marmots/auth.py

import MySQLdb
import hashlib
import config
import bcrypt
import traceback

class NoopAuth(object):
    def FAuthorized(self, user, passwd):
        return True

class DrupalAuth(object):
    def FHashMatches(self, md5, dbhash):
        return md5 == dbhash
    def FAuthorized(self, user, passwd):
        conn = MySQLdb.connect(host = config.drupaldb_host, user = config.drupaldb_user, passwd = config.drupaldb_password, db = config.drupaldb)
        try:
            cursor = conn.cursor()
            try:
                firsthash = hashlib.md5(passwd).hexdigest()
                cursor.execute("SELECT pass FROM users WHERE name = %s", (user,))
                row = cursor.fetchone()
                return row and self.FHashMatches(firsthash, row[0])
            finally:
                cursor.close()
        except Exception:
            traceback.print_exc()
            return False
        finally:
            conn.close()

class DrupalBcryptAuth(DrupalAuth):
    def FHashMatches(self, md5, dbhash):
        return bcrypt.checkpw(md5, dbhash)