elif auth_list[0].lower() == "basic":
user_passwd64 = auth_list[-1]
if not token:
- if cherrypy.session.get("Authorization"):
+ if cherrypy.session.get("Authorization"): # pylint: disable=E1101
# 2. Try using session before request a new token. If not, basic authentication will generate
- token = cherrypy.session.get("Authorization")
+ token = cherrypy.session.get( # pylint: disable=E1101
+ "Authorization"
+ )
if token == "logout":
token = None # force Unauthorized response to insert user password again
elif user_passwd64 and cherrypy.request.config.get(
except Exception:
pass
outdata = self.new_token(
- None, {"username": user, "password": passwd}
+ None, {"username": user, "password": passwd}, None
)
token = outdata["_id"]
- cherrypy.session["Authorization"] = token
+ cherrypy.session["Authorization"] = token # pylint: disable=E1101
if not token:
raise AuthException(
return token_info
except AuthException as e:
if not isinstance(e, AuthExceptionUnauthorized):
- if cherrypy.session.get("Authorization"):
- del cherrypy.session["Authorization"]
+ if cherrypy.session.get("Authorization"): # pylint: disable=E1101
+ del cherrypy.session["Authorization"] # pylint: disable=E1101
cherrypy.response.headers[
"WWW-Authenticate"
] = 'Bearer realm="{}"'.format(e)
else:
self.tokens_cache.clear()
self.msg.write("admin", "revoke_token", {"_id": token} if token else None)
+
+ def check_password_expiry(self, outdata):
+ """
+ This method will check for password expiry of the user
+ :param outdata: user token information
+ """
+ user_content = None
+ present_time = time()
+ user = outdata["username"]
+ if self.config["authentication"].get("pwd_expiry_check"):
+ user_content = self.db.get_list("users", {"username": user})[0]
+ if not user_content.get("username") == "admin":
+ user_content["_admin"]["modified_time"] = present_time
+ if user_content.get("_admin").get("expire_time"):
+ expire_time = user_content["_admin"]["expire_time"]
+ else:
+ expire_time = present_time
+ uid = user_content["_id"]
+ self.db.set_one("users", {"_id": uid}, user_content)
+ if not present_time < expire_time:
+ return True
+ else:
+ pass