lbry-sdk/lbrynet/daemon/auth/auth.py

import logging
from zope.interface import implementer
from twisted.cred import portal, checkers, credentials, error as cred_error
from twisted.internet import defer
from twisted.web import resource
from lbrynet.daemon.auth.util import load_api_keys

log = logging.getLogger(__name__)


@implementer(portal.IRealm)
class HttpPasswordRealm(object):
    def __init__(self, resource):
        self.resource = resource

    def requestAvatar(self, avatarId, mind, *interfaces):
        log.debug("Processing request for %s", avatarId)
        if resource.IResource in interfaces:
            return (resource.IResource, self.resource, lambda: None)
        raise NotImplementedError()


@implementer(checkers.ICredentialsChecker)
class PasswordChecker(object):
    credentialInterfaces = (credentials.IUsernamePassword,)

    def __init__(self, passwords):
        self.passwords = passwords

    @classmethod
    def load_file(cls, key_path):
        keys = load_api_keys(key_path)
        return cls.load(keys)

    @classmethod
    def load(cls, password_dict):
        passwords = {key: password_dict[key].secret for key in password_dict}
        log.info("Loaded %i api key(s)", len(passwords))
        return cls(passwords)

    def requestAvatarId(self, creds):
        if creds.username in self.passwords:
            pw = self.passwords.get(creds.username)
            pw_match = creds.checkPassword(pw)
            if pw_match:
                return defer.succeed(creds.username)
        log.warning('Incorrect username or password')
        return defer.fail(cred_error.UnauthorizedLogin('Incorrect username or password'))
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00			`import logging`
clean up 2016-09-21 09:49:52 +02:00			`from zope.interface import implementer`
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00			`from twisted.cred import portal, checkers, credentials, error as cred_error`
			`from twisted.internet import defer`
			`from twisted.web import resource`
rename lbrynet.lbrynet_daemon to lbrynet.daemon 2017-06-26 03:04:33 +02:00			`from lbrynet.daemon.auth.util import load_api_keys`
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00
			`log = logging.getLogger(__name__)`


			`@implementer(portal.IRealm)`
clean up 2016-09-21 09:49:52 +02:00			`class HttpPasswordRealm(object):`
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00			`def __init__(self, resource):`
			`self.resource = resource`

			`def requestAvatar(self, avatarId, mind, *interfaces):`
more cleaning up 2016-09-22 03:36:06 +02:00			`log.debug("Processing request for %s", avatarId)`
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00			`if resource.IResource in interfaces:`
			`return (resource.IResource, self.resource, lambda: None)`
			`raise NotImplementedError()`


clean up 2016-09-21 09:49:52 +02:00			`@implementer(checkers.ICredentialsChecker)`
			`class PasswordChecker(object):`
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00			`credentialInterfaces = (credentials.IUsernamePassword,)`

clean up 2016-09-21 09:49:52 +02:00			`def __init__(self, passwords):`
			`self.passwords = passwords`

			`@classmethod`
			`def load_file(cls, key_path):`
			`keys = load_api_keys(key_path)`
			`return cls.load(keys)`

			`@classmethod`
			`def load(cls, password_dict):`
			`passwords = {key: password_dict[key].secret for key in password_dict}`
fix lbrynet-cli when using authentication -add explanation of daemon authentication to AuthJSONRPCServer docstring -remove auth_required decorator, use auth for all api methods if use_authentication is true -fix issues with the command line --http-auth flag to lbrynet-daemon and the use_http_auth setting in the config file 2018-04-01 00:42:57 +02:00			`log.info("Loaded %i api key(s)", len(passwords))`
clean up 2016-09-21 09:49:52 +02:00			`return cls(passwords)`
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00
			`def requestAvatarId(self, creds):`
			`if creds.username in self.passwords:`
			`pw = self.passwords.get(creds.username)`
			`pw_match = creds.checkPassword(pw)`
clean up 2016-09-21 09:49:52 +02:00			`if pw_match:`
api sessions -user starts a httpauthsession with an api key and name -user initializes jsonrpc hmac secret to sha256 of session id -server sends new random hmac secret after each api call -a user without an authenticated session will get a authorization error 2016-09-20 22:58:30 +02:00			`return defer.succeed(creds.username)`
			`log.warning('Incorrect username or password')`
			`return defer.fail(cred_error.UnauthorizedLogin('Incorrect username or password'))`