import hashlib
|
|
|
|
|
|
class User:
|
|
|
|
def __init__(self, username, password):
|
|
'''Create a new user object. The password will be encrypted before
|
|
storing'''
|
|
self.username = username
|
|
self.password = self._encrypt_pw(password)
|
|
self.is_logged_in = False
|
|
|
|
def _encrypt_pw(self, password):
|
|
'''Encrypt the password with the username and return the sha digest.'''
|
|
hash_string = self.username + password
|
|
hash_string = hash_string.encode("utf8")
|
|
return hashlib.sha256(hash_string).hexdigest()
|
|
|
|
def check_password(self, password):
|
|
'''Return True if the password is valid for this user,
|
|
False otherwise'''
|
|
encrypted = self._encrypt_pw(password)
|
|
return encrypted == self.password
|
|
|
|
|
|
class Authenticator:
|
|
|
|
def __init__(self):
|
|
'''Construct an authenticator to manage users logging in and out.
|
|
The User objects are stored in a simple dictionary'''
|
|
self.users = {}
|
|
|
|
def add_user(self, username, password):
|
|
'''Add a User object with given username & password to the users
|
|
dictionary after checking if given username & password are valid'''
|
|
if username in self.users:
|
|
raise UsernameAlreadyExists(username)
|
|
if len(password) < 6:
|
|
raise PasswordTooShort(username)
|
|
self.users[username] = User(username, password)
|
|
|
|
def login(self, username, password):
|
|
try:
|
|
user = self.users[username]
|
|
except KeyError:
|
|
raise InvalidUsername(username)
|
|
if not user.check_password(password):
|
|
raise InvalidPassword(username, user)
|
|
user.is_logged_in = True
|
|
return True
|
|
|
|
def is_logged_in(self, username):
|
|
if username in self.users:
|
|
return self.users[username].is_logged_in
|
|
return False
|
|
|
|
|
|
authenticator = Authenticator()
|
|
|
|
|
|
class Authorizor():
|
|
|
|
def __init__(self, authenticator):
|
|
self.authenticator = authenticator
|
|
self.permissions = {}
|
|
|
|
def add_permission(self, perm_name):
|
|
'''Create a new permission that users can be added to'''
|
|
try:
|
|
perm_set = self.permissions[perm_name]
|
|
except KeyError:
|
|
self.permissions[perm_name] = set()
|
|
else:
|
|
raise PermissionError("Permission exists")
|
|
|
|
def permit_user(self, perm_name, username):
|
|
'''Grant the given permission to the given user'''
|
|
try:
|
|
perm_set = self.permissions[perm_name]
|
|
except KeyError:
|
|
raise PermissionError("Permission does not exist")
|
|
else:
|
|
if username not in self.authenticator.users:
|
|
raise InvalidUsername(username)
|
|
perm_set.add(username)
|
|
|
|
def check_permission(self, perm_name, username):
|
|
if not self.authenticator.is_logged_in(username):
|
|
raise NotLoggedInError(username)
|
|
try:
|
|
perm_set = self.permissions[perm_name]
|
|
except KeyError:
|
|
raise PermissionError("Permission does not exist")
|
|
if username not in perm_set:
|
|
raise NotPermittedError(username)
|
|
else:
|
|
return True
|
|
|
|
|
|
authorizor = Authorizor(authenticator)
|
|
|
|
|
|
# Exception classes
|
|
|
|
class AuthException(Exception):
|
|
|
|
def __init__(self, username, user = None):
|
|
super().__init__(username, user)
|
|
self.username = username
|
|
self.user = user
|
|
|
|
|
|
class UsernameAlreadyExists(AuthException):
|
|
pass
|
|
|
|
|
|
class PasswordTooShort(AuthException):
|
|
pass
|
|
|
|
|
|
class InvalidUsername(AuthException):
|
|
pass
|
|
|
|
|
|
class InvalidPassword(AuthException):
|
|
pass
|
|
|
|
|
|
class NotLoggedInError(AuthException):
|
|
pass
|
|
|
|
|
|
class NotPermittedError(AuthException):
|
|
pass
|
|
|
|
|
|
class PermissionError(Exception):
|
|
pass
|