cookieauth.py
Go to the documentation of this file.
1 #! /usr/bin/env python
2 
3 """
4 usage: %(progname)s [args]
5 """
6 
7 
8 import os, sys, string, time, getopt
9 from pyclearsilver.log import *
10 
11 #import fcrypt as crypt
12 import crypt
13 
14 import config
15 
16 import browserauth
17 
18 def _createCheckVal(username, issued_at, pw_hash, vcode):
19  now = int(time.time())
20  checkval = "%s:%s" % (username, now)
21  realcheckval = "%s:%s:%s" % (checkval, pw_hash, vcode)
22  checkval_hash = crypt.crypt(realcheckval,config.gAuthSalt)
23  checkval_hash = checkval_hash[2:]
24  return checkval, checkval_hash
25 
26 
27 # -------------------------------
28 # issueLoginCookie
29 #
30 # format: "login:issued_at_time_t:hash(pw_hash+issued_at_time_t)"
31 # ex: "V1/jeske:2123123:AS132dd12"
32 
33 def generateCookie(username, pw_hash):
34  now = int(time.time())
35  checkval, checkval_hash = _createCheckVal(username, now, pw_hash, config.gAuthVCode)
36  cookie = "V1/%s=%s" % (checkval,checkval_hash)
37 
38  return cookie
39 
40 def getDomain(hdf):
41  hostname = hdf.getValue("HTTP.Host", "")
42  parts = hostname.split(":", 1)
43  hostname = parts[0]
44  if hostname[-1] in string.digits: ## if this is an IP address
45  return hostname
46  parts = string.split(hostname, ".")
47  domain = string.join(parts[1:], ".")
48  return domain
49 
51  try:
52  persist = hdf.getIntValue("Cookie.MB_persist", 0)
53  except:
54  persist = 0
55  return persist
56 
57 def setPersistCookie(ncgi, persist):
58  ncgi.cookieSet("MB_persist", persist, persist=1, domain=config.gDomain)
59 
60 
61 def issueLoginCookie(ncgi, authdb, username, pw_hash, persist=None):
62  if persist == None:
63  persist = getPersistCookie(ncgi.hdf)
64 
65  domain = getDomain(ncgi.hdf)
66 
67  browserid = browserauth.checkBrowserCookie(authdb, ncgi)
68  if browserid is None:
69  # set the browser cookie
70  browserid = browserauth.issueBrowserCookie(ncgi, authdb, domain)
71 
72  debug("cookieauth.py", "BrowserID", browserid)
73  debug("cookieauth.py", "domain", domain)
74 
75  if persist == 1:
76  t = time.time()
77  t = t + (86400*14)
78  timestr = time.strftime("%A, %d-%b-%Y %H:%M:%S GMT", time.localtime(t))
79  else:
80  timestr = ""
81 
82  cookie = generateCookie(username, pw_hash)
83 # ncgi.cookieSet("MB_L1", cookie, persist=persist, path=config.gBaseURL, domain=domain, time_str=timestr)
84  ncgi.cookieSet("MB_L1", cookie, persist=persist, path=config.gBaseURL, time_str=timestr)
85 
86  #warn("cookieauth.py", "Issued login cookie", username,cookie, domain, timestr, persist)
87 
88 
89 def clearLoginCookie(ncgi, username, domain=None):
90  domain = getDomain(ncgi.hdf)
91  ncgi.cookieClear("MB_L1", "", config.gBaseURL)
92  ncgi.cookieClear("MB_L1", "", "/")
93  if domain:
94  ncgi.cookieClear("MB_L1", domain, config.gBaseURL)
95  ncgi.cookieClear("MB_L1", domain, "/")
96 
97 
99  def __init__(self):
100  self.username = None
101  self.issued_at = None
102  self.checkval_hash = None
103  self.cookie = None
104 
106  cookie = ncgi.hdf.getValue("Cookie.MB_L1","")
107  if not cookie:
108  #warn("cookieauth.py", "no cookie!")
109  return 0
110 
111  version, restCookie = string.split(cookie, "/", 1)
112  if version != "V1":
113  warn("cookieauth.py", "invalid cookie, version", version, cookie)
114  return 0
115  checkval,checkval_hash = string.split(restCookie,"=", 1)
116  username,issued_at = string.split(checkval,":")
117 
118  cookie = LoginCookie()
119  cookie.cookie = cookie
120  cookie.username = username
121  cookie.issued_at = int(issued_at)
122  cookie.checkval_hash = checkval_hash
123 
124  return cookie
125 
126 
127 
128 def checkLoginCookie(ncgi, logincookie, authdb, username, userRec):
129 
130  if username != logincookie.username:
131  warn("cookieauth.py", "invalid cookie, username mismatch", username, logincookie.username)
132  return 0
133 
134  persist = getPersistCookie(ncgi.hdf)
135 
136  # check for timeout
137  if persist == 0:
138  if (time.time() - logincookie.issued_at) > config.LOGIN_TIMEOUT:
139  warn("cookieauth.py", "invalid cookie, timeout", logincookie.issued_at)
140  return 0
141 
142  pw_hash = userRec.pw_hash
143 
144  #warn("cookieauth.py", "cookie", username, logincookie.issued_at, pw_hash, logincookie.checkval_hash)
145 
146  v_checkval, v_checkval_hash = _createCheckVal(username, logincookie.issued_at, pw_hash, config.gAuthVCode)
147 
148  if logincookie.checkval_hash != v_checkval_hash:
149  warn("cookieauth.py", "checkval mismatch", logincookie.checkval_hash, v_checkval_hash)
150 
151  return 1
152 
153 
154 
155 
156 
157 
158 def test():
159  pass
160 
161 def usage(progname):
162  print __doc__ % vars()
163 
164 def main(argv, stdout, environ):
165  progname = argv[0]
166  optlist, args = getopt.getopt(argv[1:], "", ["help", "test", "debug"])
167 
168  testflag = 0
169  if len(args) == 0:
170  usage(progname)
171  return
172  for (field, val) in optlist:
173  if field == "--help":
174  usage(progname)
175  return
176  elif field == "--debug":
177  debugfull()
178  elif field == "--test":
179  testflag = 1
180 
181  if testflag:
182  test()
183  return
184 
185 
186 if __name__ == "__main__":
187  main(sys.argv, sys.stdout, os.environ)
def parseLoginCookie(ncgi)
Definition: cookieauth.py:105
def clearLoginCookie(ncgi, username, domain=None)
Definition: cookieauth.py:89
def checkLoginCookie(ncgi, logincookie, authdb, username, userRec)
Definition: cookieauth.py:128
def issueLoginCookie(ncgi, authdb, username, pw_hash, persist=None)
Definition: cookieauth.py:61
def getPersistCookie(hdf)
Definition: cookieauth.py:50
def usage(progname)
Definition: cookieauth.py:161
def main(argv, stdout, environ)
Definition: cookieauth.py:164
def generateCookie(username, pw_hash)
Definition: cookieauth.py:33
def _createCheckVal(username, issued_at, pw_hash, vcode)
Definition: cookieauth.py:18
def setPersistCookie(ncgi, persist)
Definition: cookieauth.py:57


webui
Author(s): Scott Hassan
autogenerated on Mon Jun 10 2019 15:51:24