summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDevaev Maxim <[email protected]>2019-04-01 10:30:30 +0300
committerDevaev Maxim <[email protected]>2019-04-01 10:30:30 +0300
commit73e04b71ed55a46c939f12548b31746617af2bca (patch)
tree8f8c46e38378e7b47214afdc7cb438462971cf7c
parent70e526b7739349773c6203e7744370f19c465d57 (diff)
modular auth
-rw-r--r--kvmd/apps/__init__.py14
-rw-r--r--kvmd/apps/htpasswd/__init__.py12
-rw-r--r--kvmd/apps/kvmd/auth.py19
-rw-r--r--kvmd/yamlconf/__init__.py16
4 files changed, 48 insertions, 13 deletions
diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py
index be94c07a..d2007f7d 100644
--- a/kvmd/apps/__init__.py
+++ b/kvmd/apps/__init__.py
@@ -129,6 +129,15 @@ def _as_string_list(values: Union[str, Sequence]) -> List[str]:
return list(map(str, values))
+def _as_auth_type(auth_type: str) -> str:
+ if not isinstance(auth_type, str):
+ raise ValueError("Invalid auth type")
+ auth_type = str(auth_type).strip()
+ if auth_type not in ["basic"]:
+ raise ValueError("Invalid auth type")
+ return auth_type
+
+
def _get_config_scheme() -> Dict:
return {
"kvmd": {
@@ -144,7 +153,10 @@ def _get_config_scheme() -> Dict:
},
"auth": {
- "htpasswd": Option("/etc/kvmd/htpasswd", type=_as_path, rename="htpasswd_path"),
+ "type": Option("basic", type=_as_auth_type, rename="auth_type"),
+ "basic": {
+ "htpasswd": Option("/etc/kvmd/htpasswd", type=_as_path, rename="htpasswd_path"),
+ },
},
"info": {
diff --git a/kvmd/apps/htpasswd/__init__.py b/kvmd/apps/htpasswd/__init__.py
index 50b3d26b..bc77c0e8 100644
--- a/kvmd/apps/htpasswd/__init__.py
+++ b/kvmd/apps/htpasswd/__init__.py
@@ -38,9 +38,15 @@ from .. import init
# =====
+def _get_htpasswd_path(config: Section) -> str:
+ if config.kvmd.auth.auth_type != "basic":
+ print("Warning: KVMD does not use basic auth", file=sys.stderr)
+ return config.kvmd.auth.basic.htpasswd
+
+
@contextlib.contextmanager
def _get_htpasswd_for_write(config: Section) -> Generator[passlib.apache.HtpasswdFile, None, None]:
- path = config.kvmd.auth.htpasswd
+ path = _get_htpasswd_path(config)
(tmp_fd, tmp_path) = tempfile.mkstemp(
prefix=".%s." % (os.path.basename(path)),
dir=os.path.dirname(path),
@@ -72,7 +78,7 @@ def _valid_user(user: str) -> str:
# ====
def _cmd_list(config: Section, _: argparse.Namespace) -> None:
- for user in passlib.apache.HtpasswdFile(config.kvmd.auth.htpasswd).users():
+ for user in passlib.apache.HtpasswdFile(_get_htpasswd_path(config)).users():
print(user)
@@ -97,7 +103,7 @@ def main() -> None:
(parent_parser, argv, config) = init(add_help=False)
parser = argparse.ArgumentParser(
prog="kvmd-htpasswd",
- description="Manage KVMD users",
+ description="Manage KVMD users (basic auth only)",
parents=[parent_parser],
)
parser.set_defaults(cmd=(lambda *_: parser.print_help()))
diff --git a/kvmd/apps/kvmd/auth.py b/kvmd/apps/kvmd/auth.py
index cb69458d..8c1b188e 100644
--- a/kvmd/apps/kvmd/auth.py
+++ b/kvmd/apps/kvmd/auth.py
@@ -32,13 +32,14 @@ from ...logging import get_logger
# =====
class AuthManager:
- def __init__(self, htpasswd_path: str) -> None:
- self.__htpasswd_path = htpasswd_path
+ def __init__(self, auth_type: str, basic: Dict) -> None:
+ self.__login = {
+ "basic": lambda: _BasicLogin(**basic),
+ }[auth_type]().login
self.__tokens: Dict[str, str] = {} # {token: user}
def login(self, user: str, passwd: str) -> Optional[str]:
- htpasswd = passlib.apache.HtpasswdFile(self.__htpasswd_path)
- if htpasswd.check_password(user, passwd):
+ if self.__login(user, passwd):
for (token, token_user) in self.__tokens.items():
if user == token_user:
return token
@@ -57,3 +58,13 @@ class AuthManager:
def check(self, token: str) -> Optional[str]:
return self.__tokens.get(token)
+
+
+class _BasicLogin:
+ def __init__(self, htpasswd_path: str) -> None:
+ get_logger().info("Using basic auth %r", htpasswd_path)
+ self.__htpasswd_path = htpasswd_path
+
+ def login(self, user: str, passwd: str) -> bool:
+ htpasswd = passlib.apache.HtpasswdFile(self.__htpasswd_path)
+ return htpasswd.check_password(user, passwd)
diff --git a/kvmd/yamlconf/__init__.py b/kvmd/yamlconf/__init__.py
index ef329082..4c15fee1 100644
--- a/kvmd/yamlconf/__init__.py
+++ b/kvmd/yamlconf/__init__.py
@@ -66,12 +66,15 @@ class Section(dict):
dict.__init__(self)
self.__meta: Dict[str, Dict[str, Any]] = {}
- def _unpack_renamed(self) -> Dict[str, Any]:
+ def _unpack_renamed(self, _section: Optional["Section"]=None) -> Dict[str, Any]:
+ if _section is None:
+ _section = self
unpacked: Dict[str, Any] = {}
- for (key, value) in self.items():
- assert not isinstance(value, Section), (key, value)
- key = (self.__meta[key]["rename"] or key)
- unpacked[key] = value
+ for (key, value) in _section.items():
+ if isinstance(value, Section):
+ unpacked[key] = value._unpack_renamed() # pylint: disable=protected-access
+ else: # Option
+ unpacked[_section._get_rename(key)] = value # pylint: disable=protected-access
return unpacked
def _set_meta(self, key: str, default: Any, help: str, rename: str) -> None: # pylint: disable=redefined-builtin
@@ -87,6 +90,9 @@ class Section(dict):
def _get_help(self, key: str) -> str:
return self.__meta[key]["help"]
+ def _get_rename(self, key: str) -> str:
+ return (self.__meta[key]["rename"] or key)
+
def __getattribute__(self, key: str) -> Any:
if key in self:
return self[key]