5
from base64 import urlsafe_b64encode as encode
6
from base64 import urlsafe_b64decode as decode
8
from pylons import request, response, session, tmpl_context as c, url
9
from pylons.controllers.util import abort, redirect
10
from pylons.decorators.rest import restrict
11
from ocsmanager.model import AuthenticateModel
13
from ocsmanager.lib.base import BaseController, render
15
log = logging.getLogger(__name__)
17
class AuthenticateController(BaseController):
19
def _auth_abort(self, code, message):
22
return render('/error.xml')
26
""" Return a session token, one-time hash and password hash
29
# Ensure Content-type is text/xml
30
if request.headers.get("Content-Type", "").startswith("text/xml") is False:
31
return self._auth_abort(417, 'Invalid Parameter')
33
# Retrieve request XML body
34
payload = request.body
36
log.error('Empty payload in auth:token()')
37
return self._auth_abort(417, 'Invalid Parameter')
39
# Retrieve the salt from the model
40
authModel = AuthenticateModel.AuthenticateModel()
41
login = authModel.getTokenLogin(payload)
43
return self._auth_abort(417, 'Invalid Parameter')
45
salt = authModel.getTokenLoginSalt(login)
47
log.debug('Invalid user %s', login)
48
salt = encode(hashlib.sha1(os.urandom(4)).digest())
50
session['token'] = encode(hashlib.sha1(os.urandom(8)).digest())
51
session['token_salt'] = encode(hashlib.sha1(os.urandom(8)).digest())
52
session['salt'] = salt
53
session['login'] = login
56
c.token_salt = session['token_salt']
59
response.set_cookie('token', session['token'])
60
response.headers['content-type'] = 'text/xml; charset=utf-8'
61
return render('/token.xml')
65
"""Authenticate the user on ocsmanager.
68
if not "ocsmanager" in request.cookies: return self._auth_abort(403, 'Invalid Session')
69
if not "token" in session: return self._auth_abort(403, 'Invalid Session')
70
if not "token" in request.cookies: return self._auth_abort(403, 'Invalid Token')
71
if request.cookies.get('token') != session['token']: return self._auth_abort(403, 'Invalid Token')
72
if not "login" in session: return self._auth_abort(403, 'Invalid Session')
74
payload = request.body
76
log.error('Empty payload in auth:login()')
77
return self._auth_abort(417, 'Invalid Parameter')
79
authModel = AuthenticateModel.AuthenticateModel()
80
(error, msg) = authModel.verifyPassword(session['login'], session['token_salt'], session['salt'], payload)
82
response.delete_cookie('token')
83
session['token'] = None
84
return self._auth_abort(401, 'Invalid credentials')
86
# Authentication was successful, remove auth token - no longer needed
87
session['token'] = None
88
response.delete_cookie('token')
89
session['tokenLogin'] = hashlib.sha1(os.urandom(8)).hexdigest()
91
c.tokenLogin = encode(session['tokenLogin'])
93
return render('/login.xml')