jonas/alpinebits_python
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

Replaced config auth with db auth

Browse Source
This commit is contained in:
Jonas Linter
2025-12-02 16:43:56 +01:00
parent 7ff3c44747
commit 03aac27233
7 changed files with 83 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/alpine_bits_python/alpinebits_server.py
View File

@@ -33,6 +33,7 @@ from .generated.alpinebits import (
OtaReadRq,
WarningStatus,
)
from .hotel_service import HotelService
from .reservation_service import ReservationService
# Configure logging
@@ -413,20 +414,24 @@ def strip_control_chars(s):
return re.sub(r"[\x00-\x1F\x7F]", "", s)
def validate_hotel_authentication(
username: str, password: str, hotelid: str, config: dict
async def validate_hotel_authentication(
username: str,
password: str,
hotelid: str,
config: dict,
dbsession=None,
) -> bool:
"""Validate hotel authentication based on username, password, and hotel ID.
"""Validate hotel authentication against the database (fallback to config)."""
if dbsession is not None:
hotel_service = HotelService(dbsession)
hotel = await hotel_service.authenticate_hotel(username, password)
if hotel:
return hotel.hotel_id == hotelid
Example config
alpine_bits_auth:
- hotel_id: "123"
hotel_name: "Frangart Inn"
username: "alice"
password: !secret ALICE_PASSWORD
"""
# Fallback to config for legacy scenarios (e.g., during migration)
if not config or "alpine_bits_auth" not in config:
return False
auth_list = config["alpine_bits_auth"]
for auth in auth_list:
if (
@@ -488,8 +493,12 @@ class ReadAction(AlpineBitsAction):
HttpStatusCode.UNAUTHORIZED,
)
if not validate_hotel_authentication(
client_info.username, client_info.password, hotelid, self.config
if not await validate_hotel_authentication(
client_info.username,
client_info.password,
hotelid,
self.config,
dbsession,
):
return AlpineBitsResponse(
f"Error: Unauthorized Read Request for this specific hotel {hotelname}. Check credentials",
@@ -522,7 +531,7 @@ class ReadAction(AlpineBitsAction):
await reservation_service.get_unacknowledged_reservations(
username=client_info.username,
client_id=client_info.client_id,
hotel_code=hotelid
hotel_code=hotelid,
)
)
else:
@@ -619,7 +628,9 @@ class NotifReportReadAction(AlpineBitsAction):
): # type: ignore
md5_unique_id = entry.unique_id.id
await reservation_service.record_acknowledgement(
client_id=client_info.client_id, unique_id=md5_unique_id, username=client_info.username
client_id=client_info.client_id,
unique_id=md5_unique_id,
username=client_info.username,
)
return AlpineBitsResponse(response_xml, HttpStatusCode.OK)
@@ -826,4 +837,4 @@ class AlpineBitsServer:
# Ensure FreeRoomsAction is registered with ServerCapabilities discovery
#from .free_rooms_action import FreeRoomsAction # noqa: E402,F401 disable for now
# from .free_rooms_action import FreeRoomsAction

35
src/alpine_bits_python/api.py
View File

@@ -664,7 +664,8 @@ async def detect_language(
async def validate_basic_auth(
credentials: HTTPBasicCredentials = Depends(security_basic),
) -> str:
db_session=Depends(get_async_session),
) -> tuple[str, str]:
"""Validate basic authentication for AlpineBits protocol.
Returns username if valid, raises HTTPException if not.
@@ -676,26 +677,40 @@ async def validate_basic_auth(
detail="ERROR: Authentication required",
headers={"WWW-Authenticate": "Basic"},
)
valid = False
config = app.state.config
hotel_service = HotelService(db_session)
hotel = await hotel_service.authenticate_hotel(
credentials.username, credentials.password
)
for entry in config["alpine_bits_auth"]:
if hotel:
_LOGGER.info(
"AlpineBits authentication successful for user: %s (from database)",
credentials.username,
)
return credentials.username, credentials.password
# Fallback to config-defined credentials for legacy scenarios
config = app.state.config
valid = False
for entry in config.get("alpine_bits_auth", []):
if (
credentials.username == entry["username"]
and credentials.password == entry["password"]
credentials.username == entry.get("username")
and credentials.password == entry.get("password")
):
valid = True
_LOGGER.warning(
"AlpineBits authentication for user %s matched legacy config entry",
credentials.username,
)
break
if not valid:
raise HTTPException(
status_code=401,
detail="ERROR: Invalid credentials",
headers={"WWW-Authenticate": "Basic"},
)
_LOGGER.info(
"AlpineBits authentication successful for user: %s (from config)",
credentials.username,
)
return credentials.username, credentials.password

3
src/alpine_bits_python/free_rooms_action.py
View File

@@ -125,11 +125,12 @@ class FreeRoomsAction(AlpineBitsAction):
code="401",
)
if not validate_hotel_authentication(
if not await validate_hotel_authentication(
client_info.username,
client_info.password,
hotel_code,
self.config,
dbsession,
):
raise FreeRoomsProcessingError(
f"Unauthorized FreeRooms notification for hotel {hotel_code}",

23
src/alpine_bits_python/hotel_service.py
View File

@@ -244,3 +244,26 @@ class HotelService:
)
)
return result.scalar_one_or_none()
async def authenticate_hotel(self, username: str, password: str) -> Hotel | None:
"""Authenticate a hotel using username and password.
Args:
username: AlpineBits username
password: Plain text password submitted via HTTP basic auth
Returns:
Hotel instance if the credentials are valid and the hotel is active,
otherwise None.
"""
hotel = await self.get_hotel_by_username(username)
if not hotel:
return None
if not password:
return None
if verify_password(password, hotel.password_hash):
return hotel
return None