Flussonic Watcher documentation

Backend for user authorization

How it works:

  • An operator needs to realize the HTTP request handler, that has the logic to authenticate users.
  • The operator enters the path to the Flussonic Watcher authentication backend (Settings — Authentication backend).
  • A user logs into Flussonic Watcher using login/password.
  • Watcher transfers this data to the backend operator in a request payload.
  • Backend checks the incoming data.
  • If the user can be authenticated, the system returns the 200 HTTP code.
  • If the authentication data is incorrect, it returns the 403 HTTP code.
  • If the user is not found, the system gives 404.
  • Along with the login permissions, the backend can return the list of gorups in the JSON body.
  • Flussonic Watcher checks the information about the groups in the database.
  • If the permission is granted, the password is passed as ancoded hash string and the group belongings are checked.
  • In case of decline, the user password is reset.
  • If the authentication backed was out of reach or send the response less than 2 seconds. The user check if being done in the Watcher’s database.
  • import falcon, json
    
    class AuthResource:
      def on_get(self, req, resp):
        print "GET %r\n%r" % (req.uri, req.params)
        login = req.params.get('login', None)
        password = req.params.get('password', None)
        if not login or not password:
          print 'incorrect request login: %r, pass: %r' % (login, password)
          resp.status = falcon.HTTP_400
          return
    
        if login == 'user0':
          if password == 'letmein':
            return
          resp.status = falcon.HTTP_403
          return
    
        if login == 'user1':
          if password == 'letmein':
            resp.body = json.dumps(dict(groups=['a', 'b']))
            return
          resp.status = falcon.HTTP_403
          return
    
        resp.status = falcon.HTTP_404
    
    app = falcon.API()
    ad = AuthResource()
    
    app.add_route('/auth', ad)
    

    Examples Anchor Anchor x2

    A user can get through with groups A and B:

    curl -vvv http://localhost:8001/auth\?login\=user1\&password\=letmein
    
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8001 (#0)
    > GET /auth?login=user1&password=letmein HTTP/1.1
    > Host: localhost:8001
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Server: gunicorn/19.7.0
    < Date: Mon, 20 Mar 2017 10:16:12 GMT
    < Connection: close
    < content-length: 22
    < content-type: application/json; charset=UTF-8
    <
    * Closing connection 0
    {"groups": ["a", "b"]}
    

    A user can get through without groups:

    curl -vvv http://localhost:8001/auth\?login\=user0\&password\=letmein
    
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8001 (#0)
    > GET /auth?login=user0&password=letmein HTTP/1.1
    > Host: localhost:8001
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Server: gunicorn/19.7.0
    < Date: Mon, 20 Mar 2017 10:16:21 GMT
    < Connection: close
    < content-length: 0
    < content-type: application/json; charset=UTF-8
    <
    * Closing connection 0
    

    A user can’t get through:

    curl -vvv http://localhost:8001/auth\?login\=user0\&password\=wrong
    
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8001 (#0)
    > GET /auth?login=user0&password=wrong HTTP/1.1
    > Host: localhost:8001
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 403 Forbidden
    < Server: gunicorn/19.7.0
    < Date: Mon, 20 Mar 2017 10:16:27 GMT
    < Connection: close
    < content-length: 0
    < content-type: application/json; charset=UTF-8
    <
    * Closing connection 0
    

    A user is not found:

    curl -vvv http://localhost:8001/auth\?login\=user10\&password\=wrong
    
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8001 (#0)
    > GET /auth?login=user10&password=wrong HTTP/1.1
    > Host: localhost:8001
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 404 Not Found
    < Server: gunicorn/19.7.0
    < Date: Mon, 20 Mar 2017 10:20:04 GMT
    < Connection: close
    < content-length: 0
    < content-type: application/json; charset=UTF-8
    <
    * Closing connection 0