From eaf2537d83e0d3c74b8ae62f913d88f1d54c5963 Mon Sep 17 00:00:00 2001 From: Ralf Ramsauer Date: Tue, 27 Nov 2018 08:40:23 +0100 Subject: [PATCH] Authenticator: automatically choose authentication backend and test other backends, if one fails. Written-by: Rudolf Mayerhofer Signed-off-by: Ralf Ramsauer [ralf: also remove the authentication method from any other code path] --- pydoorlock/Authenticator.py | 18 +++++++----------- pydoorlock/WebApp.py | 19 ++----------------- share/doorlockd/templates/index.html | 8 -------- 3 files changed, 9 insertions(+), 36 deletions(-) diff --git a/pydoorlock/Authenticator.py b/pydoorlock/Authenticator.py index 9c4807c..dfe732d 100644 --- a/pydoorlock/Authenticator.py +++ b/pydoorlock/Authenticator.py @@ -102,14 +102,10 @@ class Authenticator: if self._simulate: log.info('SIMULATION MODE! ACCEPTING ANYTHING!') return DoorlockResponse.Success - - method = credentials[0] - if method not in self._backends: - return DoorlockResponse.InternalError - - if method == AuthMethod.LDAP_USER_PW: - return self._try_auth_ldap(credentials[1], credentials[2]) - elif method == AuthMethod.LOCAL_USER_DB: - return self._try_auth_local(credentials[1], credentials[2]) - - return DoorlockResponse.InternalError + if AuthMethod.LDAP_USER_PW in self._backends: + retval = self._try_auth_ldap(credentials[0], credentials[1]) + if retval == DoorlockResponse.Success: + return retval + if AuthMethod.LOCAL_USER_DB in self._backends: + return self._try_auth_local(credentials[0], credentials[1]) + return DoorlockResponse.Perm diff --git a/pydoorlock/WebApp.py b/pydoorlock/WebApp.py index 1dbca4f..b1c3046 100644 --- a/pydoorlock/WebApp.py +++ b/pydoorlock/WebApp.py @@ -45,7 +45,6 @@ def emit_doorstate(response=None): class AuthenticationForm(FlaskForm): username = StringField('Username', [Length(min=3, max=25)]) password = PasswordField('Password', [DataRequired()]) - method = StringField('Method', [DataRequired()]) open = SubmitField('Open') present = SubmitField('Present') close = SubmitField('Close') @@ -63,11 +62,6 @@ class AuthenticationForm(FlaskForm): elif self.present.data: self.desired_state = DoorState.Present - if self.method.data == 'Local': - self.method = AuthMethod.LOCAL_USER_DB - else: # default: use LDAP - self.method = AuthMethod.LDAP_USER_PW - return True @@ -98,16 +92,10 @@ def api(): json['status'] = logic.state.value return jsonify(json) - method = request.form.get('method') user = request.form.get('user') password = request.form.get('pass') command = request.form.get('command') - if method == 'local': - method = AuthMethod.LOCAL_USER_DB - else: # 'ldap' or default - method = AuthMethod.LDAP_USER_PW - if any(v is None for v in [user, password, command]): log.warning('Incomplete API request') abort(400) @@ -117,7 +105,7 @@ def api(): return json_response(DoorlockResponse.Inval, 'Invalid username or password format') - credentials = method, user, password + credentials = user, password if command == 'status': return json_response(logic.auth.try_auth(credentials)) @@ -143,11 +131,9 @@ def home(): if request.method == 'POST' and authentication_form.validate(): user = authentication_form.username.data password = authentication_form.password.data - method = authentication_form.method - credentials = method, user, password + credentials = user, password log.info('Incoming request from %s' % user.encode('utf-8')) - log.info(' authentication method: %s' % method) desired_state = authentication_form.desired_state log.info(' desired state: %s' % desired_state) log.info(' current state: %s' % logic.state) @@ -159,7 +145,6 @@ def home(): return render_template('index.html', authentication_form=authentication_form, - auth_backends=logic.auth.backends, response=response, state_text=str(logic.state), led=logic.state.to_img(), diff --git a/share/doorlockd/templates/index.html b/share/doorlockd/templates/index.html index 041b680..6a8e16d 100644 --- a/share/doorlockd/templates/index.html +++ b/share/doorlockd/templates/index.html @@ -23,14 +23,6 @@ -
- - -