Mercurial > kallithea
comparison pylons_app/lib/auth.py @ 190:d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Sat, 22 May 2010 01:43:42 +0200 |
parents | f24b9a2934cf |
children | 3d1dd13887f9 |
comparison
equal
deleted
inserted
replaced
189:410101210923 | 190:d8eb7ee27b4c |
---|---|
1 import logging | |
2 from datetime import datetime | 1 from datetime import datetime |
3 import crypt | 2 from decorator import decorator |
3 from functools import wraps | |
4 from pylons import session, url | 4 from pylons import session, url |
5 from pylons.controllers.util import abort, redirect | 5 from pylons.controllers.util import abort, redirect |
6 from decorator import decorator | |
7 from sqlalchemy.exc import OperationalError | |
8 log = logging.getLogger(__name__) | |
9 from pylons_app.model import meta | 6 from pylons_app.model import meta |
10 from pylons_app.model.db import Users, UserLogs | 7 from pylons_app.model.db import Users, UserLogs |
8 from sqlalchemy.exc import OperationalError | |
11 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound | 9 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound |
10 import crypt | |
11 import logging | |
12 log = logging.getLogger(__name__) | |
12 | 13 |
13 def get_crypt_password(password): | 14 def get_crypt_password(password): |
15 """ | |
16 Cryptographic function used for password hashing | |
17 @param password: password to hash | |
18 """ | |
14 return crypt.crypt(password, '6a') | 19 return crypt.crypt(password, '6a') |
15 | |
16 def admin_auth(username, password): | |
17 sa = meta.Session | |
18 password_crypt = get_crypt_password(password) | |
19 | |
20 try: | |
21 user = sa.query(Users).filter(Users.username == username).one() | |
22 except (NoResultFound, MultipleResultsFound, OperationalError) as e: | |
23 log.error(e) | |
24 user = None | |
25 | |
26 if user: | |
27 if user.active: | |
28 if user.username == username and user.password == password_crypt and user.admin: | |
29 log.info('user %s authenticated correctly', username) | |
30 return True | |
31 else: | |
32 log.error('user %s is disabled', username) | |
33 | |
34 return False | |
35 | 20 |
36 def authfunc(environ, username, password): | 21 def authfunc(environ, username, password): |
37 sa = meta.Session | 22 sa = meta.Session |
38 password_crypt = get_crypt_password(password) | 23 password_crypt = get_crypt_password(password) |
39 try: | 24 try: |
72 else: | 57 else: |
73 log.error('user %s is disabled', username) | 58 log.error('user %s is disabled', username) |
74 | 59 |
75 return False | 60 return False |
76 | 61 |
62 class AuthUser(object): | |
63 """ | |
64 A simple object that handles a mercurial username for authentication | |
65 """ | |
66 username = 'Empty' | |
67 is_authenticated = False | |
68 is_admin = False | |
69 permissions = set() | |
70 group = set() | |
71 | |
72 def __init__(self): | |
73 pass | |
74 | |
75 #=============================================================================== | |
76 # DECORATORS | |
77 #=============================================================================== | |
78 class LoginRequired(object): | |
79 """ | |
80 Must be logged in to execute this function else redirect to login page | |
81 """ | |
82 def __init__(self): | |
83 pass | |
84 | |
85 def __call__(self, func): | |
86 log.info('Checking login required') | |
87 | |
88 @wraps(func) | |
89 def _wrapper(*fargs, **fkwargs): | |
90 user = session.get('hg_app_user', AuthUser()) | |
91 if user.is_authenticated: | |
92 log.info('user %s is authenticated', user.username) | |
93 func(*fargs) | |
94 else: | |
95 logging.info('user %s not authenticated', user.username) | |
96 return redirect(url('login_home')) | |
77 | 97 |
78 @decorator | 98 return _wrapper |
79 def authenticate(fn, *args, **kwargs): | |
80 if not session.get('admin_user', False): | |
81 redirect(url('admin_home'), 301) | |
82 return fn(*args, **kwargs) | |
83 |