crypt and adduser tool

This commit is contained in:
Wolfgang Hottgenroth 2021-01-26 22:06:39 +01:00
parent ca9e0b81d3
commit e1b9597fdb
Signed by: wn
GPG Key ID: E49AF3B9EF6DD469
3 changed files with 80 additions and 13 deletions

67
asadduser.py Executable file
View File

@ -0,0 +1,67 @@
#!/usr/bin/python
import mariadb
from pbkdf2 import crypt
import argparse
import os
parser = argparse.ArgumentParser(description='asadduser')
parser.add_argument('--user', '-u',
help='Login',
required=True)
parser.add_argument('--password', '-p',
help='Password',
required=True)
parser.add_argument('--application', '-a',
help='Application',
required=True)
parser.add_argument('--issuer', '-i',
help='Issuer',
required=True)
args = parser.parse_args()
user = args.user
password = args.password
application = args.application
issuer = args.issuer
DB_USER = os.environ["DB_USER"]
DB_PASS = os.environ["DB_PASS"]
DB_HOST = os.environ["DB_HOST"]
DB_NAME = os.environ["DB_NAME"]
pwhash = crypt(password, iterations=100000)
conn = None
cur = None
try:
conn = mariadb.connect(user = DB_USER, password = DB_PASS,
host = DB_HOST, database = DB_NAME)
conn.autocommit = False
cur = conn.cursor()
cur.execute("""
INSERT INTO users (issuer, login, password)
VALUES(
(SELECT id FROM issuers WHERE name = ?),
?,
?
)
""", [issuer, user, pwhash])
cur.execute("""
INSERT INTO user_applications_mapping (application, user)
VALUES(
(SELECT id FROM applications WHERE name = ?),
(SELECT id FROM users WHERE login = ?)
)
""", [application, user])
conn.commit()
finally:
if cur:
cur.close()
if conn:
conn.rollback()
conn.close()

23
auth.py
View File

@ -23,11 +23,11 @@ class PasswordMismatchException(Exception):
pass
UserEntry = namedtuple('UserEntry', ['id', 'login', 'pwhash', 'issuer', 'secret', 'expiry', 'claims'])
UserEntry = namedtuple('UserEntry', ['id', 'login', 'issuer', 'secret', 'expiry', 'claims'])
def getUserEntryFromDB(application: str, login: str) -> UserEntry:
def getUserEntryFromDB(application: str, login: str):
conn = None
cur = None
try:
@ -62,11 +62,11 @@ def getUserEntryFromDB(application: str, login: str) -> UserEntry:
else:
claims[claimObj["key"]] = claimObj["value"]
userEntry = UserEntry(id=userId, login=login, pwhash=resObj["password"],
userEntry = UserEntry(id=userId, login=login,
secret=resObj["secret"], issuer=resObj["issuer"],
expiry=resObj["expiry"], claims=claims)
return userEntry
return userEntry, resObj["password"]
except mariadb.Error as err:
raise Exception("Error when connecting to database: {}".format(err))
finally:
@ -76,24 +76,21 @@ def getUserEntryFromDB(application: str, login: str) -> UserEntry:
conn.rollback()
conn.close()
def checkPassword(inputPassword, passwordHash) -> bool:
print("DEBUG, checkPassword: {} {}".format(inputPassword, passwordHash))
if passwordHash != crypt(inputPassword, passwordHash, 100000):
def getUserEntry(application, login, password):
userEntry, pwhash = getUserEntryFromDB(application, login)
if pwhash != crypt(password, pwhash):
raise PasswordMismatchException()
return True
return userEntry
def generateToken(**args):
try:
body = args["body"]
application = body["application"]
login = body["login"]
inputPassword = body["password"]
password = body["password"]
userEntry = getUserEntryFromDB(application, login)
userEntry = getUserEntry(application, login, password)
if inputPassword != crypt(inputPassword, userEntry.pwhash, 100000):
raise PasswordMismatchException()
timestamp = int(time.time())
payload = {
"iss": userEntry.issuer,

View File

@ -47,6 +47,9 @@ ALTER TABLE `users`
ALTER TABLE `users`
MODIFY COLUMN expiry int(10) unsigned NOT NULL;
ALTER TABLE `users`
MODIFY COLUMN expiry int(10) unsigned NOT NULL DEFAULT 600;
CREATE TABLE `claims` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`key` varchar(64) NOT NULL,