2016-11-20 01:29:39 +01:00
|
|
|
"""
|
2016-11-20 02:00:18 +01:00
|
|
|
login.py - Implement core login abstraction.
|
2016-11-20 01:29:39 +01:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
from pylinkirc import conf, utils, world
|
|
|
|
|
from pylinkirc.log import log
|
2016-11-20 02:47:55 +01:00
|
|
|
from passlib.context import CryptContext
|
|
|
|
|
|
|
|
|
|
pwd_context = CryptContext(["sha512_crypt", "sha256_crypt"],
|
|
|
|
|
all__vary_rounds=0.1,
|
|
|
|
|
sha256_crypt__default_rounds=180000,
|
|
|
|
|
sha512_crypt__default_rounds=90000)
|
2016-11-20 01:29:39 +01:00
|
|
|
|
2016-11-20 01:29:53 +01:00
|
|
|
def checkLogin(user, password):
|
|
|
|
|
"""Checks whether the given user and password is a valid combination."""
|
2016-11-20 02:00:18 +01:00
|
|
|
accounts = conf.conf['login'].get('accounts')
|
|
|
|
|
if not accounts:
|
|
|
|
|
# No accounts specified, return.
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# Lowercase account names to make them case insensitive. TODO: check for
|
|
|
|
|
# duplicates.
|
|
|
|
|
user = user.lower()
|
|
|
|
|
accounts = {k.lower(): v for k, v in accounts.items()}
|
|
|
|
|
|
2016-11-20 01:29:39 +01:00
|
|
|
try:
|
2016-11-20 02:00:18 +01:00
|
|
|
account = accounts[user]
|
2016-11-20 01:29:53 +01:00
|
|
|
except KeyError: # Invalid combination
|
2016-11-20 01:29:39 +01:00
|
|
|
return False
|
2016-11-20 02:00:18 +01:00
|
|
|
else:
|
|
|
|
|
passhash = account.get('password')
|
|
|
|
|
if not passhash:
|
|
|
|
|
# No password given, return. XXX: we should allow plugins to override
|
|
|
|
|
# this in the future.
|
|
|
|
|
return False
|
2016-11-20 01:29:39 +01:00
|
|
|
|
2016-11-20 02:00:18 +01:00
|
|
|
# Encryption in account passwords is optional (to not break backwards
|
|
|
|
|
# compatibility).
|
|
|
|
|
if account.get('encrypted', False):
|
|
|
|
|
return verifyHash(password, passhash)
|
|
|
|
|
else:
|
|
|
|
|
return password == passhash
|
2016-11-20 01:29:53 +01:00
|
|
|
|
|
|
|
|
def verifyHash(password, passhash):
|
|
|
|
|
"""Checks whether the password given matches the hash."""
|
|
|
|
|
if password:
|
|
|
|
|
# ... good we have a password inputted
|
|
|
|
|
# XXX: the greatest thing here is that the hash
|
|
|
|
|
# is just a string either way, not a object with
|
|
|
|
|
# a method to output the hash
|
|
|
|
|
return pwd_context.verify(password, passhash)
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
2016-11-20 01:29:39 +01:00
|
|
|
@utils.add_cmd
|
|
|
|
|
def mkpasswd(irc, source, args):
|
|
|
|
|
"""<password>
|
2016-11-20 01:29:53 +01:00
|
|
|
Hashes a password for use in the configuration file."""
|
2016-11-20 01:29:39 +01:00
|
|
|
# TODO: restrict to only certain users?
|
|
|
|
|
try:
|
|
|
|
|
password = args[0]
|
|
|
|
|
except IndexError:
|
|
|
|
|
irc.error("Not enough arguments. (Needs 1, password)")
|
2016-11-20 01:29:53 +01:00
|
|
|
return
|
|
|
|
|
if not password:
|
|
|
|
|
irc.error("Password cannot be empty.")
|
2016-11-20 02:00:18 +01:00
|
|
|
return
|
2016-11-20 01:29:39 +01:00
|
|
|
|
2016-11-20 01:29:53 +01:00
|
|
|
hashed_pass = pwd_context.encrypt(password)
|
|
|
|
|
irc.reply(hashed_pass, private=True)
|
