本文整理汇总了Python中privacyidea.lib.policy.PolicyClass.check_user_authorization方法的典型用法代码示例。如果您正苦于以下问题:Python PolicyClass.check_user_authorization方法的具体用法?Python PolicyClass.check_user_authorization怎么用?Python PolicyClass.check_user_authorization使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类privacyidea.lib.policy.PolicyClass的用法示例。
在下文中一共展示了PolicyClass.check_user_authorization方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: ValidateController
# 需要导入模块: from privacyidea.lib.policy import PolicyClass [as 别名]
# 或者: from privacyidea.lib.policy.PolicyClass import check_user_authorization [as 别名]
class ValidateController(BaseController):
'''
The privacyidea.controllers are the implementation of the web-API to talk to the privacyIDEA server.
The ValidateController is used to validate the username with its given OTP value.
An Authentication module like pam_privacyidea or rlm_privacyidea uses this ValidateController.
The functions of the ValidateController are invoked like this
https://server/validate/<functionname>
The functions are described below in more detail.
'''
@log_with(log)
def __before__(self, action, **params):
try:
c.audit['client'] = get_client()
self.Policy = PolicyClass(request, config, c,
get_privacyIDEA_config(),
token_type_list = get_token_type_list())
return response
except Exception as exx:
log.error("exception %r" % (action, exx))
log.error(traceback.format_exc())
Session.rollback()
Session.close()
return sendError(response, exx, context='before')
finally:
pass
@log_with(log)
def __after__(self, action, **params):
self.audit.log(c.audit)
return response
@log_with(log)
def _check(self, param):
'''
basic check function, that can be used by different controllers
:param param: dict of all caller parameters
:type param: dict
:return: Tuple of True or False and opt
:rtype: Tuple(boolean, opt)
'''
opt = None
options = {}
## put everythin in the options but the user, pass, init
options.update(param)
for para in ["pass", "user", "init"]:
if options.has_key(para):
del options[para]
passw = getParam(param, "pass", optional)
user = getUserFromParam(param, optional)
# support for ocra application challenge verification
challenge = getParam(param, "challenge", optional)
if challenge is not None:
options = {}
options['challenge'] = challenge
c.audit['user'] = user.login
realm = user.realm or getDefaultRealm()
c.audit['realm'] = realm
# AUTHORIZATION Pre Check
# we need to overwrite the user.realm in case the user does not exist in the original realm (setrealm-policy)
user.realm = self.Policy.set_realm(user.login, realm, exception=True)
self.Policy.check_user_authorization(user.login, user.realm, exception=True)
if isSelfTest() == True:
initTime = getParam(param, "init", optional)
if initTime is not None:
if options is None:
options = {}
options['initTime'] = initTime
(ok, opt) = checkUserPass(user, passw, options=options)
c.audit['success'] = ok
if ok:
# AUTHORIZATION post check
toks = getTokens4UserOrSerial(None, c.audit["serial"])
if len(toks) > 0 and c.audit["serial"]:
# This might be empty in case of passOnNoToken
ttype = toks[0].getType().lower()
self.Policy.check_auth_tokentype(ttype, exception=True, user=user)
self.Policy.check_auth_serial(c.audit['serial'], exception=True, user=user)
# add additional details
if self.Policy.is_auth_return(ok, user=user):
#.........这里部分代码省略.........
示例2: authenticate_privacyidea_user
# 需要导入模块: from privacyidea.lib.policy import PolicyClass [as 别名]
# 或者: from privacyidea.lib.policy.PolicyClass import check_user_authorization [as 别名]
def authenticate_privacyidea_user(user, realm, password):
'''
this function performs an authentication against the
privacyidea server.
:param user: Username of the user
:type user: string
:return: In case of success return the username
:rtype: string
'''
res = False
success = None
Policy = PolicyClass(request,
config,
c,
get_privacyIDEA_config())
if Policy.check_user_authorization(user, realm, exception=False):
'''
We SHOULD do it this way, but unfortunately we
only get the complete context in a web request.
We are missing the client and the HSM!
(res, _opt) = checkUserPass(User(login=user, realm=realm), password)
Big FIXME: The server is asking himself... :-/
'''
# we need to pass the client= to cope with client dependent policies.
# Otherwise the authentication request will have the client 127.0.0.1
# as the source.
client = request.client_addr
data = urllib.urlencode({'user': user,
'realm': realm,
'pass': password,
'client': client})
url = ini_config.get("privacyideaURL") + "/validate/check"
disable_ssl = ini_config.get("privacyideaURL.disable_ssl", False)
headers = {"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain"}
try:
# is httplib compiled with ssl?
http = httplib2.\
Http(disable_ssl_certificate_validation=disable_ssl)
except TypeError as exx:
# not so on squeeze:
# TypeError: __init__() got an unexpected keyword argument
# 'disable_ssl_certificate_validation'
log.warning("httplib2 'disable_ssl_certificate_validation' "
"attribute error: %r" % exx)
# so we run in fallback mode
http = httplib2.Http()
(_resp, content) = http.request(url,
method="POST",
body=data,
headers=headers)
rv = json.loads(content)
if rv.get("result"):
# in case of normal json output
res = rv['result'].get('value', False)
if res:
success = "%[email protected]%s" % (user, realm)
return success