OperationalError
8 log = logging.getLogger(__name__)
9 from pylons_app.model import meta 6 from pylons_app.model import meta
10 from pylons_app.model.db import Users, UserLogs 7 from pylons_app.model.db import Users, UserLogs
8 from sqlalchemy.exc import OperationalError
11 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound 9 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
10 import crypt
11 import logging
12 log = logging.getLogger(__name__)
12 13
13 def get_crypt_password(password): 14 def get_crypt_password(password):
15 """
16 Cryptographic function used for password hashing
17 @param password: password to hash
18 """
14 return crypt.crypt(password, '6a') 19 return crypt.crypt(password, '6a')
15
16 def admin_auth(username, password):
17 sa = meta.Session
18 password_crypt = get_crypt_password(password)
19
20 try:
21 user = sa.query(Users).filter(Users.username == username).one()
22 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
23 log.error(e)
24 user = None
25
26 if user:
27 if user.active:
28 if user.username == username and user.password == password_crypt and user.admin:
29 log.info('user %s authenticated correctly', username)
30 return True
31 else:
32 log.error('user %s is disabled', username)
33
34 return False
35 20
36 def authfunc(environ, username, password): 21 def authfunc(environ, username, password):
37 sa = meta.Session 22 sa = meta.Session
38 password_crypt = get_crypt_password(password) 23 password_crypt = get_crypt_password(password)
39 try: 24 try:
72 else: 57 else:
73 log.error('user %s is disabled', username) 58 log.error('user %s is disabled', username)
74 59
75 return False 60 return False
76 61
62 class AuthUser(object):
63 """
64 A simple object that handles a mercurial username for authentication
65 """
66 username = 'Empty'
67 is_authenticated = False
68 is_admin = False
69 permissions = set()
70 group = set()
71
72 def __init__(self):
73 pass
74
75 #===============================================================================
76 # DECORATORS
77 #===============================================================================
78 class LoginRequired(object):
79 """
80 Must be logged in to execute this function else redirect to login page
81 """
82 def __init__(self):
83 pass
84
85 def __call__(self, func):
86 log.info('Checking login required')
87
88 @wraps(func)
89 def _wrapper(*fargs, **fkwargs):
90 user = session.get('hg_app_user', AuthUser())
91 if user.is_authenticated:
92 log.info('user %s is authenticated', user.username)
93 func(*fargs)
94 else:
95 logging.info('user %s not authenticated', user.username)
96 return redirect(url('login_home'))
77 97
78 @decorator 98 return _wrapper
79 def authenticate(fn, *args, **kwargs):
80 if not session.get('admin_user', False):
81 redirect(url('admin_home'), 301)
82 return fn(*args, **kwargs)
83