This repository has been archived by the owner on Apr 9, 2023. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #22 from plone/auth-framework
Rethink how authentication is done
- Loading branch information
Showing
24 changed files
with
346 additions
and
216 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
from plone.server import app_settings | ||
from plone.server.utils import resolve_or_get | ||
|
||
|
||
async def authenticate_request(request): | ||
for policy in app_settings['auth_policies']: | ||
policy = resolve_or_get(policy) | ||
token = await policy(request).extract_token() | ||
if token: | ||
user = await find_user(request, token) | ||
if user: | ||
if await authenticate_user(request, user, token): | ||
return user | ||
|
||
|
||
async def find_user(request, token): | ||
for identifier in app_settings['auth_user_identifiers']: | ||
identifier = resolve_or_get(identifier) | ||
user = await identifier(request).get_user() | ||
if user: | ||
return user | ||
|
||
|
||
async def authenticate_user(request, user, token): | ||
for checker in app_settings['auth_token_checker']: | ||
checker = resolve_or_get(checker) | ||
if await checker(request).validate(user, token): | ||
return True | ||
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
from plone.server.utils import strings_differ | ||
|
||
import hashlib | ||
import uuid | ||
|
||
|
||
def hash_password(password, salt=None): | ||
if salt is None: | ||
salt = uuid.uuid4().hex | ||
|
||
if isinstance(salt, str): | ||
salt = salt.encode('utf-8') | ||
|
||
if isinstance(password, str): | ||
password = password.encode('utf-8') | ||
|
||
hashed_password = hashlib.sha512(password + salt).hexdigest() | ||
return '{}:{}'.format(salt.decode('utf-8'), hashed_password) | ||
|
||
|
||
class SaltedHashPasswordChecker(object): | ||
|
||
def __init__(self, request): | ||
self.request = request | ||
|
||
async def validate(self, user, token): | ||
user_pw = getattr(user, 'password', None) | ||
if (not user_pw or | ||
':' not in user_pw or | ||
'password' not in token): | ||
return False | ||
salt = user.password.split(':')[0] | ||
return not strings_differ(hash_password(token['password'], salt), user_pw) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.