import bcrypt
import cherrypy
import time
+import sys
+
from cherrypy import tools
+
class Auth(object):
"""
Provide login and logout actions.
Supported config-keys:
- | KEY | DEFAULT | DESCR |
- --------------------------------------------------------------------------------------------
- | username | None | Username |
- | password | None | Password encrypted using bcrypt |
- | session-expire | 1200 | Session will expire after <expires> seconds without activity |
+ | KEY | DEFAULT | DESCR |
+ ------------------------------------------------------------------------|
+ | username | None | Username |
+ | password | None | Password encrypted using bcrypt |
+ | session-expire | 1200 | Session will expire after <expires> |
+ | | seconds without activity |
"""
SESSION_KEY = '_username'
DEFAULT_SESSION_EXPIRE = 1200
+ @staticmethod
+ def password_hash(password, salt_password=None):
+ if not salt_password:
+ salt_password = bcrypt.gensalt()
+ if sys.version_info > (3, 0):
+ return bcrypt.hashpw(password, salt_password)
+ else:
+ return bcrypt.hashpw(password.encode('utf8'), salt_password)
+
def __init__(self, module):
self.module = module
self.log = self.module.log
now = int(time.time())
config_username = self.module.get_localized_config('username', None)
config_password = self.module.get_localized_config('password', None)
- hash_password = bcrypt.hashpw(password.encode('utf8'), config_password)
+ hash_password = Auth.password_hash(password,
+ config_password)
if username == config_username and hash_password == config_password:
cherrypy.session.regenerate()
cherrypy.session[Auth.SESSION_KEY] = username
username = cherrypy.session.get(Auth.SESSION_KEY)
if not username:
self.log.debug("Unauthorized")
- raise cherrypy.HTTPError(401,
- 'You are not authorized to access that resource')
+ raise cherrypy.HTTPError(401, 'You are not authorized to access '
+ 'that resource')
now = int(time.time())
- expires = int(self.module.get_localized_config('session-expire', Auth.DEFAULT_SESSION_EXPIRE))
+ expires = int(self.module.get_localized_config(
+ 'session-expire',
+ Auth.DEFAULT_SESSION_EXPIRE))
if expires > 0:
username_ts = cherrypy.session.get(Auth.SESSION_KEY_TS, None)
if username_ts and username_ts < now - expires:
cherrypy.session[Auth.SESSION_KEY_TS] = None
self.log.debug("Session expired.")
raise cherrypy.HTTPError(401,
- 'Session expired. You are not authorized to access that resource')
+ 'Session expired. You are not '
+ 'authorized to access that resource')
cherrypy.session[Auth.SESSION_KEY_TS] = now
# -*- coding: utf-8 -*-
-
"""
openATTIC mgr plugin (based on CherryPy)
"""
+from __future__ import absolute_import
+
-import bcrypt
import os
import cherrypy
from cherrypy import tools
-from auth import Auth
+from .auth import Auth
from mgr_module import MgrModule
'server.socket_port': int(server_port),
})
auth = Auth(self)
- cherrypy.tools.autenticate = cherrypy.Tool('before_handler', auth.check_auth)
+ cherrypy.tools.autenticate = cherrypy.Tool('before_handler',
+ auth.check_auth)
noauth_required_config = {
'/': {
'tools.autenticate.on': False,
}
}
cherrypy.tree.mount(auth, "/api/auth", config=noauth_required_config)
- cherrypy.tree.mount(Module.HelloWorld(self), "/api/hello", config=auth_required_config)
+ cherrypy.tree.mount(Module.HelloWorld(self), "/api/hello",
+ config=auth_required_config)
cherrypy.engine.start()
self.log.info("Waiting for engine...")
cherrypy.engine.block()
def handle_command(self, cmd):
if cmd['prefix'] == 'dashboard set-login-credentials':
self.set_localized_config('username', cmd['username'])
- hashed_passwd = bcrypt.hashpw(cmd['password'], bcrypt.gensalt())
+ hashed_passwd = Auth.password_hash(cmd['password'])
self.set_localized_config('password', hashed_passwd)
return 0, 'Username and password updated', ''
else:
projects / ceph-ci.git / commitdiff