mirror of https://gitlab.com/bashrc2/epicyon
Generate tokens for shared item federation
parent
5ce777eb1b
commit
cf9bffbed7
63
auth.py
63
auth.py
|
|
@ -132,9 +132,10 @@ def authorizeBasic(baseDir: str, path: str, authHeader: str,
|
||||||
print('DEBUG: passwords file missing')
|
print('DEBUG: passwords file missing')
|
||||||
return False
|
return False
|
||||||
providedPassword = plain.split(':')[1]
|
providedPassword = plain.split(':')[1]
|
||||||
passfile = open(passwordFile, 'r')
|
with open(passwordFile, 'r') as passfile:
|
||||||
for line in passfile:
|
for line in passfile:
|
||||||
if line.startswith(nickname + ':'):
|
if not line.startswith(nickname + ':'):
|
||||||
|
continue
|
||||||
storedPassword = \
|
storedPassword = \
|
||||||
line.split(':')[1].replace('\n', '').replace('\r', '')
|
line.split(':')[1].replace('\n', '').replace('\r', '')
|
||||||
success = _verifyPassword(storedPassword, providedPassword)
|
success = _verifyPassword(storedPassword, providedPassword)
|
||||||
|
|
@ -147,6 +148,37 @@ def authorizeBasic(baseDir: str, path: str, authHeader: str,
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def generateSharedItemFederationTokens(sharedItemsFederatedDomains: [],
|
||||||
|
baseDir: str) -> None:
|
||||||
|
"""Generates tokens for shared item federated domains
|
||||||
|
"""
|
||||||
|
if not sharedItemsFederatedDomains:
|
||||||
|
return
|
||||||
|
tokensFile = baseDir + '/accounts/sharedItemsFederationTokens'
|
||||||
|
if not os.path.isfile(tokensFile):
|
||||||
|
with open(tokensFile, 'w+') as fp:
|
||||||
|
fp.write('')
|
||||||
|
tokens = []
|
||||||
|
with open(tokensFile, 'r') as fp:
|
||||||
|
tokens = fp.read().split('\n')
|
||||||
|
tokensAdded = False
|
||||||
|
for domain in sharedItemsFederatedDomains:
|
||||||
|
domainFound = False
|
||||||
|
for line in tokens:
|
||||||
|
if line.startswith(domain + ':'):
|
||||||
|
domainFound = True
|
||||||
|
break
|
||||||
|
if not domainFound:
|
||||||
|
newLine = domain + ':' + createPassword(64)
|
||||||
|
tokens.append(newLine)
|
||||||
|
tokensAdded = True
|
||||||
|
if not tokensAdded:
|
||||||
|
return
|
||||||
|
with open(tokensFile, 'w+') as fp:
|
||||||
|
for line in tokens:
|
||||||
|
fp.write(line + '\n')
|
||||||
|
|
||||||
|
|
||||||
def authorizeDFC(sharedItemsFederatedDomains: [],
|
def authorizeDFC(sharedItemsFederatedDomains: [],
|
||||||
baseDir: str,
|
baseDir: str,
|
||||||
callingDomain: str,
|
callingDomain: str,
|
||||||
|
|
@ -179,26 +211,27 @@ def authorizeDFC(sharedItemsFederatedDomains: [],
|
||||||
'the one in the Authorization header (' +
|
'the one in the Authorization header (' +
|
||||||
basicAuthDomain + ')')
|
basicAuthDomain + ')')
|
||||||
return False
|
return False
|
||||||
passwordFile = baseDir + '/accounts/sharedItemsFederationTokens'
|
tokensFile = baseDir + '/accounts/sharedItemsFederationTokens'
|
||||||
if not os.path.isfile(passwordFile):
|
if not os.path.isfile(tokensFile):
|
||||||
if debug:
|
if debug:
|
||||||
print('DEBUG: shared item federation tokens file missing ' +
|
print('DEBUG: shared item federation tokens file missing ' +
|
||||||
passwordFile)
|
tokensFile)
|
||||||
return False
|
return False
|
||||||
providedPassword = plain.split(':')[1]
|
providedToken = plain.split(':')[1]
|
||||||
passfile = open(passwordFile, 'r')
|
with open(tokensFile, 'r') as tokfile:
|
||||||
for line in passfile:
|
for line in tokfile:
|
||||||
if line.startswith(basicAuthDomain + ':'):
|
if not line.startswith(basicAuthDomain + ':'):
|
||||||
storedPassword = \
|
continue
|
||||||
|
storedToken = \
|
||||||
line.split(':')[1].replace('\n', '').replace('\r', '')
|
line.split(':')[1].replace('\n', '').replace('\r', '')
|
||||||
success = _verifyPassword(storedPassword, providedPassword)
|
success = _verifyPassword(storedToken, providedToken)
|
||||||
if not success:
|
if not success:
|
||||||
if debug:
|
if debug:
|
||||||
print('DEBUG: DFC password check failed for ' +
|
print('DEBUG: DFC token check failed for ' +
|
||||||
basicAuthDomain)
|
basicAuthDomain)
|
||||||
return success
|
return success
|
||||||
print('DEBUG: DFC did not find credentials for ' + basicAuthDomain +
|
print('DEBUG: DFC did not find token for ' + basicAuthDomain +
|
||||||
' in ' + passwordFile)
|
' in ' + tokensFile)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -103,6 +103,7 @@ from skills import noOfActorSkills
|
||||||
from skills import actorHasSkill
|
from skills import actorHasSkill
|
||||||
from skills import actorSkillValue
|
from skills import actorSkillValue
|
||||||
from skills import setActorSkillLevel
|
from skills import setActorSkillLevel
|
||||||
|
from auth import generateSharedItemFederationTokens
|
||||||
from auth import recordLoginFailure
|
from auth import recordLoginFailure
|
||||||
from auth import authorize
|
from auth import authorize
|
||||||
from auth import authorizeDFC
|
from auth import authorizeDFC
|
||||||
|
|
@ -15210,6 +15211,10 @@ def runDaemon(sharedItemsFederatedDomains: [],
|
||||||
httpd.iconsCache = {}
|
httpd.iconsCache = {}
|
||||||
httpd.fontsCache = {}
|
httpd.fontsCache = {}
|
||||||
|
|
||||||
|
# create tokens used for shared item federation
|
||||||
|
generateSharedItemFederationTokens(httpd.sharedItemsFederatedDomains,
|
||||||
|
baseDir)
|
||||||
|
|
||||||
# load peertube instances from file into a list
|
# load peertube instances from file into a list
|
||||||
httpd.peertubeInstances = []
|
httpd.peertubeInstances = []
|
||||||
loadPeertubeInstances(baseDir, httpd.peertubeInstances)
|
loadPeertubeInstances(baseDir, httpd.peertubeInstances)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue