12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- import typing
-
- from pyramid.request import Request
- from sqlalchemy.orm.exc import NoResultFound
-
- from tracim_backend import TracimRequest
- from tracim_backend.exceptions import UserDoesNotExist
- from tracim_backend.lib.core.user import UserApi
- from tracim_backend.models import User
-
- BASIC_AUTH_WEBUI_REALM = "tracim"
-
-
- ###
- # Pyramid HTTP Basic Auth
- ###
-
- def basic_auth_check_credentials(
- login: str,
- cleartext_password: str,
- request: TracimRequest
- ) -> typing.Optional[list]:
- """
- Check credential for pyramid basic_auth
- :param login: login of user
- :param cleartext_password: user password in cleartext
- :param request: Pyramid request
- :return: None if auth failed, list of permissions if auth succeed
- """
-
- # Do not accept invalid user
- user = _get_basic_auth_unsafe_user(request)
- if not user \
- or user.email != login \
- or not user.is_active \
- or not user.validate_password(cleartext_password):
- return None
- return []
-
-
- def _get_basic_auth_unsafe_user(
- request: Request,
- ) -> typing.Optional[User]:
- """
- :param request: pyramid request
- :return: User or None
- """
- app_config = request.registry.settings['CFG']
- uapi = UserApi(None, session=request.dbsession, config=app_config)
- try:
- login = request.unauthenticated_userid
- if not login:
- return None
- user = uapi.get_one_by_email(login)
- except UserDoesNotExist:
- return None
- return user
|