crypt and adduser tool
This commit is contained in:
67
asadduser.py
Executable file
67
asadduser.py
Executable file
@ -0,0 +1,67 @@
|
|||||||
|
#!/usr/bin/python
|
||||||
|
|
||||||
|
import mariadb
|
||||||
|
from pbkdf2 import crypt
|
||||||
|
import argparse
|
||||||
|
import os
|
||||||
|
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description='asadduser')
|
||||||
|
parser.add_argument('--user', '-u',
|
||||||
|
help='Login',
|
||||||
|
required=True)
|
||||||
|
parser.add_argument('--password', '-p',
|
||||||
|
help='Password',
|
||||||
|
required=True)
|
||||||
|
parser.add_argument('--application', '-a',
|
||||||
|
help='Application',
|
||||||
|
required=True)
|
||||||
|
parser.add_argument('--issuer', '-i',
|
||||||
|
help='Issuer',
|
||||||
|
required=True)
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
user = args.user
|
||||||
|
password = args.password
|
||||||
|
application = args.application
|
||||||
|
issuer = args.issuer
|
||||||
|
|
||||||
|
|
||||||
|
DB_USER = os.environ["DB_USER"]
|
||||||
|
DB_PASS = os.environ["DB_PASS"]
|
||||||
|
DB_HOST = os.environ["DB_HOST"]
|
||||||
|
DB_NAME = os.environ["DB_NAME"]
|
||||||
|
|
||||||
|
pwhash = crypt(password, iterations=100000)
|
||||||
|
|
||||||
|
conn = None
|
||||||
|
cur = None
|
||||||
|
try:
|
||||||
|
conn = mariadb.connect(user = DB_USER, password = DB_PASS,
|
||||||
|
host = DB_HOST, database = DB_NAME)
|
||||||
|
conn.autocommit = False
|
||||||
|
|
||||||
|
cur = conn.cursor()
|
||||||
|
cur.execute("""
|
||||||
|
INSERT INTO users (issuer, login, password)
|
||||||
|
VALUES(
|
||||||
|
(SELECT id FROM issuers WHERE name = ?),
|
||||||
|
?,
|
||||||
|
?
|
||||||
|
)
|
||||||
|
""", [issuer, user, pwhash])
|
||||||
|
cur.execute("""
|
||||||
|
INSERT INTO user_applications_mapping (application, user)
|
||||||
|
VALUES(
|
||||||
|
(SELECT id FROM applications WHERE name = ?),
|
||||||
|
(SELECT id FROM users WHERE login = ?)
|
||||||
|
)
|
||||||
|
""", [application, user])
|
||||||
|
conn.commit()
|
||||||
|
finally:
|
||||||
|
if cur:
|
||||||
|
cur.close()
|
||||||
|
if conn:
|
||||||
|
conn.rollback()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
23
auth.py
23
auth.py
@ -23,11 +23,11 @@ class PasswordMismatchException(Exception):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
UserEntry = namedtuple('UserEntry', ['id', 'login', 'pwhash', 'issuer', 'secret', 'expiry', 'claims'])
|
UserEntry = namedtuple('UserEntry', ['id', 'login', 'issuer', 'secret', 'expiry', 'claims'])
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def getUserEntryFromDB(application: str, login: str) -> UserEntry:
|
def getUserEntryFromDB(application: str, login: str):
|
||||||
conn = None
|
conn = None
|
||||||
cur = None
|
cur = None
|
||||||
try:
|
try:
|
||||||
@ -62,11 +62,11 @@ def getUserEntryFromDB(application: str, login: str) -> UserEntry:
|
|||||||
else:
|
else:
|
||||||
claims[claimObj["key"]] = claimObj["value"]
|
claims[claimObj["key"]] = claimObj["value"]
|
||||||
|
|
||||||
userEntry = UserEntry(id=userId, login=login, pwhash=resObj["password"],
|
userEntry = UserEntry(id=userId, login=login,
|
||||||
secret=resObj["secret"], issuer=resObj["issuer"],
|
secret=resObj["secret"], issuer=resObj["issuer"],
|
||||||
expiry=resObj["expiry"], claims=claims)
|
expiry=resObj["expiry"], claims=claims)
|
||||||
|
|
||||||
return userEntry
|
return userEntry, resObj["password"]
|
||||||
except mariadb.Error as err:
|
except mariadb.Error as err:
|
||||||
raise Exception("Error when connecting to database: {}".format(err))
|
raise Exception("Error when connecting to database: {}".format(err))
|
||||||
finally:
|
finally:
|
||||||
@ -76,24 +76,21 @@ def getUserEntryFromDB(application: str, login: str) -> UserEntry:
|
|||||||
conn.rollback()
|
conn.rollback()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
||||||
def checkPassword(inputPassword, passwordHash) -> bool:
|
def getUserEntry(application, login, password):
|
||||||
print("DEBUG, checkPassword: {} {}".format(inputPassword, passwordHash))
|
userEntry, pwhash = getUserEntryFromDB(application, login)
|
||||||
if passwordHash != crypt(inputPassword, passwordHash, 100000):
|
if pwhash != crypt(password, pwhash):
|
||||||
raise PasswordMismatchException()
|
raise PasswordMismatchException()
|
||||||
return True
|
return userEntry
|
||||||
|
|
||||||
def generateToken(**args):
|
def generateToken(**args):
|
||||||
try:
|
try:
|
||||||
body = args["body"]
|
body = args["body"]
|
||||||
application = body["application"]
|
application = body["application"]
|
||||||
login = body["login"]
|
login = body["login"]
|
||||||
inputPassword = body["password"]
|
password = body["password"]
|
||||||
|
|
||||||
userEntry = getUserEntryFromDB(application, login)
|
userEntry = getUserEntry(application, login, password)
|
||||||
|
|
||||||
if inputPassword != crypt(inputPassword, userEntry.pwhash, 100000):
|
|
||||||
raise PasswordMismatchException()
|
|
||||||
|
|
||||||
timestamp = int(time.time())
|
timestamp = int(time.time())
|
||||||
payload = {
|
payload = {
|
||||||
"iss": userEntry.issuer,
|
"iss": userEntry.issuer,
|
||||||
|
|||||||
@ -47,6 +47,9 @@ ALTER TABLE `users`
|
|||||||
ALTER TABLE `users`
|
ALTER TABLE `users`
|
||||||
MODIFY COLUMN expiry int(10) unsigned NOT NULL;
|
MODIFY COLUMN expiry int(10) unsigned NOT NULL;
|
||||||
|
|
||||||
|
ALTER TABLE `users`
|
||||||
|
MODIFY COLUMN expiry int(10) unsigned NOT NULL DEFAULT 600;
|
||||||
|
|
||||||
CREATE TABLE `claims` (
|
CREATE TABLE `claims` (
|
||||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||||
`key` varchar(64) NOT NULL,
|
`key` varchar(64) NOT NULL,
|
||||||
|
|||||||
Reference in New Issue
Block a user