ease auth backend lookup

burpui/api/admin.py

@@ -75,7 +75,7 @@ class AuthUsers(Resource):
         if not handler or len(handler.backends) == 0:
             self.abort(404, "No authentication backend found")
         ret = []
-        for backend in handler.backends:
+        for name, backend in iteritems(handler.backends):
             loader = backend.loader
             try:
                 users = getattr(loader, 'users')
@@ -121,17 +121,11 @@ class AuthUsers(Resource):
         except AttributeError:
             handler = None
 
-        if not handler or len(handler.backends) == 0:
+        if not handler or len(handler.backends) == 0 or \
+                args['backend'] not in handler.backends:
             self.abort(404, "No authentication backend found")
 
-        backend = None
-        for back in handler.backends:
-            if back.name == args['backend']:
-                backend = back
-                break
-
-        if not backend:
-            self.abort(404, "No authentication backend found")
+        backend = handler.backends[args['backend']]
 
         if backend.add_user is False:
             self.abort(
@@ -170,17 +164,11 @@ class AuthUsers(Resource):
         except AttributeError:
             handler = None
 
-        if not handler or len(handler.backends) == 0:
+        if not handler or len(handler.backends) == 0 or \
+                args['backend'] not in handler.backends:
             self.abort(404, "No authentication backend found")
 
-        backend = None
-        for back in handler.backends:
-            if back.name == args['backend']:
-                backend = back
-                break
-
-        if not backend:
-            self.abort(404, "No authentication backend found")
+        backend = handler.backends[args['backend']]
 
         if backend.del_user is False:
             self.abort(
@@ -218,17 +206,11 @@ class AuthUsers(Resource):
         except AttributeError:
             handler = None
 
-        if not handler or len(handler.backends) == 0:
+        if not handler or len(handler.backends) == 0 or \
+                args['backend'] not in handler.backends:
             self.abort(404, "No authentication backend found")
 
-        backend = None
-        for back in handler.backends:
-            if back.name == args['backend']:
-                backend = back
-                break
-
-        if not backend:
-            self.abort(404, "No authentication backend found")
+        backend = handler.backends[args['backend']]
 
         if backend.change_password is False:
             self.abort(
@@ -286,9 +268,10 @@ class AuthBackends(Resource):
         if not handler or len(handler.backends) == 0:
             self.abort(404, "No authentication backend found")
         ret = []
-        for backend in handler.backends:
+        print type(handler.backends)
+        for name, backend in iteritems(handler.backends):
             ret.append({
-                'name': backend.name,
+                'name': name,
                 'add': backend.add_user is not False,
                 'del': backend.del_user is not False,
                 'mod': backend.change_password is not False,

burpui/misc/auth/handler.py

@@ -4,6 +4,8 @@ import os
 from .interface import BUIhandler, BUIuser
 from importlib import import_module
 from flask import session
+from six import iteritems
+from collections import OrderedDict
 
 
 class UserAuthHandler(BUIhandler):
@@ -12,7 +14,7 @@ class UserAuthHandler(BUIhandler):
         """See :func:`burpui.misc.auth.interface.BUIhandler.__init__`"""
         self.app = app
         self.users = {}
-        self.backends = []
+        backends = []
         if self.app.auth:
             me, _ = os.path.splitext(os.path.basename(__file__))
             back = self.app.auth
@@ -24,12 +26,15 @@ class UserAuthHandler(BUIhandler):
                     (modpath, _) = __name__.rsplit('.', 1)
                     mod = import_module('.' + au, modpath)
                     obj = mod.UserHandler(self.app)
-                    self.backends.append(obj)
+                    backends.append(obj)
                 except:
                     pass
-        self.backends.sort(key=lambda x: x.priority, reverse=True)
-        if not self.backends:
+        backends.sort(key=lambda x: x.priority, reverse=True)
+        if not backends:
             raise ImportError('No backend found for \'{}\''.format(self.app.auth))
+        self.backends = OrderedDict()
+        for obj in backends:
+            self.backends[obj.name] = obj
 
     def user(self, name=None):
         """See :func:`burpui.misc.auth.interface.BUIhandler.user`"""
@@ -49,7 +54,7 @@ class UserHandler(BUIuser):
         self.name = name
         self.real = None
 
-        for back in self.backends:
+        for name, back in iteritems(self.backends):
             u = back.user(self.name)
             res = u.get_id()
             if res:
@@ -61,7 +66,7 @@ class UserHandler(BUIuser):
         """See :func:`burpui.misc.auth.interface.BUIuser.login`"""
         if not self.real:
             self.authenticated = False
-            for back in self.backends:
+            for name, back in iteritems(self.backends):
                 u = back.user(self.name)
                 res = u.get_id()
                 if u.login(passwd):