]>
git.proxmox.com Git - ceph.git/blob - ceph/src/pybind/mgr/dashboard/controllers/auth.py
1 # -*- coding: utf-8 -*-
2 from __future__
import absolute_import
7 from . import ApiController
, RESTController
9 from ..exceptions
import DashboardException
10 from ..services
.auth
import AuthManager
, JwtManager
13 logger
= logging
.getLogger('controllers.auth')
16 @ApiController('/auth', secure
=False)
17 class Auth(RESTController
):
19 Provide authenticates and returns JWT token.
22 def create(self
, username
, password
):
23 user_data
= AuthManager
.authenticate(username
, password
)
24 user_perms
, pwd_expiration_date
, pwd_update_required
= None, None, None
26 user_perms
= user_data
.get('permissions')
27 pwd_expiration_date
= user_data
.get('pwdExpirationDate', None)
28 pwd_update_required
= user_data
.get('pwdUpdateRequired', False)
30 if user_perms
is not None:
31 logger
.debug('Login successful')
32 token
= JwtManager
.gen_token(username
)
33 token
= token
.decode('utf-8')
34 cherrypy
.response
.headers
['Authorization'] = "Bearer: {}".format(token
)
38 'permissions': user_perms
,
39 'pwdExpirationDate': pwd_expiration_date
,
40 'sso': mgr
.SSO_DB
.protocol
== 'saml2',
41 'pwdUpdateRequired': pwd_update_required
44 logger
.debug('Login failed')
45 raise DashboardException(msg
='Invalid credentials',
46 code
='invalid_credentials',
49 @RESTController.Collection('POST')
51 logger
.debug('Logout successful')
52 token
= JwtManager
.get_token_from_header()
53 JwtManager
.blacklist_token(token
)
54 redirect_url
= '#/login'
55 if mgr
.SSO_DB
.protocol
== 'saml2':
56 redirect_url
= 'auth/saml2/slo'
58 'redirect_url': redirect_url
61 def _get_login_url(self
):
62 if mgr
.SSO_DB
.protocol
== 'saml2':
63 return 'auth/saml2/login'
66 @RESTController.Collection('POST')
67 def check(self
, token
):
69 user
= JwtManager
.get_user(token
)
72 'username': user
.username
,
73 'permissions': user
.permissions_dict(),
74 'sso': mgr
.SSO_DB
.protocol
== 'saml2',
75 'pwdUpdateRequired': user
.pwd_update_required
78 'login_url': self
._get
_login
_url
(),