diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-07-31 15:46:45 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-07-31 15:54:02 +0300 |
commit | 527d2855f37bed4fe8ab82a0d0c340258a19adc7 (patch) | |
tree | e2f87ebabda349f568405c27f26761c1b313be18 /yarns | |
parent | 9ead1c5c91e3c75274aa56dca2b17036cdc45573 (diff) | |
download | qvisqve-527d2855f37bed4fe8ab82a0d0c340258a19adc7.tar.gz |
Add: actually check user credentials
Diffstat (limited to 'yarns')
-rw-r--r-- | yarns/300-end-user-auth.yarn | 4 | ||||
-rw-r--r-- | yarns/lib.py | 13 |
2 files changed, 16 insertions, 1 deletions
diff --git a/yarns/300-end-user-auth.yarn b/yarns/300-end-user-auth.yarn index f2a74f2..46d6236 100644 --- a/yarns/300-end-user-auth.yarn +++ b/yarns/300-end-user-auth.yarn @@ -26,6 +26,10 @@ User goes to the login URL and gets a login page. AND body has an HTML form with field password WHEN browser requests POST /auth, with form values + ... username=tomjon and password=wrong + THEN HTTP status code is 401 Unauthorized + + WHEN browser requests POST /auth, with form values ... username=tomjon and password=hunter2 THEN HTTP status code is 302 Found AND HTTP Location header is https://facade/callback?code=123 diff --git a/yarns/lib.py b/yarns/lib.py index 56707ba..7d83c08 100644 --- a/yarns/lib.py +++ b/yarns/lib.py @@ -181,9 +181,11 @@ def start_qvisqve(): os.mkdir(store) os.mkdir(os.path.join(store, 'client')) os.mkdir(os.path.join(store, 'application')) + os.mkdir(os.path.join(store, 'user')) + + sh = qvisqve_secrets.SecretHasher() if V['client_id'] and V['client_secret']: - sh = qvisqve_secrets.SecretHasher() client = { 'hashed_secret': sh.hash(V['client_secret']), 'allowed_scopes': V['allowed_scopes'], @@ -202,6 +204,15 @@ def start_qvisqve(): with open(filename, 'w') as f: yaml.safe_dump(spec, stream=f) + users = V['users'] + for name in users or []: + filename = os.path.join(store, 'user', name) + spec = { + 'hashed_secret': sh.hash(users[name]), + } + with open(filename, 'w') as f: + yaml.safe_dump(spec, stream=f) + config = { 'gunicorn': 'background', 'gunicorn-log': 'gunicorn.log', |