mirror of
https://github.com/binary-kitchen/doorlockd
synced 2024-12-22 10:24:26 +01:00
pydoorlock: Authenticator: Move all auth-related logic to Authenticator
By passing the configuration Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de>
This commit is contained in:
parent
faecb6b98f
commit
badeb1945b
16
doorlockd
16
doorlockd
@ -83,7 +83,6 @@ cfg = Config(SYSCONFDIR)
|
|||||||
|
|
||||||
# Booleans
|
# Booleans
|
||||||
debug = cfg.boolean('DEBUG')
|
debug = cfg.boolean('DEBUG')
|
||||||
simulate_auth = cfg.boolean('SIMULATE_AUTH')
|
|
||||||
simulate_serial = cfg.boolean('SIMULATE_SERIAL')
|
simulate_serial = cfg.boolean('SIMULATE_SERIAL')
|
||||||
run_hooks = cfg.boolean('RUN_HOOKS')
|
run_hooks = cfg.boolean('RUN_HOOKS')
|
||||||
sounds = cfg.boolean('SOUNDS')
|
sounds = cfg.boolean('SOUNDS')
|
||||||
@ -93,12 +92,6 @@ room = cfg.str('ROOM')
|
|||||||
title = cfg.str('TITLE')
|
title = cfg.str('TITLE')
|
||||||
welcome = cfg.str('WELCOME')
|
welcome = cfg.str('WELCOME')
|
||||||
|
|
||||||
# Auth backends
|
|
||||||
file_local_db = cfg.str('LOCAL_USER_DB')
|
|
||||||
|
|
||||||
ldap_uri = cfg.str('LDAP_URI')
|
|
||||||
ldap_binddn = cfg.str('LDAP_BINDDN')
|
|
||||||
|
|
||||||
webapp.config['SECRET_KEY'] = cfg.str('SECRET_KEY')
|
webapp.config['SECRET_KEY'] = cfg.str('SECRET_KEY')
|
||||||
|
|
||||||
|
|
||||||
@ -294,14 +287,7 @@ class DoorHandler:
|
|||||||
|
|
||||||
class Logic:
|
class Logic:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.auth = Authenticator(simulate_auth)
|
self.auth = Authenticator(cfg)
|
||||||
if ldap_uri and ldap_binddn:
|
|
||||||
log.info('Initialising LDAP auth backend')
|
|
||||||
self.auth.enable_ldap_backend(ldap_uri, ldap_binddn)
|
|
||||||
if file_local_db:
|
|
||||||
log.info('Initialising local auth backend')
|
|
||||||
self.auth.enable_local_backend(file_local_db)
|
|
||||||
|
|
||||||
self.door_handler = DoorHandler(serial_port)
|
self.door_handler = DoorHandler(serial_port)
|
||||||
|
|
||||||
def _request(self, state, credentials):
|
def _request(self, state, credentials):
|
||||||
|
@ -76,35 +76,39 @@ class AuthenticationResult(Enum):
|
|||||||
return 'Internal authentication error'
|
return 'Internal authentication error'
|
||||||
|
|
||||||
class Authenticator:
|
class Authenticator:
|
||||||
def __init__(self, simulate=False):
|
def __init__(self, cfg):
|
||||||
self._simulate = simulate
|
self._simulate = cfg.boolean('SIMULATE_AUTH')
|
||||||
self._backends = set()
|
self._backends = set()
|
||||||
|
|
||||||
|
if self._simulate:
|
||||||
|
return
|
||||||
|
|
||||||
|
self._ldap_uri = cfg.str('LDAP_URI')
|
||||||
|
self._ldap_binddn = cfg.str('LDAP_BINDDN')
|
||||||
|
if self._ldap_uri and self._ldap_binddn:
|
||||||
|
log.info('Initialising LDAP auth backend')
|
||||||
|
self._backends.add(AuthMethod.LDAP_USER_PW)
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
|
||||||
|
ldap.set_option(ldap.OPT_REFERRALS, 0)
|
||||||
|
|
||||||
|
file_local_db = cfg.str('LOCAL_USER_DB')
|
||||||
|
if file_local_db:
|
||||||
|
log.info('Initialising local auth backend')
|
||||||
|
self._local_db = dict()
|
||||||
|
|
||||||
|
with open(file_local_db, 'r') as f:
|
||||||
|
for line in f:
|
||||||
|
line = line.split()
|
||||||
|
user = line[0]
|
||||||
|
pwd = line[1].split(':')
|
||||||
|
self._local_db[user] = pwd
|
||||||
|
|
||||||
|
self._backends.add(AuthMethod.LOCAL_USER_DB)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def backends(self):
|
def backends(self):
|
||||||
return self._backends
|
return self._backends
|
||||||
|
|
||||||
def enable_ldap_backend(self, uri, binddn):
|
|
||||||
self._ldap_uri = uri
|
|
||||||
self._ldap_binddn = binddn
|
|
||||||
self._backends.add(AuthMethod.LDAP_USER_PW)
|
|
||||||
|
|
||||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
|
|
||||||
ldap.set_option(ldap.OPT_REFERRALS, 0)
|
|
||||||
|
|
||||||
|
|
||||||
def enable_local_backend(self, filename):
|
|
||||||
self._local_db = dict()
|
|
||||||
|
|
||||||
with open(filename, 'r') as f:
|
|
||||||
for line in f:
|
|
||||||
line = line.split()
|
|
||||||
user = line[0]
|
|
||||||
pwd = line[1].split(':')
|
|
||||||
self._local_db[user] = pwd
|
|
||||||
|
|
||||||
self._backends.add(AuthMethod.LOCAL_USER_DB)
|
|
||||||
|
|
||||||
def _try_auth_local(self, user, password):
|
def _try_auth_local(self, user, password):
|
||||||
if user not in self._local_db:
|
if user not in self._local_db:
|
||||||
return AuthenticationResult.Perm
|
return AuthenticationResult.Perm
|
||||||
|
Loading…
Reference in New Issue
Block a user