API tools faq
paste
Advertisement
chmjel

Untitled

chmjel
Oct 22nd, 2021
23
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.67 KB | None | 0 0
raw download clone embed print report
  1. # oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
  2. # Copyright (c) 2016, Gluu
  3. #
  4. # Author: Yuriy Movchan
  5. #
  6.  
  7. from org.gluu.service.cdi.util import CdiUtil
  8. from org.gluu.oxauth.security import Identity
  9. from org.gluu.model.custom.script.type.auth import PersonAuthenticationType
  10. from org.gluu.oxauth.service import UserService, AuthenticationService, AppInitializer
  11. from org.gluu.oxauth.service import MetricService
  12. from org.gluu.model.metric import MetricType
  13. from org.gluu.util import StringHelper
  14. from org.gluu.util import ArrayHelper
  15. from org.gluu.persist.service import PersistanceFactoryService
  16. from org.gluu.persist.ldap.impl import LdapEntryManagerFactory
  17. from org.gluu.model.ldap import GluuLdapConfiguration
  18. from java.util import Arrays, Properties
  19.  
  20. from datetime import datetime, timedelta
  21.  
  22. import java
  23. import json
  24.  
  25. class PersonAuthentication(PersonAuthenticationType):
  26. def __init__(self, currentTimeMillis):
  27. self.currentTimeMillis = currentTimeMillis
  28.  
  29. def init(self, configurationAttributes):
  30. print("Basic (multi auth conf). Initialization")
  31.  
  32. if (not configurationAttributes.containsKey("auth_configuration_file")):
  33. print("Basic (multi auth conf). The property auth_configuration_file is empty")
  34. return False
  35.  
  36. authConfigurationFile = configurationAttributes.get("auth_configuration_file").getValue2()
  37. authConfiguration = self.loadAuthConfiguration(authConfigurationFile)
  38. if (authConfiguration == None):
  39. print "Basic (multi auth conf). File with authentication configuration should be not empty"
  40. return False
  41.  
  42. validationResult = self.validateAuthConfiguration(authConfiguration)
  43. if (not validationResult):
  44. return False
  45.  
  46. ldapExtendedEntryManagers = self.createLdapExtendedEntryManagers(authConfiguration)
  47. if (ldapExtendedEntryManagers == None):
  48. return False
  49.  
  50. self.ldapExtendedEntryManagers = ldapExtendedEntryManagers
  51.  
  52. print "Basic (multi auth conf). Initialized successfully"
  53. return True
  54.  
  55. def destroy(self, authConfiguration):
  56. print "Basic (multi auth conf). Destroy"
  57.  
  58. result = True
  59. for ldapExtendedEntryManager in self.ldapExtendedEntryManagers:
  60. ldapConfiguration = ldapExtendedEntryManager["ldapConfiguration"]
  61. ldapEntryManager = ldapExtendedEntryManager["ldapEntryManager"]
  62.  
  63. destoryResult = ldapEntryManager.destroy()
  64. result = result and destoryResult
  65. print "Basic (multi auth conf). Destroyed: " + ldapConfiguration.getConfigId() + ". Result: " + str(destoryResult)
  66.  
  67. print "Basic (multi auth conf). Destroyed successfully"
  68.  
  69. return result
  70.  
  71. def getApiVersion(self):
  72. return 1
  73.  
  74. def isValidAuthenticationMethod(self, usageType, configurationAttributes):
  75. return True
  76.  
  77. def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
  78. return None
  79.  
  80. def authenticate(self, configurationAttributes, requestParameters, step):
  81. authenticationService = CdiUtil.bean(AuthenticationService)
  82.  
  83. if (step == 1):
  84. domainExceptionsList = self.domainExceptionsList
  85. icDomainList = self.icDomainList
  86. identity = CdiUtil.bean(Identity)
  87. credentials = identity.getCredentials()
  88.  
  89. metricService = CdiUtil.bean(MetricService)
  90. timerContext = metricService.getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time()
  91. try:
  92. keyValue = credentials.getUsername().encode('utf-8').strip()
  93. userPassword = credentials.getPassword()
  94. try:
  95. domain = keyValue.split("@")[1].lower() #TODO regex to check if mail is valid
  96. except Exception as e:
  97. print("Exception in domain cut for mail {}".format(keyValue))
  98. print(e)
  99. domain = "ALL"
  100. if (StringHelper.isNotEmptyString(keyValue) and StringHelper.isNotEmptyString(userPassword)):
  101. for ldapExtendedEntryManager in self.ldapExtendedEntryManagers:
  102. ldapConfiguration = ldapExtendedEntryManager["ldapConfiguration"]
  103. if (domain not in domainExceptionsList):
  104. if (domain not in icDomainList):
  105. if (ldapConfiguration.getConfigId() != "intercars.global"):
  106. continue
  107. if (domain in icDomainList):
  108. if (ldapConfiguration.getConfigId() == "intercars.global"):
  109. continue
  110.  
  111.  
  112. ldapEntryManager = ldapExtendedEntryManager["ldapEntryManager"]
  113. loginAttributes = ldapExtendedEntryManager["loginAttributes"]
  114. localLoginAttributes = ldapExtendedEntryManager["localLoginAttributes"]
  115.  
  116. print "Basic (multi auth conf). Authenticate for step 1. Using configuration: " + ldapConfiguration.getConfigId()
  117.  
  118. idx = 0
  119. count = len(loginAttributes)
  120. while (idx < count):
  121. primaryKey = loginAttributes[idx]
  122. localPrimaryKey = localLoginAttributes[idx]
  123. log = "Authentication in: {} for: {} with: {} ".format(ldapConfiguration.getConfigId(), keyValue, primaryKey)
  124.  
  125. start = datetime.now()
  126. loggedIn = authenticationService.authenticate(ldapConfiguration, ldapEntryManager, keyValue, userPassword, primaryKey, localPrimaryKey)
  127. end = datetime.now()
  128. elapsed = ((end-start).microseconds/1000) #change to ms
  129. if (loggedIn):
  130. print(log + "SUCCESS in {}ms".format(elapsed))
  131. metricService.incCounter(MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS)
  132. return True
  133. break
  134. print(log + "FAILED in {}ms".format(elapsed))
  135. idx += 1
  136. finally:
  137. timerContext.stop()
  138.  
  139. metricService.incCounter(MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES)
  140.  
  141. return False
  142. else:
  143. return False
  144.  
  145. def prepareForStep(self, configurationAttributes, requestParameters, step):
  146. if (step == 1):
  147. return True
  148. else:
  149. return False
  150.  
  151. def getExtraParametersForStep(self, configurationAttributes, step):
  152. return None
  153.  
  154. def getCountAuthenticationSteps(self, configurationAttributes):
  155. return 1
  156.  
  157. def getPageForStep(self, configurationAttributes, step):
  158. return ""
  159.  
  160. def logout(self, configurationAttributes, requestParameters):
  161. return True
  162.  
  163. def loadAuthConfiguration(self, authConfigurationFile):
  164. authConfiguration = None
  165.  
  166. # Load authentication configuration from file
  167. f = open(authConfigurationFile, 'r')
  168. try:
  169. authConfiguration = json.loads(f.read())
  170. except:
  171. print "Basic (multi auth conf). Load auth configuration. Failed to load authentication configuration from file:", authConfigurationFile
  172. return None
  173. finally:
  174. f.close()
  175.  
  176. return authConfiguration
  177.  
  178. def validateAuthConfiguration(self, authConfiguration):
  179. isValid = True
  180.  
  181. if (not ("ldap_configuration" in authConfiguration)):
  182. print "Basic (multi auth conf). Validate auth configuration. There is no ldap_configuration section in configuration"
  183. return False
  184.  
  185. idx = 1
  186. for ldapConfiguration in authConfiguration["ldap_configuration"]:
  187. if (not self.containsAttributeString(ldapConfiguration, "configId")):
  188. print "Basic (multi auth conf). Validate auth configuration. There is no 'configId' attribute in ldap_configuration section #" + str(idx)
  189. return False
  190.  
  191. configId = ldapConfiguration["configId"]
  192.  
  193. if (not self.containsAttributeArray(ldapConfiguration, "servers")):
  194. print "Basic (multi auth conf). Validate auth configuration. Property 'servers' in configuration '" + configId + "' is invalid"
  195. return False
  196.  
  197. if (self.containsAttributeString(ldapConfiguration, "bindDN")):
  198. if (not self.containsAttributeString(ldapConfiguration, "bindPassword")):
  199. print "Basic (multi auth conf). Validate auth configuration. Property 'bindPassword' in configuration '" + configId + "' is invalid"
  200. return False
  201.  
  202. if (not self.containsAttributeString(ldapConfiguration, "useSSL")):
  203. print "Basic (multi auth conf). Validate auth configuration. Property 'useSSL' in configuration '" + configId + "' is invalid"
  204. return False
  205.  
  206. if (not self.containsAttributeString(ldapConfiguration, "maxConnections")):
  207. print "Basic (multi auth conf). Validate auth configuration. Property 'maxConnections' in configuration '" + configId + "' is invalid"
  208. return False
  209.  
  210. if (not self.containsAttributeArray(ldapConfiguration, "baseDNs")):
  211. print "Basic (multi auth conf). Validate auth configuration. Property 'baseDNs' in configuration '" + configId + "' is invalid"
  212. return False
  213.  
  214. if (not self.containsAttributeArray(ldapConfiguration, "loginAttributes")):
  215. print "Basic (multi auth conf). Validate auth configuration. Property 'loginAttributes' in configuration '" + configId + "' is invalid"
  216. return False
  217.  
  218. if (not self.containsAttributeArray(ldapConfiguration, "localLoginAttributes")):
  219. print "Basic (multi auth conf). Validate auth configuration. Property 'localLoginAttributes' in configuration '" + configId + "' is invalid"
  220. return False
  221.  
  222. if (len(ldapConfiguration["loginAttributes"]) != len(ldapConfiguration["localLoginAttributes"])):
  223. print "Basic (multi auth conf). Validate auth configuration. The number of attributes in 'loginAttributes' and 'localLoginAttributes' isn't equal in configuration '" + configId + "'"
  224. return False
  225.  
  226. idx += 1
  227.  
  228. return True
  229.  
  230. def createLdapExtendedEntryManagers(self, authConfiguration):
  231. ldapExtendedConfigurations = self.createLdapExtendedConfigurations(authConfiguration)
  232. self.icDomainList = authConfiguration["icDomainList"]
  233. self.domainExceptionsList = authConfiguration["domainExceptionsList"]
  234.  
  235. appInitializer = CdiUtil.bean(AppInitializer)
  236. persistanceFactoryService = CdiUtil.bean(PersistanceFactoryService)
  237. ldapEntryManagerFactory = persistanceFactoryService.getPersistenceEntryManagerFactory(LdapEntryManagerFactory)
  238. persistenceType = ldapEntryManagerFactory.getPersistenceType()
  239.  
  240. ldapExtendedEntryManagers = []
  241. for ldapExtendedConfiguration in ldapExtendedConfigurations:
  242. connectionConfiguration = ldapExtendedConfiguration["connectionConfiguration"]
  243.  
  244. ldapProperties = Properties()
  245. for key, value in connectionConfiguration.items():
  246. value_string = value
  247. if isinstance(value_string, list):
  248. value_string = ", ".join(value)
  249. else:
  250. value_string = str(value)
  251.  
  252. ldapProperties.setProperty(persistenceType + "." + key, value_string)
  253.  
  254. ldapEntryManager = ldapEntryManagerFactory.createEntryManager(ldapProperties)
  255.  
  256. ldapExtendedEntryManagers.append({ "ldapConfiguration" : ldapExtendedConfiguration["ldapConfiguration"], "ldapProperties" : ldapProperties, "loginAttributes" : ldapExtendedConfiguration["loginAttributes"], "localLoginAttributes" : ldapExtendedConfiguration["localLoginAttributes"], "ldapEntryManager" : ldapEntryManager })
  257.  
  258. return ldapExtendedEntryManagers
  259.  
  260. def createLdapExtendedConfigurations(self, authConfiguration):
  261. ldapExtendedConfigurations = []
  262.  
  263. for connectionConfiguration in authConfiguration["ldap_configuration"]:
  264. configId = connectionConfiguration["configId"]
  265.  
  266. servers = connectionConfiguration["servers"]
  267.  
  268. bindDN = None
  269. bindPassword = None
  270. useAnonymousBind = True
  271. if (self.containsAttributeString(connectionConfiguration, "bindDN")):
  272. useAnonymousBind = False
  273. bindDN = connectionConfiguration["bindDN"]
  274. bindPassword = connectionConfiguration["bindPassword"]
  275.  
  276. useSSL = connectionConfiguration["useSSL"]
  277. maxConnections = connectionConfiguration["maxConnections"]
  278. baseDNs = connectionConfiguration["baseDNs"]
  279. loginAttributes = connectionConfiguration["loginAttributes"]
  280. localLoginAttributes = connectionConfiguration["localLoginAttributes"]
  281.  
  282. ldapConfiguration = GluuLdapConfiguration()
  283. ldapConfiguration.setConfigId(configId)
  284. ldapConfiguration.setBindDN(bindDN)
  285. ldapConfiguration.setBindPassword(bindPassword)
  286. ldapConfiguration.setServers(Arrays.asList(servers))
  287. ldapConfiguration.setMaxConnections(maxConnections)
  288. ldapConfiguration.setUseSSL(useSSL)
  289. ldapConfiguration.setBaseDNs(Arrays.asList(baseDNs))
  290. ldapConfiguration.setPrimaryKey(loginAttributes[0])
  291. ldapConfiguration.setLocalPrimaryKey(localLoginAttributes[0])
  292. ldapConfiguration.setUseAnonymousBind(useAnonymousBind)
  293.  
  294. ldapExtendedConfigurations.append({ "ldapConfiguration" : ldapConfiguration, "connectionConfiguration" : connectionConfiguration, "loginAttributes" : loginAttributes, "localLoginAttributes" : localLoginAttributes })
  295.  
  296. return ldapExtendedConfigurations
  297.  
  298. def containsAttributeString(self, dictionary, attribute):
  299. return ((attribute in dictionary) and StringHelper.isNotEmptyString(dictionary[attribute]))
  300.  
  301. def containsAttributeArray(self, dictionary, attribute):
  302. return ((attribute in dictionary) and (len(dictionary[attribute]) > 0))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!