Commit 08ff644b authored by ale's avatar ale
Browse files

Minor style changes.

Makes the machdb code slightly more readable.
parent 06139f33
import machdb.client.api as mdb
import crypt
import logging
import os
......@@ -7,6 +6,7 @@ import time
import traceback
from sso_server.oath import accept_totp
from sso_server.auth import AuthBase
import machdb.client.api as mdb
log = logging.getLogger(__name__)
......@@ -15,18 +15,18 @@ class _CredentialsCache(dict):
def __init__(self):
self._lock = threading.Lock()
self._data = {'pwcache': {}, 'otpcache': {}, 'grpcache': {}}
self._data = {'pw': {}, 'otp': {}, 'grp': {}}
def update(self, pwcache, otpcache, grpcache, mailcache):
with self._lock:
self._data['pwcache'] = pwcache
self._data['otpcache'] = otpcache
self._data['grpcache'] = grpcache
self._data['mailcache'] = mailcache
self._data['pw'] = pwcache
self._data['otp'] = otpcache
self._data['grp'] = grpcache
self._data['mail'] = mailcache
def get(self, tag):
def get(self, tag, key, default=None):
with self._lock:
return self._data[tag]
return self._data[tag].get(key, default)
class Updater(threading.Thread):
......@@ -60,23 +60,25 @@ class Updater(threading.Thread):
class Auth(AuthBase):
supports_otp = True
def __init__(self, config):
# Make the pyactiveresource logger only report errors.
# Disable debug logging from pyactiveresource.
# Setup MachDB.
# Initialize the MachDB client.
# Setup the cache and start a background thread to update it.
self.auth_cache = _CredentialsCache()
updater = Updater(self.auth_cache)
def authenticate(self, username, password, otp=None):
pwcache = self.auth_cache.get('pwcache')
totp_key = self.auth_cache.get('otpcache').get(username)
if (username in pwcache and
crypt.crypt(password, pwcache[username]) == pwcache[username]):
enc_pw = self.auth_cache.get('pw', username, 'x')
totp_key = self.auth_cache.get('otp', username)
if crypt.crypt(password, enc_pw) == enc_pw:
if totp_key:
ok, drift = accept_totp(totp_key, otp or '', format='dec6',
period=30, forward_drift=2,
......@@ -86,11 +88,10 @@ class Auth(AuthBase):
return False
def match_groups(self, username, groups):
user_groups = self.auth_cache.get('grpcache').get(username, set())
user_groups = self.auth_cache.get('grp', username, set())
return user_groups
def get_user_email(self, username):
mailcache = self.auth_cache.get('mailcache')
return mailcache.get(username)
return self.auth_cache.get('mail', username)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment