X-Git-Url: https://git.ucc.asn.au/?p=uccvend-vendserver.git;a=blobdiff_plain;f=VendServer%2FOpenDispense.py;h=6b93058b19e0dac3bf1b9a921f8e5229ed736f05;hp=c8dcf836d36b8bfb5f8ac164a8825598bb746345;hb=HEAD;hpb=8861a669b4611e2dbf7aa5354f0248aafba3ef91

diff --git a/VendServer/OpenDispense.py b/VendServer/OpenDispense.py
index c8dcf83..6b93058 100644
--- a/VendServer/OpenDispense.py
+++ b/VendServer/OpenDispense.py
@@ -20,6 +20,13 @@ from LDAPConnector import get_uid,get_uname, set_card_id
 DISPENSE_ENDPOINT = ("localhost", 11020)
 DISPSRV_MIFARE = True
 
+# A list of cards that should never be registered, and should never log in
+# - Some of these might have been registered before we knew they were duplicates
+CARD_BLACKLIST = [
+	'AAAAAA==',	# All zeroes, don't allow that.
+	'ISIjJA==', # CommBank credit cards
+	]
+
 class OpenDispense(DispenseInterface):
 	_username = ""
 	_disabled = True
@@ -30,6 +37,41 @@ class OpenDispense(DispenseInterface):
 		pass
 
 	def authUserIdPin(self, userId, pin):
+		return self.authUserIdPin_db(userId, pin)
+		#return self.authUserIdPin_file(userId, pin)
+	
+	def authUserIdPin_db(self, userId, pin):
+		userId = int(userId)
+
+		try:
+			# Get username (TODO: Store the user ID in the dispense database too)
+			info = pwd.getpwuid(userId)
+		except KeyError:
+			logging.info('getting pin for uid %d: user not in password file'%userId)
+			return False
+		
+		sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+		sock.connect(DISPENSE_ENDPOINT)
+		logging.debug('connected to dispsrv')
+		sockf = sock.makefile()
+		sockf.write("AUTHIDENT\n"); sockf.flush()
+		rsp = sockf.readline()
+		assert "200" in rsp
+		logging.debug('authenticated')
+		sockf.write("PIN_CHECK %s %s\n" % (info.pw_name, pin)); sockf.flush()
+		rsp = sockf.readline()
+		if not "200" in rsp:
+			logging.info('checking pin for uid %d: Server said no - %r' % (userId, rsp))
+			return False
+		#Login Successful
+		logging.info('accepted pin for uid %d \'%s\'' % (userId, info.pw_name))
+		self._userid = userId
+		self._loggedIn = True
+		self._disabled = False
+		self._username = info.pw_name
+		return True
+
+	def authUserIdPin_file(self, userId, pin):
 		userId = int(userId)
 
 		try:
@@ -72,8 +114,14 @@ class OpenDispense(DispenseInterface):
 		return False
 
 	def authMifareCard(self, cardId):
+		self._loggedIn = False
+		self._username = None
 		if DISPSRV_MIFARE:
 			card_base64 = base64.b64encode(cardId)
+
+			if card_base64 in CARD_BLACKLIST:
+				logging.info("Blacklisted card base64:%s" % (card_base64,))
+				return False
 			
 			sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
 			sock.connect(DISPENSE_ENDPOINT)
@@ -86,16 +134,21 @@ class OpenDispense(DispenseInterface):
 			sockf.write("AUTHCARD %s\n" % (card_base64,)); sockf.flush()
 			rsp = sockf.readline()
 			if not "200" in rsp:
-				raise ValueError, "no UID found for card ID"
+				logging.info("Rejected card base64:%s" % (card_base64,))
+				return False
 			username = rsp.split('=')[1].strip()
+			logging.info("Accepted card base64:%s for %s" % (card_base64,username,))
 
-			# Check for thier username
-			try:
-				# Get info from the system (by username)
-				info = pwd.getpwnam(username)
-			except KeyError:
-				logging.info('getting info for user \'%s\': user not in password file' % (username,))
-				return False
+			## Check for thier username
+			#try:
+			#	# Get info from the system (by username)
+			#	info = pwd.getpwnam(username)
+			#except KeyError:
+			#	logging.info('getting info for user \'%s\': user not in password file' % (username,))
+			#	return False
+			#self._userid = info.pw_uid
+			self._userid = None
+			self._username = username
 		else:
 			# Get the users ID
 			self._userid = get_uid(cardId)
@@ -107,30 +160,38 @@ class OpenDispense(DispenseInterface):
 			except KeyError:
 				logging.info('getting info for uid %d: user not in password file' % (self._userid,))
 				return False
+			self._username = info.pw_name
 
 		# If we get this far all is good
 		self._loggedIn = True
 		self._disabled = False
-		self._userid = info.pw_uid
-		self._username = info.pw_name
 		return True
 
+        def logOut(self):
+            self._loggedIn = False
+            self._disabled = False
+            self._userId = None
+            self._username = None
+
 	def addCard(self, cardId):
 		if not self.isLoggedIn():
 			return False
 		if DISPSRV_MIFARE:
 			card_base64 = base64.b64encode(cardId)
-			logging.info('Enrolling card %s to uid %s (%s)' % (cardId, self._userId, self._username))
+			if card_base64 in CARD_BLACKLIST:
+				logging.info("Blacklisted card base64:%s" % (card_base64,))
+				return False
+			logging.info('Enrolling card base64:%s to uid %s (%s)' % (card_base64, self._userId, self._username))
 			sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
 			sock.connect(DISPENSE_ENDPOINT)
 			sockf = sock.makefile()
 			sockf.write("AUTHIDENT\n")
 			sockf.flush(); rsp = sockf.readline()
 			assert "200" in rsp
-			sockf.write("SETEUSER %s\n", self._username)
+			sockf.write("SETEUSER %s\n" % (self._username,))
 			sockf.flush(); rsp = sockf.readline()
 			assert "200" in rsp
-			sockf.write("CARD_ADD %s\n", card_base64)
+			sockf.write("CARD_ADD %s\n" % (card_base64,))
 			sockf.flush(); rsp = sockf.readline()
 			if "200" in rsp:
 				return True
@@ -219,3 +280,5 @@ class OpenDispenseMapping():
 				print(map)
 		return map
 
+
+# vim: noexpandtab ts=4 sw=4