forked from indymedia/epicyon
				
			Check for system account logins via c2s
							parent
							
								
									fdc05e987a
								
							
						
					
					
						commit
						99abc1f1f4
					
				
							
								
								
									
										18
									
								
								auth.py
								
								
								
								
							
							
						
						
									
										18
									
								
								auth.py
								
								
								
								
							|  | @ -11,6 +11,7 @@ import hashlib | ||||||
| import binascii | import binascii | ||||||
| import os | import os | ||||||
| import secrets | import secrets | ||||||
|  | from utils import isSystemAccount | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def hashPassword(password: str) -> str: | def hashPassword(password: str) -> str: | ||||||
|  | @ -85,7 +86,7 @@ def authorizeBasic(baseDir: str, path: str, authHeader: str, | ||||||
|     """ |     """ | ||||||
|     if ' ' not in authHeader: |     if ' ' not in authHeader: | ||||||
|         if debug: |         if debug: | ||||||
|             print('DEBUG: Authorixation header does not ' + |             print('DEBUG: basic auth - Authorixation header does not ' + | ||||||
|                   'contain a space character') |                   'contain a space character') | ||||||
|         return False |         return False | ||||||
|     if '/users/' not in path and \ |     if '/users/' not in path and \ | ||||||
|  | @ -93,23 +94,32 @@ def authorizeBasic(baseDir: str, path: str, authHeader: str, | ||||||
|        '/channel/' not in path and \ |        '/channel/' not in path and \ | ||||||
|        '/profile/' not in path: |        '/profile/' not in path: | ||||||
|         if debug: |         if debug: | ||||||
|             print('DEBUG: Path for Authorization does not contain a user') |             print('DEBUG: basic auth - ' + | ||||||
|  |                   'path for Authorization does not contain a user') | ||||||
|         return False |         return False | ||||||
|     pathUsersSection = path.split('/users/')[1] |     pathUsersSection = path.split('/users/')[1] | ||||||
|     if '/' not in pathUsersSection: |     if '/' not in pathUsersSection: | ||||||
|         if debug: |         if debug: | ||||||
|             print('DEBUG: This is not a users endpoint') |             print('DEBUG: basic auth - this is not a users endpoint') | ||||||
|         return False |         return False | ||||||
|     nicknameFromPath = pathUsersSection.split('/')[0] |     nicknameFromPath = pathUsersSection.split('/')[0] | ||||||
|  |     if isSystemAccount(nicknameFromPath): | ||||||
|  |         print('basic auth - attempted login using system account ' + | ||||||
|  |               nicknameFromPath + ' in path') | ||||||
|  |         return False | ||||||
|     base64Str = \ |     base64Str = \ | ||||||
|         authHeader.split(' ')[1].replace('\n', '').replace('\r', '') |         authHeader.split(' ')[1].replace('\n', '').replace('\r', '') | ||||||
|     plain = base64.b64decode(base64Str).decode('utf-8') |     plain = base64.b64decode(base64Str).decode('utf-8') | ||||||
|     if ':' not in plain: |     if ':' not in plain: | ||||||
|         if debug: |         if debug: | ||||||
|             print('DEBUG: Basic Auth header does not contain a ":" ' + |             print('DEBUG: basic Auth header does not contain a ":" ' + | ||||||
|                   'separator for username:password') |                   'separator for username:password') | ||||||
|         return False |         return False | ||||||
|     nickname = plain.split(':')[0] |     nickname = plain.split(':')[0] | ||||||
|  |     if isSystemAccount(nickname): | ||||||
|  |         print('basic auth - attempted login using system account ' + nickname + | ||||||
|  |               ' in Auth header') | ||||||
|  |         return False | ||||||
|     if nickname != nicknameFromPath: |     if nickname != nicknameFromPath: | ||||||
|         if debug: |         if debug: | ||||||
|             print('DEBUG: Nickname given in the path (' + nicknameFromPath + |             print('DEBUG: Nickname given in the path (' + nicknameFromPath + | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue