Add CLI authenticator

sergeivolodin · sergeivolodin · commit b05dd8d3e6e9 · 2021-02-10T17:10:23.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 *.swp
+.vs
diff --git a/demo_auth.php b/demo_auth.php
@@ -1,53 +1,51 @@
 <?php
 
-function login($username, $password) {
-$dbconn = pg_connect("host=localhost port=5432 dbname=tournesol_staging user=tournesol password=Tetu8raiwieGh3I");
-$auth_table = 'auth_user';
-
-$result = pg_query($dbconn, "select * from $auth_table where username='$username'");
-
-if(!$result) {
-return false;
-}
-
-$n_rows = pg_num_rows($result);
-
-if($n_rows != 1) {
-return false;
-}
-
-echo "$n_rows rows\n";
-
-$rs = pg_fetch_assoc($result);
-
-var_dump($rs);
-
-$password_hashed_db = $rs['password'];
-
-var_dump($password_hashed_db);
-
-list($algo_db, $iterations_db, $salt_db, $hash_db) = explode('$', $password_hashed_db);
-list($algo_db_1, $algo_db_2) = explode('_', $algo_db);
-
-if($algo_db_1 != 'pbkdf2') {
-	echo "Unknown algorithm $algo_db_1";
-	return false;
+require 'postgres_django_auth.php';
+
+// command-line interface
+if ('cli' === PHP_SAPI) {
+    $options_default = [
+        "host" => "localhost",
+        "port" => 5432,
+        "dbname" => "tournesol",
+        "db_username" => "tournesol",
+        "auth_table" => "auth_user",
+        "password" => "",
+        "db_password" => "",
+        "username" => "",
+    ];
+    $options = getopt('', ["username:", "password:", "db_password:",
+                           "host::", "port::", "dbname::",
+                           "db_username::", "auth_table::"]);
+    $options = $options + $options_default;
+
+    if(!$options['username'] || !$options['password'] || !$options['db_password']) {
+        $fn = $_SERVER['SCRIPT_FILENAME'];
+        echo "Usage: php $fn --username=LOGIN_USERNAME --password=LOGIN_PASSWORD ";
+        echo "--db_password=DB_PASSWORD\n";
+        echo "  [--host=DB_HOST] [--port=DB_PORT] [--dbname=DB_NAME] ";
+        echo "  [--db_username=DB_USERNAME] [--auth_table=AUTH_TABLE]";
+        echo "\n";
+        exit(1);
+    }
+
+    // logging in
+    try {
+        $result = call_user_func_array("login_django_postgres", $options);
+    } catch (Exception $e) {
+        $result = false;
+        $error = $e->getMessage();
+    }
+
+
+    if($result) {
+        echo "Login successful\n";
+        exit(0);
+    }
+    else {
+        echo "Login failed: $error\n";
+        exit(1);
+    }
 }
 
-var_dump($algo_db, $iterations_db, $salt_db);
-
-$supplied_hash_password = base64_encode(hash_pbkdf2($algo_db_2, $password, $salt_db, $iterations_db, 32, true));
-
-echo "$supplied_hash_password\n";
-
-
-return $supplied_hash_password == $hash_db;
-
-
-}
-
-$result = login('harry_potter', 'Iefaegh0Yohdah6k');
-var_dump($result);
-echo "res=$result\n";
-
 ?>
diff --git a/postgres_django_auth.php b/postgres_django_auth.php
@@ -0,0 +1,67 @@
+<?php
+
+function login_django_postgres($username, $password, $host='localhost', $port=5432,
+                               $dbname='tournesol_staging', $db_username='tournesol',
+                               $db_password='', $auth_table = 'auth_user') {
+	/*
+	Log in to a Django database stored in Postgres, assuming pbkdf2-sha256 encryption
+
+	Args:
+		$username: username of the user trying to log in
+		$password: password of the user trying to log in in plain text
+		$host: Postgres database host
+		$port: Postgres database port
+		$dbname: Postgres database name
+		$db_username: Postgres user name
+		$db_password: Postgres user password
+		$auth_table: Postgres Django authentication table
+
+	Returns:
+	    true if the login was successful, false on authentication failure
+	    throws exceptions in case if connection failed/database does not exist/user does not exist
+	*/
+
+	// connecto to the database
+	$dbconn = pg_connect("host=$host port=$port dbname=$dbname user=$db_username password=$db_password");
+
+	// no connection -> no login
+	if(!$dbconn) {
+    	throw new Exception("Database connection failed");
+	}
+	
+	// query the user table
+	$username_escaped = pg_escape_string($username);
+	$result = pg_query($dbconn, "select * from $auth_table where username='$username_escaped'");
+
+	// no data -> not logged in
+	if(!$result) {
+	    throw new Exception("Username not found");
+	}
+
+	// number of rows with the username
+	$n_rows = pg_num_rows($result);
+	if($n_rows != 1) {
+		throw new Exception("User not found");
+	}
+
+	// obtaining the password for the single row
+	$rs = pg_fetch_assoc($result);
+	$password_hashed_db = $rs['password'];
+
+	// destructuring password parameters
+	list($algo_db, $iterations_db, $salt_db, $hash_db) = explode('$', $password_hashed_db);
+	list($algo_db_1, $algo_db_2) = explode('_', $algo_db);
+
+	// only pbkdf2 is implemented
+	if($algo_db_1 != 'pbkdf2') {
+		throw new Exception("Encryption mechanism not supported");
+	}
+
+	// hashing the given password
+	$supplied_hash_password = base64_encode(hash_pbkdf2($algo_db_2, $password, $salt_db, $iterations_db, 32, true));
+
+	// logged in === hashed($password) == $stored_hash
+	return $supplied_hash_password == $hash_db;
+}
+
+?>
