Radicale/radicale/auth/__init__.py

# This file is part of Radicale - CalDAV and CardDAV server
# Copyright © 2008 Nicolas Kandel
# Copyright © 2008 Pascal Halter
# Copyright © 2008-2017 Guillaume Ayoub
# Copyright © 2017-2022 Unrud <unrud@outlook.com>
# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Radicale.  If not, see <http://www.gnu.org/licenses/>.

"""
Authentication module.

Authentication is based on usernames and passwords. If something more
advanced is needed an external WSGI server or reverse proxy can be used
(see ``remote_user`` or ``http_x_remote_user`` backend).

Take a look at the class ``BaseAuth`` if you want to implement your own.

"""

from typing import Sequence, Tuple, Union

from radicale import config, types, utils

INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
                                 "denyall",
                                 "htpasswd")


def load(configuration: "config.Configuration") -> "BaseAuth":
    """Load the authentication module chosen in configuration."""
    return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,
                             configuration)


class BaseAuth:

    _lc_username: bool

    def __init__(self, configuration: "config.Configuration") -> None:
        """Initialize BaseAuth.

        ``configuration`` see ``radicale.config`` module.
        The ``configuration`` must not change during the lifetime of
        this object, it is kept as an internal reference.

        """
        self.configuration = configuration
        self._lc_username = configuration.get("auth", "lc_username")

    def get_external_login(self, environ: types.WSGIEnviron) -> Union[
            Tuple[()], Tuple[str, str]]:
        """Optionally provide the login and password externally.

        ``environ`` a dict with the WSGI environment

        If ``()`` is returned, Radicale handles HTTP authentication.
        Otherwise, returns a tuple ``(login, password)``. For anonymous users
        ``login`` must be ``""``.

        """
        return ()

    def _login(self, login: str, password: str) -> str:
        """Check credentials and map login to internal user

        ``login`` the login name

        ``password`` the password

        Returns the username or ``""`` for invalid credentials.

        """

        raise NotImplementedError

    def login(self, login: str, password: str) -> str:
        return self._login(login, password).lower() if self._lc_username else self._login(login, password)
Change name in file header 2021-12-08 21:45:42 +01:00			`# This file is part of Radicale - CalDAV and CardDAV server`
refactor 2018-08-28 16:19:36 +02:00			`# Copyright © 2008 Nicolas Kandel`
			`# Copyright © 2008 Pascal Halter`
			`# Copyright © 2008-2017 Guillaume Ayoub`
extend copyright 2024-06-07 06:46:16 +02:00			`# Copyright © 2017-2022 Unrud <unrud@outlook.com>`
			`# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>`
refactor 2018-08-28 16:19:36 +02:00			`#`
			`# This library is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This library is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with Radicale. If not, see <http://www.gnu.org/licenses/>.`

			`"""`
Improve documentation 2020-01-12 23:32:28 +01:00			`Authentication module.`
refactor 2018-08-28 16:19:36 +02:00
Improve documentation 2020-01-12 23:32:28 +01:00			`Authentication is based on usernames and passwords. If something more`
			`advanced is needed an external WSGI server or reverse proxy can be used`
			(see ``remote_user`` or ``http_x_remote_user`` backend).
refactor 2018-08-28 16:19:36 +02:00
Improve documentation 2020-01-12 23:32:28 +01:00			Take a look at the class ``BaseAuth`` if you want to implement your own.
refactor 2018-08-28 16:19:36 +02:00
			`"""`

More type hints 2021-07-26 20:56:46 +02:00			`from typing import Sequence, Tuple, Union`
refactor 2018-08-28 16:19:36 +02:00
More type hints 2021-07-26 20:56:46 +02:00			`from radicale import config, types, utils`
refactor 2018-08-28 16:19:36 +02:00
More type hints 2021-07-26 20:56:46 +02:00			`INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",`
add support for auth.type=denyall 2024-06-07 06:45:39 +02:00			`"denyall",`
More type hints 2021-07-26 20:56:46 +02:00			`"htpasswd")`
refactor 2018-08-28 16:19:36 +02:00
More type hints 2021-07-26 20:56:46 +02:00
			`def load(configuration: "config.Configuration") -> "BaseAuth":`
Extract method loader() 2020-01-14 22:43:48 +01:00			`"""Load the authentication module chosen in configuration."""`
More type hints 2021-07-26 20:56:46 +02:00			`return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,`
			`configuration)`
refactor 2018-08-28 16:19:36 +02:00

			`class BaseAuth:`
More type hints 2021-07-26 20:56:46 +02:00
added compatibility with a case-insensitive authentication provider 2024-04-17 18:31:51 +03:00			`_lc_username: bool`

More type hints 2021-07-26 20:56:46 +02:00			`def __init__(self, configuration: "config.Configuration") -> None:`
Improve documentation 2020-01-13 15:51:10 +01:00			`"""Initialize BaseAuth.`

			``configuration`` see ``radicale.config`` module.
			The ``configuration`` must not change during the lifetime of
			`this object, it is kept as an internal reference.`

			`"""`
refactor 2018-08-28 16:19:36 +02:00			`self.configuration = configuration`
added compatibility with a case-insensitive authentication provider 2024-04-17 18:31:51 +03:00			`self._lc_username = configuration.get("auth", "lc_username")`
refactor 2018-08-28 16:19:36 +02:00
More type hints 2021-07-26 20:56:46 +02:00			`def get_external_login(self, environ: types.WSGIEnviron) -> Union[`
			`Tuple[()], Tuple[str, str]]:`
refactor 2018-08-28 16:19:36 +02:00			`"""Optionally provide the login and password externally.`

			``environ`` a dict with the WSGI environment

			If ``()`` is returned, Radicale handles HTTP authentication.
			Otherwise, returns a tuple ``(login, password)``. For anonymous users
			``login`` must be ``""``.

			`"""`
			`return ()`

added compatibility with a case-insensitive authentication provider 2024-04-17 18:31:51 +03:00			`def _login(self, login: str, password: str) -> str:`
refactor 2018-08-28 16:19:36 +02:00			`"""Check credentials and map login to internal user`

			``login`` the login name

			``password`` the password

Change "user name" to "username" 2022-01-07 23:54:34 +01:00			Returns the username or ``""`` for invalid credentials.
refactor 2018-08-28 16:19:36 +02:00
			`"""`

			`raise NotImplementedError`
added compatibility with a case-insensitive authentication provider 2024-04-17 18:31:51 +03:00
			`def login(self, login: str, password: str) -> str:`
			`return self._login(login, password).lower() if self._lc_username else self._login(login, password)`