pydoorlock: Authenticator: Move all auth-related logic to Authenticator

By passing the configuration Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de>
2024-10-31 22:47:05 +01:00 · 2018-10-08 19:47:26 +02:00 · 2018-10-08 19:47:26 +02:00 · badeb1945b
commit badeb1945b
parent faecb6b98f
2 changed files with 28 additions and 38 deletions
--- a/16
+++ b/16
@ -83,7 +83,6 @@ cfg = Config(SYSCONFDIR)

 # Booleans
 debug = cfg.boolean('DEBUG')
-simulate_auth = cfg.boolean('SIMULATE_AUTH')
 simulate_serial = cfg.boolean('SIMULATE_SERIAL')
 run_hooks = cfg.boolean('RUN_HOOKS')
 sounds = cfg.boolean('SOUNDS')
@ -93,12 +92,6 @@ room = cfg.str('ROOM')
 title = cfg.str('TITLE')
 welcome = cfg.str('WELCOME')

-# Auth backends
-file_local_db = cfg.str('LOCAL_USER_DB')
-
-ldap_uri = cfg.str('LDAP_URI')
-ldap_binddn = cfg.str('LDAP_BINDDN')
-
 webapp.config['SECRET_KEY'] = cfg.str('SECRET_KEY')


@ -294,14 +287,7 @@ class DoorHandler:

 class Logic:
    def __init__(self):
-        self.auth = Authenticator(simulate_auth)
-        if ldap_uri and ldap_binddn:
-            log.info('Initialising LDAP auth backend')
-            self.auth.enable_ldap_backend(ldap_uri, ldap_binddn)
-        if file_local_db:
-            log.info('Initialising local auth backend')
-            self.auth.enable_local_backend(file_local_db)
-
+        self.auth = Authenticator(cfg)
        self.door_handler = DoorHandler(serial_port)

    def _request(self, state, credentials):
--- a/pydoorlock/Authenticator.py
+++ b/pydoorlock/Authenticator.py
@ -76,35 +76,39 @@ class AuthenticationResult(Enum):
            return 'Internal authentication error'

 class Authenticator:
-    def __init__(self, simulate=False):
-        self._simulate = simulate
+    def __init__(self, cfg):
+        self._simulate = cfg.boolean('SIMULATE_AUTH')
        self._backends = set()

+        if self._simulate:
+            return
+
+        self._ldap_uri = cfg.str('LDAP_URI')
+        self._ldap_binddn = cfg.str('LDAP_BINDDN')
+        if self._ldap_uri and self._ldap_binddn:
+            log.info('Initialising LDAP auth backend')
+            self._backends.add(AuthMethod.LDAP_USER_PW)
+            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
+            ldap.set_option(ldap.OPT_REFERRALS, 0)
+
+        file_local_db = cfg.str('LOCAL_USER_DB')
+        if file_local_db:
+            log.info('Initialising local auth backend')
+            self._local_db = dict()
+
+            with open(file_local_db, 'r') as f:
+                for line in f:
+                    line = line.split()
+                    user = line[0]
+                    pwd = line[1].split(':')
+                    self._local_db[user] = pwd
+
+            self._backends.add(AuthMethod.LOCAL_USER_DB)
+
    @property
    def backends(self):
        return self._backends

-    def enable_ldap_backend(self, uri, binddn):
-        self._ldap_uri = uri
-        self._ldap_binddn = binddn
-        self._backends.add(AuthMethod.LDAP_USER_PW)
-
-        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
-        ldap.set_option(ldap.OPT_REFERRALS, 0)
-
-
-    def enable_local_backend(self, filename):
-        self._local_db = dict()
-
-        with open(filename, 'r') as f:
-            for line in f:
-                line = line.split()
-                user = line[0]
-                pwd = line[1].split(':')
-                self._local_db[user] = pwd
-
-        self._backends.add(AuthMethod.LOCAL_USER_DB)
-
    def _try_auth_local(self, user, password):
        if user not in self._local_db:
            return AuthenticationResult.Perm