pillar/pillar/api/local_auth.py

import base64
import hashlib
import logging
import typing

import bcrypt
import datetime
from bson import tz_util
from flask import abort, Blueprint, current_app, jsonify, request
from pillar.api.utils.authentication import create_new_user_document
from pillar.api.utils.authentication import make_unique_username
from pillar.api.utils.authentication import store_token

blueprint = Blueprint('authentication', __name__)
log = logging.getLogger(__name__)


def get_auth_credentials(user, provider):
    return next((credentials for credentials in user['auth'] if 'provider'
                 in credentials and credentials['provider'] == provider), None)


def create_local_user(email, password):
    """For internal user only. Given username and password, create a user."""
    # Hash the password
    hashed_password = hash_password(password, bcrypt.gensalt())
    db_user = create_new_user_document(email, '', email, provider='local',
                                       token=hashed_password)
    # Make username unique
    db_user['username'] = make_unique_username(email)
    # Create the user
    r, _, _, status = current_app.post_internal('users', db_user)
    if status != 201:
        log.error('internal response: %r %r', status, r)
        return abort(500)
    # Return user ID
    return r['_id']


def get_local_user(username, password):
    # Look up user in db
    users_collection = current_app.data.driver.db['users']
    user = users_collection.find_one({'username': username})
    if not user:
        return abort(403)
    # Check if user has "local" auth type
    credentials = get_auth_credentials(user, 'local')
    if not credentials:
        return abort(403)
    # Verify password
    salt = credentials['token']
    hashed_password = hash_password(password, salt)
    if hashed_password != credentials['token']:
        return abort(403)
    return user


@blueprint.route('/make-token', methods=['POST'])
def make_token():
    """Direct login for a user, without OAuth, using local database. Generates
    a token that is passed back to Pillar Web and used in subsequent
    transactions.

    :return: a token string
    """
    username = request.form['username']
    password = request.form['password']

    user = get_local_user(username, password)

    token = generate_and_store_token(user['_id'])
    return jsonify(token=token['token'])


def generate_and_store_token(user_id, days=15, prefix=b''):
    """Generates token based on random bits.

    :param user_id: ObjectId of the owning user.
    :param days: token will expire in this many days.
    :param prefix: the token will be prefixed by these bytes, for easy identification.
    :return: the token document.
    """

    if not isinstance(prefix, bytes):
        raise TypeError('prefix must be bytes, not %s' % type(prefix))

    import secrets

    random_bits = secrets.token_bytes(32)

    # Use 'xy' as altargs to prevent + and / characters from appearing.
    # We never have to b64decode the string anyway.
    token = prefix + base64.b64encode(random_bits, altchars=b'xy').strip(b'=')

    token_expiry = datetime.datetime.now(tz=tz_util.utc) + datetime.timedelta(days=days)
    return store_token(user_id, token.decode('ascii'), token_expiry)


def hash_password(password: str, salt: typing.Union[str, bytes]) -> str:
    password = password.encode()

    if isinstance(salt, str):
        salt = salt.encode('utf-8')

    hash = hashlib.sha256(password).digest()
    encoded_password = base64.b64encode(hash)
    hashed_password = bcrypt.hashpw(encoded_password, salt)
    return hashed_password.decode('ascii')


def setup_app(app, url_prefix):
    app.register_api_blueprint(blueprint, url_prefix=url_prefix)
Added local accounts 2016-04-26 12:33:48 +02:00			`import base64`
			`import hashlib`
			`import logging`
Python 3.6 compatibility: bytes vs strings stuff These changes mostly revolve around the change in ObjectId constructor when running on Python 3.6. Where on 2.7 the constructor would accept 12- and 24-byte strings, now only 12-byte bytes and 24-character strings are accepted. Good thing, but required some changes in our code. Other changes include hashing of strings, which isn't supported, so they are converted to bytes first, and sometimes converted back afterwards. 2017-03-03 14:14:36 +01:00			`import typing`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00
Added local accounts 2016-04-26 12:33:48 +02:00			`import bcrypt`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`import datetime`
Added local accounts 2016-04-26 12:33:48 +02:00			`from bson import tz_util`
			`from flask import abort, Blueprint, current_app, jsonify, request`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`from pillar.api.utils.authentication import create_new_user_document`
			`from pillar.api.utils.authentication import make_unique_username`
			`from pillar.api.utils.authentication import store_token`
Added local accounts 2016-04-26 12:33:48 +02:00
			`blueprint = Blueprint('authentication', __name__)`
			`log = logging.getLogger(__name__)`


			`def get_auth_credentials(user, provider):`
			`return next((credentials for credentials in user['auth'] if 'provider'`
			`in credentials and credentials['provider'] == provider), None)`


			`def create_local_user(email, password):`
			`"""For internal user only. Given username and password, create a user."""`
			`# Hash the password`
			`hashed_password = hash_password(password, bcrypt.gensalt())`
			`db_user = create_new_user_document(email, '', email, provider='local',`
			`token=hashed_password)`
			`# Make username unique`
			`db_user['username'] = make_unique_username(email)`
			`# Create the user`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`r, _, _, status = current_app.post_internal('users', db_user)`
Added local accounts 2016-04-26 12:33:48 +02:00			`if status != 201:`
			`log.error('internal response: %r %r', status, r)`
			`return abort(500)`
			`# Return user ID`
			`return r['_id']`


Clean up local login Use generate_and_store_token and get_local_user directly instead of the /make-token endpoint. 2017-07-14 21:41:40 +02:00			`def get_local_user(username, password):`
Added local accounts 2016-04-26 12:33:48 +02:00			`# Look up user in db`
			`users_collection = current_app.data.driver.db['users']`
			`user = users_collection.find_one({'username': username})`
			`if not user:`
			`return abort(403)`
			`# Check if user has "local" auth type`
			`credentials = get_auth_credentials(user, 'local')`
			`if not credentials:`
			`return abort(403)`
			`# Verify password`
			`salt = credentials['token']`
			`hashed_password = hash_password(password, salt)`
			`if hashed_password != credentials['token']:`
			`return abort(403)`
Clean up local login Use generate_and_store_token and get_local_user directly instead of the /make-token endpoint. 2017-07-14 21:41:40 +02:00			`return user`


			`@blueprint.route('/make-token', methods=['POST'])`
			`def make_token():`
			`"""Direct login for a user, without OAuth, using local database. Generates`
			`a token that is passed back to Pillar Web and used in subsequent`
			`transactions.`

			`:return: a token string`
			`"""`
			`username = request.form['username']`
			`password = request.form['password']`

			`user = get_local_user(username, password)`
Nicer local token generation. No more +, / or = characters. 2016-06-01 14:18:00 +02:00
			`token = generate_and_store_token(user['_id'])`
			`return jsonify(token=token['token'])`


Python 3.6 compatibility: bytes vs strings stuff These changes mostly revolve around the change in ObjectId constructor when running on Python 3.6. Where on 2.7 the constructor would accept 12- and 24-byte strings, now only 12-byte bytes and 24-character strings are accepted. Good thing, but required some changes in our code. Other changes include hashing of strings, which isn't supported, so they are converted to bytes first, and sometimes converted back afterwards. 2017-03-03 14:14:36 +01:00			`def generate_and_store_token(user_id, days=15, prefix=b''):`
Nicer local token generation. No more +, / or = characters. 2016-06-01 14:18:00 +02:00			`"""Generates token based on random bits.`

			`:param user_id: ObjectId of the owning user.`
			`:param days: token will expire in this many days.`
Python 3.6 compatibility: bytes vs strings stuff These changes mostly revolve around the change in ObjectId constructor when running on Python 3.6. Where on 2.7 the constructor would accept 12- and 24-byte strings, now only 12-byte bytes and 24-character strings are accepted. Good thing, but required some changes in our code. Other changes include hashing of strings, which isn't supported, so they are converted to bytes first, and sometimes converted back afterwards. 2017-03-03 14:14:36 +01:00			`:param prefix: the token will be prefixed by these bytes, for easy identification.`
Nicer local token generation. No more +, / or = characters. 2016-06-01 14:18:00 +02:00			`:return: the token document.`
			`"""`

Python 3.6 compatibility: random bits & bcrypt Switched from Sybren's RSA library to the new stdlib module 'secrets' to generate secret tokens. This also means that the rsa library was demoted to secondary requirement. 2017-03-03 14:16:29 +01:00			`if not isinstance(prefix, bytes):`
			`raise TypeError('prefix must be bytes, not %s' % type(prefix))`

			`import secrets`

			`random_bits = secrets.token_bytes(32)`
Nicer local token generation. No more +, / or = characters. 2016-06-01 14:18:00 +02:00
			`# Use 'xy' as altargs to prevent + and / characters from appearing.`
			`# We never have to b64decode the string anyway.`
Python 3.6 compatibility: bytes vs strings stuff These changes mostly revolve around the change in ObjectId constructor when running on Python 3.6. Where on 2.7 the constructor would accept 12- and 24-byte strings, now only 12-byte bytes and 24-character strings are accepted. Good thing, but required some changes in our code. Other changes include hashing of strings, which isn't supported, so they are converted to bytes first, and sometimes converted back afterwards. 2017-03-03 14:14:36 +01:00			`token = prefix + base64.b64encode(random_bits, altchars=b'xy').strip(b'=')`
Nicer local token generation. No more +, / or = characters. 2016-06-01 14:18:00 +02:00
			`token_expiry = datetime.datetime.now(tz=tz_util.utc) + datetime.timedelta(days=days)`
Python 3.6 compatibility: bytes vs strings stuff These changes mostly revolve around the change in ObjectId constructor when running on Python 3.6. Where on 2.7 the constructor would accept 12- and 24-byte strings, now only 12-byte bytes and 24-character strings are accepted. Good thing, but required some changes in our code. Other changes include hashing of strings, which isn't supported, so they are converted to bytes first, and sometimes converted back afterwards. 2017-03-03 14:14:36 +01:00			`return store_token(user_id, token.decode('ascii'), token_expiry)`
Added local accounts 2016-04-26 12:33:48 +02:00

Python 3.6 compatibility: bytes vs strings stuff These changes mostly revolve around the change in ObjectId constructor when running on Python 3.6. Where on 2.7 the constructor would accept 12- and 24-byte strings, now only 12-byte bytes and 24-character strings are accepted. Good thing, but required some changes in our code. Other changes include hashing of strings, which isn't supported, so they are converted to bytes first, and sometimes converted back afterwards. 2017-03-03 14:14:36 +01:00			`def hash_password(password: str, salt: typing.Union[str, bytes]) -> str:`
			`password = password.encode()`

Ran 2to3 on pillar + some manual fixups The 'manual fixups' are: - incorrect use of dict.items() where dict.iteritems() was meant; this results in list(dict.items()), which I changed to dict.items(). - removal of 'from __future__ import' lines, which 2to3 changes into empty lines; I removed the empty lines. 2017-03-03 12:00:24 +01:00			`if isinstance(salt, str):`
Added local accounts 2016-04-26 12:33:48 +02:00			`salt = salt.encode('utf-8')`
Python 3.6 compatibility: bytes vs strings stuff These changes mostly revolve around the change in ObjectId constructor when running on Python 3.6. Where on 2.7 the constructor would accept 12- and 24-byte strings, now only 12-byte bytes and 24-character strings are accepted. Good thing, but required some changes in our code. Other changes include hashing of strings, which isn't supported, so they are converted to bytes first, and sometimes converted back afterwards. 2017-03-03 14:14:36 +01:00
			`hash = hashlib.sha256(password).digest()`
			`encoded_password = base64.b64encode(hash)`
			`hashed_password = bcrypt.hashpw(encoded_password, salt)`
			`return hashed_password.decode('ascii')`
Added local accounts 2016-04-26 12:33:48 +02:00

			`def setup_app(app, url_prefix):`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`app.register_api_blueprint(blueprint, url_prefix=url_prefix)`