Refonte authentification en crypté

2025-08-16 14:02:01 +02:00
parent 15665f7c4c
commit 726a35c1a6
12 changed files with 325 additions and 37 deletions
--- a/Excel/dev/Auth/auth_cli.py
+++ b/Excel/dev/Auth/auth_cli.py
@@ -0,0 +1,86 @@
+#!/usr/bin/env python3
+import os, sys, argparse, datetime
+import mysql.connector, bcrypt
+from dotenv import load_dotenv
+
+def read_stdin() -> str:
+    data = sys.stdin.read()
+    return data.rstrip("\r\n")
+
+def main():
+    load_dotenv()
+
+    ap = argparse.ArgumentParser(description="Auth bcrypt locale pour Excel")
+    ap.add_argument("--user", required=True, help="NomUtilisateur (clé primaire)")
+    ap.add_argument("--password-stdin", action="store_true",
+                    help="Lire le mot de passe via STDIN (recommandé)")
+    args = ap.parse_args()
+
+    if not args.password_stdin:
+        print("ERR|Utiliser --password-stdin et fournir le mot de passe via STDIN", flush=True)
+        return 2
+
+    password = read_stdin()
+    if not password:
+        print("ERR|Mot de passe vide", flush=True)
+        return 2
+
+    # Récupération des infos de connexion depuis .env
+    host = os.getenv("DB_HOST")
+    db   = os.getenv("DB_NAME")
+    user = os.getenv("DB_USER")
+    pwd  = os.getenv("DB_PASSWORD")
+
+    try:
+        conn = mysql.connector.connect(
+            host=host, database=db, user=user, password=pwd, connection_timeout=5
+        )
+        cur = conn.cursor(dictionary=True)
+        cur.execute("""
+            SELECT NomUtilisateur, Nom_complet, Site, MotDePasseHash, DateExpiration
+            FROM Utilisateurs
+            WHERE NomUtilisateur = %s
+            LIMIT 1
+        """, (args.user,))
+        row = cur.fetchone()
+    except Exception as e:
+        print("ERR|Connexion base impossible", flush=True)
+        return 3
+    finally:
+        try:
+            cur.close()
+            conn.close()
+        except Exception:
+            pass
+
+    if not row or not row.get("MotDePasseHash"):
+        print("ERR|Utilisateur ou mot de passe invalide", flush=True)
+        return 1
+
+    try:
+        ok = bcrypt.checkpw(password.encode("utf-8"),
+                            row["MotDePasseHash"].encode("ascii"))
+    except Exception:
+        ok = False
+
+    if not ok:
+        print("ERR|Utilisateur ou mot de passe invalide", flush=True)
+        return 1
+
+    # Contrôle expiration (si renseignée)
+    exp = row.get("DateExpiration")
+    if exp is not None:
+        today = datetime.date.today()
+        exp_date = exp if isinstance(exp, datetime.date) else getattr(exp, "date", lambda: today)()
+        if exp_date < today:
+            print(f"ERR|Compte expiré le {exp_date.isoformat()}", flush=True)
+            return 2
+
+    site = row.get("Site") or ""
+    nom  = row.get("Nom_complet") or ""
+    print(f"OK|Site={site}|NomComplet={nom}", flush=True)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())