funkwhale/api/funkwhale_api/subsonic/authentication.py

import binascii
import hashlib

from rest_framework import authentication, exceptions

from funkwhale_api.users.models import User


def get_token(salt, password):
    to_hash = password + salt
    h = hashlib.md5()
    h.update(to_hash.encode("utf-8"))
    return h.hexdigest()


def authenticate(username, password):
    try:
        if password.startswith("enc:"):
            password = password.replace("enc:", "", 1)
            password = binascii.unhexlify(password).decode("utf-8")
        user = User.objects.get(
            username__iexact=username, is_active=True, subsonic_api_token=password
        )
    except (User.DoesNotExist, binascii.Error):
        raise exceptions.AuthenticationFailed("Wrong username or password.")

    return (user, None)


def authenticate_salt(username, salt, token):
    try:
        user = User.objects.get(
            username=username, is_active=True, subsonic_api_token__isnull=False
        )
    except User.DoesNotExist:
        raise exceptions.AuthenticationFailed("Wrong username or password.")
    expected = get_token(salt, user.subsonic_api_token)
    if expected != token:
        raise exceptions.AuthenticationFailed("Wrong username or password.")

    return (user, None)


class SubsonicAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        data = request.GET or request.POST
        username = data.get("u")
        if not username:
            return None

        p = data.get("p")
        s = data.get("s")
        t = data.get("t")
        if not p and (not s or not t):
            raise exceptions.AuthenticationFailed("Missing credentials")

        if p:
            return authenticate(username, p)

        return authenticate_salt(username, s, t)
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`import binascii`
			`import hashlib`

See #297: sorted imports 2018-06-10 08:55:16 +00:00			`from rest_framework import authentication, exceptions`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00
			`from funkwhale_api.users.models import User`


			`def get_token(salt, password):`
			`to_hash = password + salt`
			`h = hashlib.md5()`
Blacked the code 2018-06-09 13:36:16 +00:00			`h.update(to_hash.encode("utf-8"))`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`return h.hexdigest()`


			`def authenticate(username, password):`
			`try:`
Blacked the code 2018-06-09 13:36:16 +00:00			`if password.startswith("enc:"):`
			`password = password.replace("enc:", "", 1)`
			`password = binascii.unhexlify(password).decode("utf-8")`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`user = User.objects.get(`
Fix #339: Subsonic API login is now case insensitive 2018-06-28 14:47:45 +00:00			`username__iexact=username, is_active=True, subsonic_api_token=password`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`)`
Blacked the code 2018-06-09 13:36:16 +00:00			`except (User.DoesNotExist, binascii.Error):`
			`raise exceptions.AuthenticationFailed("Wrong username or password.")`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00
			`return (user, None)`


			`def authenticate_salt(username, salt, token):`
			`try:`
			`user = User.objects.get(`
Blacked the code 2018-06-09 13:36:16 +00:00			`username=username, is_active=True, subsonic_api_token__isnull=False`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`)`
Blacked the code 2018-06-09 13:36:16 +00:00			`except User.DoesNotExist:`
			`raise exceptions.AuthenticationFailed("Wrong username or password.")`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`expected = get_token(salt, user.subsonic_api_token)`
			`if expected != token:`
Blacked the code 2018-06-09 13:36:16 +00:00			`raise exceptions.AuthenticationFailed("Wrong username or password.")`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00
			`return (user, None)`


			`class SubsonicAuthentication(authentication.BaseAuthentication):`
			`def authenticate(self, request):`
			`data = request.GET or request.POST`
Blacked the code 2018-06-09 13:36:16 +00:00			`username = data.get("u")`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`if not username:`
			`return None`

Blacked the code 2018-06-09 13:36:16 +00:00			`p = data.get("p")`
			`s = data.get("s")`
			`t = data.get("t")`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00			`if not p and (not s or not t):`
Blacked the code 2018-06-09 13:36:16 +00:00			`raise exceptions.AuthenticationFailed("Missing credentials")`
See #75: initial subsonic implementation that works with http://p.subfireplayer.net 2018-05-08 14:32:07 +00:00
			`if p:`
			`return authenticate(username, p)`

			`return authenticate_salt(username, s, t)`