Commit 08ff644b authored by ale's avatar ale

Minor style changes.

Makes the machdb code slightly more readable.
parent 06139f33
import machdb.client.api as mdb
import crypt
import logging
import os
......@@ -7,6 +6,7 @@ import time
import traceback
from sso_server.oath import accept_totp
from sso_server.auth import AuthBase
import machdb.client.api as mdb
log = logging.getLogger(__name__)
......@@ -15,18 +15,18 @@ class _CredentialsCache(dict):
def __init__(self):
self._lock = threading.Lock()
self._data = {'pwcache': {}, 'otpcache': {}, 'grpcache': {}}
self._data = {'pw': {}, 'otp': {}, 'grp': {}}
def update(self, pwcache, otpcache, grpcache, mailcache):
with self._lock:
self._data['pwcache'] = pwcache
self._data['otpcache'] = otpcache
self._data['grpcache'] = grpcache
self._data['mailcache'] = mailcache
self._data['pw'] = pwcache
self._data['otp'] = otpcache
self._data['grp'] = grpcache
self._data['mail'] = mailcache
def get(self, tag):
def get(self, tag, key, default=None):
with self._lock:
return self._data[tag]
return self._data[tag].get(key, default)
class Updater(threading.Thread):
......@@ -60,23 +60,25 @@ class Updater(threading.Thread):
class Auth(AuthBase):
supports_otp = True
def __init__(self, config):
# Make the pyactiveresource logger only report errors.
# Disable debug logging from pyactiveresource.
logging.getLogger('pyactiveresource').setLevel(logging.ERROR)
# Setup MachDB.
# Initialize the MachDB client.
mdb.init()
# Setup the cache and start a background thread to update it.
self.auth_cache = _CredentialsCache()
updater = Updater(self.auth_cache)
updater.setDaemon(True)
updater.start()
def authenticate(self, username, password, otp=None):
pwcache = self.auth_cache.get('pwcache')
totp_key = self.auth_cache.get('otpcache').get(username)
if (username in pwcache and
crypt.crypt(password, pwcache[username]) == pwcache[username]):
enc_pw = self.auth_cache.get('pw', username, 'x')
totp_key = self.auth_cache.get('otp', username)
if crypt.crypt(password, enc_pw) == enc_pw:
if totp_key:
ok, drift = accept_totp(totp_key, otp or '', format='dec6',
period=30, forward_drift=2,
......@@ -86,11 +88,10 @@ class Auth(AuthBase):
return False
def match_groups(self, username, groups):
user_groups = self.auth_cache.get('grpcache').get(username, set())
user_groups = self.auth_cache.get('grp', username, set())
user_groups.intersection_update(groups)
return user_groups
def get_user_email(self, username):
mailcache = self.auth_cache.get('mailcache')
return mailcache.get(username)
return self.auth_cache.get('mail', username)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment