import time
-import bcrypt
import cherrypy
from . import ApiController, RESTController
-from .. import logger, mgr
+from .. import logger
from ..exceptions import DashboardException
+from ..services.auth import AuthManager
from ..tools import Session
| KEY | DEFAULT | DESCR |
------------------------------------------------------------------------|
- | username | None | Username |
- | password | None | Password encrypted using bcrypt |
| session-expire | 1200 | Session will expire after <expires> |
| | seconds without activity |
"""
def create(self, username, password, stay_signed_in=False):
now = time.time()
- config_username = mgr.get_config('username', None)
- config_password = mgr.get_config('password', None)
- hash_password = Auth.password_hash(password,
- config_password)
- if username == config_username and hash_password == config_password:
+ if AuthManager.authenticate(username, password):
cherrypy.session.regenerate()
cherrypy.session[Session.USERNAME] = username
cherrypy.session[Session.TS] = now
logger.debug('Login successful')
return {'username': username}
- if config_username is None:
- logger.warning('No Credentials configured. Need to call `ceph dashboard '
- 'set-login-credentials <username> <password>` first.')
- else:
- logger.debug('Login failed')
+ logger.debug('Login failed')
raise DashboardException(msg='Invalid credentials',
code='invalid_credentials',
component='auth')
logger.debug('Logout successful')
cherrypy.session[Session.USERNAME] = None
cherrypy.session[Session.TS] = None
-
- @staticmethod
- def password_hash(password, salt_password=None):
- if not salt_password:
- salt_password = bcrypt.gensalt()
- else:
- salt_password = salt_password.encode('utf8')
- return bcrypt.hashpw(password.encode('utf8'), salt_password).decode('utf8')
-
- @staticmethod
- def check_auth():
- username = cherrypy.session.get(Session.USERNAME)
- if not username:
- logger.debug('Unauthorized access to %s',
- cherrypy.url(relative='server'))
- raise cherrypy.HTTPError(401, 'You are not authorized to access '
- 'that resource')
- now = time.time()
- expires = float(mgr.get_config(
- 'session-expire', Session.DEFAULT_EXPIRE))
- if expires > 0:
- username_ts = cherrypy.session.get(Session.TS, None)
- if username_ts and float(username_ts) < (now - expires):
- cherrypy.session[Session.USERNAME] = None
- cherrypy.session[Session.TS] = None
- logger.debug('Session expired')
- raise cherrypy.HTTPError(401,
- 'Session expired. You are not '
- 'authorized to access that resource')
- cherrypy.session[Session.TS] = now
-
- @staticmethod
- def set_login_credentials(username, password):
- mgr.set_config('username', username)
- hashed_passwd = Auth.password_hash(password)
- mgr.set_config('password', hashed_passwd)
# pylint: disable=wrong-import-position
from . import logger, mgr
from .controllers import generate_routes, json_error_page
-from .controllers.auth import Auth
from .tools import SessionExpireAtBrowserCloseTool, NotificationQueue, \
RequestLoggingTool, TaskManager
-from .services.auth import AuthManager
+from .services.auth import AuthManager, AuthManagerTool
from .services.access_control import ACCESS_CONTROL_COMMANDS, \
handle_access_control_command
from .services.exception import dashboard_exception_handler
server_port)
# Initialize custom handlers.
- cherrypy.tools.authenticate = cherrypy.Tool('before_handler', Auth.check_auth)
+ cherrypy.tools.authenticate = AuthManagerTool()
cherrypy.tools.session_expire_at_browser_close = SessionExpireAtBrowserCloseTool()
cherrypy.tools.request_logging = RequestLoggingTool()
cherrypy.tools.dashboard_exception_handler = HandlerWrapperTool(dashboard_exception_handler,
"""
COMMANDS = [
- {
- 'cmd': 'dashboard set-login-credentials '
- 'name=username,type=CephString '
- 'name=password,type=CephString',
- 'desc': 'Set the login credentials',
- 'perm': 'w'
- },
{
'cmd': 'dashboard set-session-expire '
'name=seconds,type=CephInt',
res = handle_access_control_command(cmd)
if res[0] != -errno.ENOSYS:
return res
- if cmd['prefix'] == 'dashboard set-login-credentials':
- Auth.set_login_credentials(cmd['username'], cmd['password'])
- return 0, 'Username and password updated', ''
elif cmd['prefix'] == 'dashboard set-session-expire':
self.set_config('session-expire', str(cmd['seconds']))
return 0, 'Session expiration timeout updated', ''
from .. import logger
from ..controllers import json_error_page, generate_controller_routes
-from ..controllers.auth import Auth
+from ..services.auth import AuthManagerTool
from ..services.exception import dashboard_exception_handler
from ..tools import SessionExpireAtBrowserCloseTool
base_url: {'request.dispatch': mapper}})
def __init__(self, *args, **kwargs):
- cherrypy.tools.authenticate = cherrypy.Tool('before_handler', Auth.check_auth)
+ cherrypy.tools.authenticate = AuthManagerTool()
cherrypy.tools.session_expire_at_browser_close = SessionExpireAtBrowserCloseTool()
cherrypy.tools.dashboard_exception_handler = HandlerWrapperTool(dashboard_exception_handler,
priority=31)
projects / ceph.git / commitdiff