gallery.accords-library.com/szurubooru/services/auth_service.py

''' Exports AuthService. '''

from szurubooru.services.errors import AuthError

class AuthService(object):
    ''' Services related to user authentication '''

    def __init__(self, config, password_service):
        self._config = config
        self._password_service = password_service

    def is_valid_password(self, user, password):
        ''' Returns whether the given password for a given user is valid. '''
        salt, valid_hash = user.password_salt, user.password_hash
        possible_hashes = [
            self._password_service.get_password_hash(salt, password),
            self._password_service.get_legacy_password_hash(salt, password)
        ]
        return valid_hash in possible_hashes

    def verify_privilege(self, user, privilege_name):
        '''
        Throws an AuthError if the given user doesn't have given privilege.
        '''
        all_ranks = self._config['service']['user_ranks']

        assert privilege_name in self._config['privileges']
        assert user.access_rank in all_ranks
        minimal_rank = self._config['privileges'][privilege_name]
        good_ranks = all_ranks[all_ranks.index(minimal_rank):]
        if user.access_rank not in good_ranks:
            raise AuthError('Insufficient privileges to do this.')
back/users: implement user registration 2016-03-28 12:14:50 +00:00			`''' Exports AuthService. '''`

			`from szurubooru.services.errors import AuthError`
start Done so far Basic backend skeleton - technology choices - database migration outline - basic self hosting facade - basic REST outline - proof of concept for auth and privileges Basic frontend skeleton - technology choices - pretty robust frontend compilation - top navigation - proof of concept for registration form 2016-03-19 20:37:04 +00:00
			`class AuthService(object):`
back/users: implement user registration 2016-03-28 12:14:50 +00:00			`''' Services related to user authentication '''`

back/auth: refactor authentication - Removed transaction manager - Each request gets its own session via DbSession middleware - Moved authentication details to Authenticator middleware - Fixed cyclic dependency between AuthService and UserService 2016-03-28 20:31:08 +00:00			`def __init__(self, config, password_service):`
start Done so far Basic backend skeleton - technology choices - database migration outline - basic self hosting facade - basic REST outline - proof of concept for auth and privileges Basic frontend skeleton - technology choices - pretty robust frontend compilation - top navigation - proof of concept for registration form 2016-03-19 20:37:04 +00:00			`self._config = config`
back/users: implement user registration 2016-03-28 12:14:50 +00:00			`self._password_service = password_service`
start Done so far Basic backend skeleton - technology choices - database migration outline - basic self hosting facade - basic REST outline - proof of concept for auth and privileges Basic frontend skeleton - technology choices - pretty robust frontend compilation - top navigation - proof of concept for registration form 2016-03-19 20:37:04 +00:00
back/users: implement user registration 2016-03-28 12:14:50 +00:00			`def is_valid_password(self, user, password):`
			`''' Returns whether the given password for a given user is valid. '''`
			`salt, valid_hash = user.password_salt, user.password_hash`
			`possible_hashes = [`
			`self._password_service.get_password_hash(salt, password),`
			`self._password_service.get_legacy_password_hash(salt, password)`
			`]`
			`return valid_hash in possible_hashes`

start Done so far Basic backend skeleton - technology choices - database migration outline - basic self hosting facade - basic REST outline - proof of concept for auth and privileges Basic frontend skeleton - technology choices - pretty robust frontend compilation - top navigation - proof of concept for registration form 2016-03-19 20:37:04 +00:00			`def verify_privilege(self, user, privilege_name):`
back/users: implement user registration 2016-03-28 12:14:50 +00:00			`'''`
			`Throws an AuthError if the given user doesn't have given privilege.`
			`'''`
back/auth: fix access rank, add config validation 2016-03-30 19:23:19 +00:00			`all_ranks = self._config['service']['user_ranks']`
start Done so far Basic backend skeleton - technology choices - database migration outline - basic self hosting facade - basic REST outline - proof of concept for auth and privileges Basic frontend skeleton - technology choices - pretty robust frontend compilation - top navigation - proof of concept for registration form 2016-03-19 20:37:04 +00:00
			`assert privilege_name in self._config['privileges']`
back/auth: fix access rank lookups 2016-03-28 12:22:25 +00:00			`assert user.access_rank in all_ranks`
start Done so far Basic backend skeleton - technology choices - database migration outline - basic self hosting facade - basic REST outline - proof of concept for auth and privileges Basic frontend skeleton - technology choices - pretty robust frontend compilation - top navigation - proof of concept for registration form 2016-03-19 20:37:04 +00:00			`minimal_rank = self._config['privileges'][privilege_name]`
			`good_ranks = all_ranks[all_ranks.index(minimal_rank):]`
back/auth: fix access rank lookups 2016-03-28 12:22:25 +00:00			`if user.access_rank not in good_ranks:`
back/users: implement user registration 2016-03-28 12:14:50 +00:00			`raise AuthError('Insufficient privileges to do this.')`