crypt and adduser tool
This commit is contained in:
parent
ca9e0b81d3
commit
e1b9597fdb
67
asadduser.py
Executable file
67
asadduser.py
Executable file
@ -0,0 +1,67 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import mariadb
|
||||
from pbkdf2 import crypt
|
||||
import argparse
|
||||
import os
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser(description='asadduser')
|
||||
parser.add_argument('--user', '-u',
|
||||
help='Login',
|
||||
required=True)
|
||||
parser.add_argument('--password', '-p',
|
||||
help='Password',
|
||||
required=True)
|
||||
parser.add_argument('--application', '-a',
|
||||
help='Application',
|
||||
required=True)
|
||||
parser.add_argument('--issuer', '-i',
|
||||
help='Issuer',
|
||||
required=True)
|
||||
|
||||
args = parser.parse_args()
|
||||
user = args.user
|
||||
password = args.password
|
||||
application = args.application
|
||||
issuer = args.issuer
|
||||
|
||||
|
||||
DB_USER = os.environ["DB_USER"]
|
||||
DB_PASS = os.environ["DB_PASS"]
|
||||
DB_HOST = os.environ["DB_HOST"]
|
||||
DB_NAME = os.environ["DB_NAME"]
|
||||
|
||||
pwhash = crypt(password, iterations=100000)
|
||||
|
||||
conn = None
|
||||
cur = None
|
||||
try:
|
||||
conn = mariadb.connect(user = DB_USER, password = DB_PASS,
|
||||
host = DB_HOST, database = DB_NAME)
|
||||
conn.autocommit = False
|
||||
|
||||
cur = conn.cursor()
|
||||
cur.execute("""
|
||||
INSERT INTO users (issuer, login, password)
|
||||
VALUES(
|
||||
(SELECT id FROM issuers WHERE name = ?),
|
||||
?,
|
||||
?
|
||||
)
|
||||
""", [issuer, user, pwhash])
|
||||
cur.execute("""
|
||||
INSERT INTO user_applications_mapping (application, user)
|
||||
VALUES(
|
||||
(SELECT id FROM applications WHERE name = ?),
|
||||
(SELECT id FROM users WHERE login = ?)
|
||||
)
|
||||
""", [application, user])
|
||||
conn.commit()
|
||||
finally:
|
||||
if cur:
|
||||
cur.close()
|
||||
if conn:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
|
23
auth.py
23
auth.py
@ -23,11 +23,11 @@ class PasswordMismatchException(Exception):
|
||||
pass
|
||||
|
||||
|
||||
UserEntry = namedtuple('UserEntry', ['id', 'login', 'pwhash', 'issuer', 'secret', 'expiry', 'claims'])
|
||||
UserEntry = namedtuple('UserEntry', ['id', 'login', 'issuer', 'secret', 'expiry', 'claims'])
|
||||
|
||||
|
||||
|
||||
def getUserEntryFromDB(application: str, login: str) -> UserEntry:
|
||||
def getUserEntryFromDB(application: str, login: str):
|
||||
conn = None
|
||||
cur = None
|
||||
try:
|
||||
@ -62,11 +62,11 @@ def getUserEntryFromDB(application: str, login: str) -> UserEntry:
|
||||
else:
|
||||
claims[claimObj["key"]] = claimObj["value"]
|
||||
|
||||
userEntry = UserEntry(id=userId, login=login, pwhash=resObj["password"],
|
||||
userEntry = UserEntry(id=userId, login=login,
|
||||
secret=resObj["secret"], issuer=resObj["issuer"],
|
||||
expiry=resObj["expiry"], claims=claims)
|
||||
|
||||
return userEntry
|
||||
return userEntry, resObj["password"]
|
||||
except mariadb.Error as err:
|
||||
raise Exception("Error when connecting to database: {}".format(err))
|
||||
finally:
|
||||
@ -76,24 +76,21 @@ def getUserEntryFromDB(application: str, login: str) -> UserEntry:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
|
||||
def checkPassword(inputPassword, passwordHash) -> bool:
|
||||
print("DEBUG, checkPassword: {} {}".format(inputPassword, passwordHash))
|
||||
if passwordHash != crypt(inputPassword, passwordHash, 100000):
|
||||
def getUserEntry(application, login, password):
|
||||
userEntry, pwhash = getUserEntryFromDB(application, login)
|
||||
if pwhash != crypt(password, pwhash):
|
||||
raise PasswordMismatchException()
|
||||
return True
|
||||
return userEntry
|
||||
|
||||
def generateToken(**args):
|
||||
try:
|
||||
body = args["body"]
|
||||
application = body["application"]
|
||||
login = body["login"]
|
||||
inputPassword = body["password"]
|
||||
password = body["password"]
|
||||
|
||||
userEntry = getUserEntryFromDB(application, login)
|
||||
userEntry = getUserEntry(application, login, password)
|
||||
|
||||
if inputPassword != crypt(inputPassword, userEntry.pwhash, 100000):
|
||||
raise PasswordMismatchException()
|
||||
|
||||
timestamp = int(time.time())
|
||||
payload = {
|
||||
"iss": userEntry.issuer,
|
||||
|
@ -47,6 +47,9 @@ ALTER TABLE `users`
|
||||
ALTER TABLE `users`
|
||||
MODIFY COLUMN expiry int(10) unsigned NOT NULL;
|
||||
|
||||
ALTER TABLE `users`
|
||||
MODIFY COLUMN expiry int(10) unsigned NOT NULL DEFAULT 600;
|
||||
|
||||
CREATE TABLE `claims` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`key` varchar(64) NOT NULL,
|
||||
|
Loading…
x
Reference in New Issue
Block a user