Loading lib/Authentication.py +13 −4 Original line number Diff line number Diff line Loading @@ -8,13 +8,15 @@ # Copyright (c) 2016 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Imports import sys import datetime import importlib import os import sys import uuid runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import importlib import lib.DatabaseLayer as db from lib.Config import Configuration as conf from lib.Singleton import Singleton Loading @@ -30,9 +32,10 @@ class AuthenticationMethod: return WRONG_CREDS class AuthenticationHandler(metaclass=Singleton): def __init__(self): def __init__(self, **kwargs): self.methods = [] self._load_methods() self.api_sessions = {} def _load_methods(self): self.methods = [] Loading Loading @@ -83,3 +86,9 @@ class AuthenticationHandler(metaclass=Singleton): # so we check the user against the local database. return db.verifyUser(user, password) def new_api_session(self, user): self.api_sessions[user] = (uuid.uuid4().hex, datetime.datetime.now()) return self.api_sessions[user][0] def get_api_session(self, user, extend=True): return self.api_sessions.get(user) web/advanced_api.py +22 −4 Original line number Diff line number Diff line Loading @@ -48,6 +48,8 @@ class Advanced_API(API): {'r': '/api/admin/blacklist/remove', 'm': ['PUT'], 'f': self.api_admin_remove_blacklist}, {'r': '/api/admin/get_token', 'm': ['GET'], 'f': self.api_admin_get_token}, {'r': '/api/admin/new_token', 'm': ['GET'], 'f': self.api_admin_generate_token}, {'r': '/api/admin/get_session', 'm': ['GET'], 'f': self.api_admin_get_session}, {'r': '/api/admin/start_session', 'm': ['GET'], 'f': self.api_admin_start_session}, {'r': '/api/admin/updatedb', 'm': ['GET'], 'f': self.api_update_db}] for route in routes: self.addRoute(route) Loading @@ -68,16 +70,20 @@ class Advanced_API(API): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token']: if method.lower() not in ['basic', 'token', 'session']: data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400) else: try: authenticated = False if method.lower() == 'basic': authenticator = AuthenticationHandler() if not authenticator.validateUser(name, token): data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) # data = ({'status': 'error', 'reason': 'Authorization method not yet implemented'}, 501) if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'token': if not db.getToken(name) == token: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) if db.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True if not authenticated: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) except Exception as e: print(e) data = ({'status': 'error', 'reason': 'Malformed Authentication String'}, 400) Loading Loading @@ -157,6 +163,18 @@ class Advanced_API(API): method, name, key = Advanced_API.getAuth() return db.generateToken(name) @token_required def api_admin_get_session(self): method, name, key = Advanced_API.getAuth() _session = AuthenticationHandler().get_api_session(name) if not _session: raise(APIError("Session not started", 412)) return _session @token_required def api_admin_start_session(self): method, name, key = Advanced_API.getAuth() return AuthenticationHandler().new_api_session(name) @token_required def api_update_db(self): process = subprocess.Popen([sys.executable, os.path.join(_runPath, "../sbin/db_updater.py"), "-civ"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) Loading Loading
lib/Authentication.py +13 −4 Original line number Diff line number Diff line Loading @@ -8,13 +8,15 @@ # Copyright (c) 2016 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Imports import sys import datetime import importlib import os import sys import uuid runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import importlib import lib.DatabaseLayer as db from lib.Config import Configuration as conf from lib.Singleton import Singleton Loading @@ -30,9 +32,10 @@ class AuthenticationMethod: return WRONG_CREDS class AuthenticationHandler(metaclass=Singleton): def __init__(self): def __init__(self, **kwargs): self.methods = [] self._load_methods() self.api_sessions = {} def _load_methods(self): self.methods = [] Loading Loading @@ -83,3 +86,9 @@ class AuthenticationHandler(metaclass=Singleton): # so we check the user against the local database. return db.verifyUser(user, password) def new_api_session(self, user): self.api_sessions[user] = (uuid.uuid4().hex, datetime.datetime.now()) return self.api_sessions[user][0] def get_api_session(self, user, extend=True): return self.api_sessions.get(user)
web/advanced_api.py +22 −4 Original line number Diff line number Diff line Loading @@ -48,6 +48,8 @@ class Advanced_API(API): {'r': '/api/admin/blacklist/remove', 'm': ['PUT'], 'f': self.api_admin_remove_blacklist}, {'r': '/api/admin/get_token', 'm': ['GET'], 'f': self.api_admin_get_token}, {'r': '/api/admin/new_token', 'm': ['GET'], 'f': self.api_admin_generate_token}, {'r': '/api/admin/get_session', 'm': ['GET'], 'f': self.api_admin_get_session}, {'r': '/api/admin/start_session', 'm': ['GET'], 'f': self.api_admin_start_session}, {'r': '/api/admin/updatedb', 'm': ['GET'], 'f': self.api_update_db}] for route in routes: self.addRoute(route) Loading @@ -68,16 +70,20 @@ class Advanced_API(API): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token']: if method.lower() not in ['basic', 'token', 'session']: data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400) else: try: authenticated = False if method.lower() == 'basic': authenticator = AuthenticationHandler() if not authenticator.validateUser(name, token): data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) # data = ({'status': 'error', 'reason': 'Authorization method not yet implemented'}, 501) if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'token': if not db.getToken(name) == token: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) if db.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True if not authenticated: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) except Exception as e: print(e) data = ({'status': 'error', 'reason': 'Malformed Authentication String'}, 400) Loading Loading @@ -157,6 +163,18 @@ class Advanced_API(API): method, name, key = Advanced_API.getAuth() return db.generateToken(name) @token_required def api_admin_get_session(self): method, name, key = Advanced_API.getAuth() _session = AuthenticationHandler().get_api_session(name) if not _session: raise(APIError("Session not started", 412)) return _session @token_required def api_admin_start_session(self): method, name, key = Advanced_API.getAuth() return AuthenticationHandler().new_api_session(name) @token_required def api_update_db(self): process = subprocess.Popen([sys.executable, os.path.join(_runPath, "../sbin/db_updater.py"), "-civ"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) Loading
