mirror of
https://github.com/binary-kitchen/doorlockd
synced 2024-12-22 10:24:26 +01:00
Authenticator: automatically choose authentication backend
and test other backends, if one fails. Written-by: Rudolf Mayerhofer <rm@eightyfive.net> Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> [ralf: also remove the authentication method from any other code path]
This commit is contained in:
parent
90ea795c1b
commit
eaf2537d83
@ -102,14 +102,10 @@ class Authenticator:
|
|||||||
if self._simulate:
|
if self._simulate:
|
||||||
log.info('SIMULATION MODE! ACCEPTING ANYTHING!')
|
log.info('SIMULATION MODE! ACCEPTING ANYTHING!')
|
||||||
return DoorlockResponse.Success
|
return DoorlockResponse.Success
|
||||||
|
if AuthMethod.LDAP_USER_PW in self._backends:
|
||||||
method = credentials[0]
|
retval = self._try_auth_ldap(credentials[0], credentials[1])
|
||||||
if method not in self._backends:
|
if retval == DoorlockResponse.Success:
|
||||||
return DoorlockResponse.InternalError
|
return retval
|
||||||
|
if AuthMethod.LOCAL_USER_DB in self._backends:
|
||||||
if method == AuthMethod.LDAP_USER_PW:
|
return self._try_auth_local(credentials[0], credentials[1])
|
||||||
return self._try_auth_ldap(credentials[1], credentials[2])
|
return DoorlockResponse.Perm
|
||||||
elif method == AuthMethod.LOCAL_USER_DB:
|
|
||||||
return self._try_auth_local(credentials[1], credentials[2])
|
|
||||||
|
|
||||||
return DoorlockResponse.InternalError
|
|
||||||
|
@ -45,7 +45,6 @@ def emit_doorstate(response=None):
|
|||||||
class AuthenticationForm(FlaskForm):
|
class AuthenticationForm(FlaskForm):
|
||||||
username = StringField('Username', [Length(min=3, max=25)])
|
username = StringField('Username', [Length(min=3, max=25)])
|
||||||
password = PasswordField('Password', [DataRequired()])
|
password = PasswordField('Password', [DataRequired()])
|
||||||
method = StringField('Method', [DataRequired()])
|
|
||||||
open = SubmitField('Open')
|
open = SubmitField('Open')
|
||||||
present = SubmitField('Present')
|
present = SubmitField('Present')
|
||||||
close = SubmitField('Close')
|
close = SubmitField('Close')
|
||||||
@ -63,11 +62,6 @@ class AuthenticationForm(FlaskForm):
|
|||||||
elif self.present.data:
|
elif self.present.data:
|
||||||
self.desired_state = DoorState.Present
|
self.desired_state = DoorState.Present
|
||||||
|
|
||||||
if self.method.data == 'Local':
|
|
||||||
self.method = AuthMethod.LOCAL_USER_DB
|
|
||||||
else: # default: use LDAP
|
|
||||||
self.method = AuthMethod.LDAP_USER_PW
|
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
@ -98,16 +92,10 @@ def api():
|
|||||||
json['status'] = logic.state.value
|
json['status'] = logic.state.value
|
||||||
return jsonify(json)
|
return jsonify(json)
|
||||||
|
|
||||||
method = request.form.get('method')
|
|
||||||
user = request.form.get('user')
|
user = request.form.get('user')
|
||||||
password = request.form.get('pass')
|
password = request.form.get('pass')
|
||||||
command = request.form.get('command')
|
command = request.form.get('command')
|
||||||
|
|
||||||
if method == 'local':
|
|
||||||
method = AuthMethod.LOCAL_USER_DB
|
|
||||||
else: # 'ldap' or default
|
|
||||||
method = AuthMethod.LDAP_USER_PW
|
|
||||||
|
|
||||||
if any(v is None for v in [user, password, command]):
|
if any(v is None for v in [user, password, command]):
|
||||||
log.warning('Incomplete API request')
|
log.warning('Incomplete API request')
|
||||||
abort(400)
|
abort(400)
|
||||||
@ -117,7 +105,7 @@ def api():
|
|||||||
return json_response(DoorlockResponse.Inval,
|
return json_response(DoorlockResponse.Inval,
|
||||||
'Invalid username or password format')
|
'Invalid username or password format')
|
||||||
|
|
||||||
credentials = method, user, password
|
credentials = user, password
|
||||||
|
|
||||||
if command == 'status':
|
if command == 'status':
|
||||||
return json_response(logic.auth.try_auth(credentials))
|
return json_response(logic.auth.try_auth(credentials))
|
||||||
@ -143,11 +131,9 @@ def home():
|
|||||||
if request.method == 'POST' and authentication_form.validate():
|
if request.method == 'POST' and authentication_form.validate():
|
||||||
user = authentication_form.username.data
|
user = authentication_form.username.data
|
||||||
password = authentication_form.password.data
|
password = authentication_form.password.data
|
||||||
method = authentication_form.method
|
credentials = user, password
|
||||||
credentials = method, user, password
|
|
||||||
|
|
||||||
log.info('Incoming request from %s' % user.encode('utf-8'))
|
log.info('Incoming request from %s' % user.encode('utf-8'))
|
||||||
log.info(' authentication method: %s' % method)
|
|
||||||
desired_state = authentication_form.desired_state
|
desired_state = authentication_form.desired_state
|
||||||
log.info(' desired state: %s' % desired_state)
|
log.info(' desired state: %s' % desired_state)
|
||||||
log.info(' current state: %s' % logic.state)
|
log.info(' current state: %s' % logic.state)
|
||||||
@ -159,7 +145,6 @@ def home():
|
|||||||
|
|
||||||
return render_template('index.html',
|
return render_template('index.html',
|
||||||
authentication_form=authentication_form,
|
authentication_form=authentication_form,
|
||||||
auth_backends=logic.auth.backends,
|
|
||||||
response=response,
|
response=response,
|
||||||
state_text=str(logic.state),
|
state_text=str(logic.state),
|
||||||
led=logic.state.to_img(),
|
led=logic.state.to_img(),
|
||||||
|
@ -23,14 +23,6 @@
|
|||||||
<label class="control-label" for="password">Password</label>
|
<label class="control-label" for="password">Password</label>
|
||||||
<input class="form-control" id="password" name="password" required type="password" value="">
|
<input class="form-control" id="password" name="password" required type="password" value="">
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
|
||||||
<label for="method">Authentication method</label>
|
|
||||||
<select name="method" id="method" class="form-control">
|
|
||||||
{% for backend in auth_backends %}
|
|
||||||
<option>{{ backend }}</option>
|
|
||||||
{% endfor %}
|
|
||||||
</select>
|
|
||||||
</div>
|
|
||||||
<input class="btn btn-success btn-lg btn-block" id="open" name="open" type="submit" value="Open">
|
<input class="btn btn-success btn-lg btn-block" id="open" name="open" type="submit" value="Open">
|
||||||
<input class="btn btn-warning btn-lg btn-block" id="present" name="present" type="submit" value="Present">
|
<input class="btn btn-warning btn-lg btn-block" id="present" name="present" type="submit" value="Present">
|
||||||
<input class="btn btn-danger btn-lg btn-block" id="close" name="close" type="submit" value="Close">
|
<input class="btn btn-danger btn-lg btn-block" id="close" name="close" type="submit" value="Close">
|
||||||
|
Loading…
Reference in New Issue
Block a user