Source code for samlab.dashboard.credentials

# Copyright 2018, National Technology & Engineering Solutions of Sandia, LLC
# (NTESS).  Under the terms of Contract DE-NA0003525 with NTESS, the U.S.
# Government retains certain rights in this software.

import logging
import traceback

log = logging.getLogger(__name__)



[docs]class LDAP(object):
    """Check credentials against an LDAP server."""
    def __init__(self, server, user_dn, timeout=5):
        self.server = server
        self.user_dn = user_dn
        self.timeout = timeout

    def __call__(self, authorization):
        if not authorization:
            return False
        try:
            search_dn = self.user_dn.format(authorization.username)
            log.info("Checking credentials for %s with %s.", search_dn, self.server)

            import ldap3
            ldap_server = ldap3.Server(self.server, use_ssl=True)
            connection = ldap3.Connection(ldap_server, user=search_dn, password=authorization.password, receive_timeout=self.timeout)
            if not connection.bind():
                log.warning("Credential check failed.")
                return False
            return True
        except Exception:
            log.error("%s" % traceback.format_exc())
            return False


    def __repr__(self):
        return f"{self.__class__.__module__}.{self.__class__.__name__}(server={self.server!r}, user_dn={self.user_dn!r}, timeout={self.timeout!r})"




[docs]class ExactMatch(object):
    """Allow credentials that match the given username and password."""
    def __init__(self, username="test", password="test"):
        self.username = username
        self.password = password


    def __call__(self, authorization):
        if not authorization:
            return False
        return authorization.username == self.username and authorization.password == self.password


    def __repr__(self):
        return f"{self.__class__.__module__}.{self.__class__.__name__}(username={self.username!r}, password={self.password!r})"




[docs]class ForbidAll(object):
    """Forbid all credentials."""
    def __call__(self, authorization):
        return False


    def __repr__(self):
        return f"{self.__class__.__module__}.{self.__class__.__name__}()"




[docs]class PermitAll(object):
    """Permit all non-empty credentials."""
    def __call__(self, authorization):
        return True if authorization else False


    def __repr__(self):
        return f"{self.__class__.__module__}.{self.__class__.__name__}()"




[docs]class PermitAny(object):
    """Permit any credentials, including empty."""
    def __call__(self, authorization):
        return True


    def __repr__(self):
        return f"{self.__class__.__module__}.{self.__class__.__name__}()"