1
0
mirror of https://github.com/binary-kitchen/doorlockd synced 2024-12-22 02:14:26 +01:00

pydoorlock: Authenticator: Move all auth-related logic to Authenticator

By passing the configuration

Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de>
This commit is contained in:
Ralf Ramsauer 2018-10-08 19:47:26 +02:00
parent faecb6b98f
commit badeb1945b
2 changed files with 28 additions and 38 deletions

View File

@ -83,7 +83,6 @@ cfg = Config(SYSCONFDIR)
# Booleans
debug = cfg.boolean('DEBUG')
simulate_auth = cfg.boolean('SIMULATE_AUTH')
simulate_serial = cfg.boolean('SIMULATE_SERIAL')
run_hooks = cfg.boolean('RUN_HOOKS')
sounds = cfg.boolean('SOUNDS')
@ -93,12 +92,6 @@ room = cfg.str('ROOM')
title = cfg.str('TITLE')
welcome = cfg.str('WELCOME')
# Auth backends
file_local_db = cfg.str('LOCAL_USER_DB')
ldap_uri = cfg.str('LDAP_URI')
ldap_binddn = cfg.str('LDAP_BINDDN')
webapp.config['SECRET_KEY'] = cfg.str('SECRET_KEY')
@ -294,14 +287,7 @@ class DoorHandler:
class Logic:
def __init__(self):
self.auth = Authenticator(simulate_auth)
if ldap_uri and ldap_binddn:
log.info('Initialising LDAP auth backend')
self.auth.enable_ldap_backend(ldap_uri, ldap_binddn)
if file_local_db:
log.info('Initialising local auth backend')
self.auth.enable_local_backend(file_local_db)
self.auth = Authenticator(cfg)
self.door_handler = DoorHandler(serial_port)
def _request(self, state, credentials):

View File

@ -76,35 +76,39 @@ class AuthenticationResult(Enum):
return 'Internal authentication error'
class Authenticator:
def __init__(self, simulate=False):
self._simulate = simulate
def __init__(self, cfg):
self._simulate = cfg.boolean('SIMULATE_AUTH')
self._backends = set()
if self._simulate:
return
self._ldap_uri = cfg.str('LDAP_URI')
self._ldap_binddn = cfg.str('LDAP_BINDDN')
if self._ldap_uri and self._ldap_binddn:
log.info('Initialising LDAP auth backend')
self._backends.add(AuthMethod.LDAP_USER_PW)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_REFERRALS, 0)
file_local_db = cfg.str('LOCAL_USER_DB')
if file_local_db:
log.info('Initialising local auth backend')
self._local_db = dict()
with open(file_local_db, 'r') as f:
for line in f:
line = line.split()
user = line[0]
pwd = line[1].split(':')
self._local_db[user] = pwd
self._backends.add(AuthMethod.LOCAL_USER_DB)
@property
def backends(self):
return self._backends
def enable_ldap_backend(self, uri, binddn):
self._ldap_uri = uri
self._ldap_binddn = binddn
self._backends.add(AuthMethod.LDAP_USER_PW)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_REFERRALS, 0)
def enable_local_backend(self, filename):
self._local_db = dict()
with open(filename, 'r') as f:
for line in f:
line = line.split()
user = line[0]
pwd = line[1].split(':')
self._local_db[user] = pwd
self._backends.add(AuthMethod.LOCAL_USER_DB)
def _try_auth_local(self, user, password):
if user not in self._local_db:
return AuthenticationResult.Perm