From badeb1945b65c3f770aeae8fd7109cb3d3e188a7 Mon Sep 17 00:00:00 2001 From: Ralf Ramsauer Date: Mon, 8 Oct 2018 19:47:26 +0200 Subject: [PATCH] pydoorlock: Authenticator: Move all auth-related logic to Authenticator By passing the configuration Signed-off-by: Ralf Ramsauer --- doorlockd | 16 +----------- pydoorlock/Authenticator.py | 50 ++++++++++++++++++++----------------- 2 files changed, 28 insertions(+), 38 deletions(-) diff --git a/doorlockd b/doorlockd index 7dc91d8..b4d48c8 100755 --- a/doorlockd +++ b/doorlockd @@ -83,7 +83,6 @@ cfg = Config(SYSCONFDIR) # Booleans debug = cfg.boolean('DEBUG') -simulate_auth = cfg.boolean('SIMULATE_AUTH') simulate_serial = cfg.boolean('SIMULATE_SERIAL') run_hooks = cfg.boolean('RUN_HOOKS') sounds = cfg.boolean('SOUNDS') @@ -93,12 +92,6 @@ room = cfg.str('ROOM') title = cfg.str('TITLE') welcome = cfg.str('WELCOME') -# Auth backends -file_local_db = cfg.str('LOCAL_USER_DB') - -ldap_uri = cfg.str('LDAP_URI') -ldap_binddn = cfg.str('LDAP_BINDDN') - webapp.config['SECRET_KEY'] = cfg.str('SECRET_KEY') @@ -294,14 +287,7 @@ class DoorHandler: class Logic: def __init__(self): - self.auth = Authenticator(simulate_auth) - if ldap_uri and ldap_binddn: - log.info('Initialising LDAP auth backend') - self.auth.enable_ldap_backend(ldap_uri, ldap_binddn) - if file_local_db: - log.info('Initialising local auth backend') - self.auth.enable_local_backend(file_local_db) - + self.auth = Authenticator(cfg) self.door_handler = DoorHandler(serial_port) def _request(self, state, credentials): diff --git a/pydoorlock/Authenticator.py b/pydoorlock/Authenticator.py index fed98d3..3ac7476 100644 --- a/pydoorlock/Authenticator.py +++ b/pydoorlock/Authenticator.py @@ -76,35 +76,39 @@ class AuthenticationResult(Enum): return 'Internal authentication error' class Authenticator: - def __init__(self, simulate=False): - self._simulate = simulate + def __init__(self, cfg): + self._simulate = cfg.boolean('SIMULATE_AUTH') self._backends = set() + if self._simulate: + return + + self._ldap_uri = cfg.str('LDAP_URI') + self._ldap_binddn = cfg.str('LDAP_BINDDN') + if self._ldap_uri and self._ldap_binddn: + log.info('Initialising LDAP auth backend') + self._backends.add(AuthMethod.LDAP_USER_PW) + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) + ldap.set_option(ldap.OPT_REFERRALS, 0) + + file_local_db = cfg.str('LOCAL_USER_DB') + if file_local_db: + log.info('Initialising local auth backend') + self._local_db = dict() + + with open(file_local_db, 'r') as f: + for line in f: + line = line.split() + user = line[0] + pwd = line[1].split(':') + self._local_db[user] = pwd + + self._backends.add(AuthMethod.LOCAL_USER_DB) + @property def backends(self): return self._backends - def enable_ldap_backend(self, uri, binddn): - self._ldap_uri = uri - self._ldap_binddn = binddn - self._backends.add(AuthMethod.LDAP_USER_PW) - - ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) - ldap.set_option(ldap.OPT_REFERRALS, 0) - - - def enable_local_backend(self, filename): - self._local_db = dict() - - with open(filename, 'r') as f: - for line in f: - line = line.split() - user = line[0] - pwd = line[1].split(':') - self._local_db[user] = pwd - - self._backends.add(AuthMethod.LOCAL_USER_DB) - def _try_auth_local(self, user, password): if user not in self._local_db: return AuthenticationResult.Perm