From e50a442c6f03ba09a800f9999e29e9340b1d45c7 Mon Sep 17 00:00:00 2001 From: "Kali Kaneko (leap communications)" Date: Thu, 24 Nov 2016 16:57:56 +0100 Subject: [feature] local session service --- src/leap/bitmask/core/_session.py | 70 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 src/leap/bitmask/core/_session.py (limited to 'src/leap/bitmask/core/_session.py') diff --git a/src/leap/bitmask/core/_session.py b/src/leap/bitmask/core/_session.py new file mode 100644 index 00000000..24070a82 --- /dev/null +++ b/src/leap/bitmask/core/_session.py @@ -0,0 +1,70 @@ +# -*- coding: utf-8 -*- +# _session.py +# Copyright (C) 2016 LEAP Encryption Acess Project +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +""" +Service for handling the local sessions. +""" + +import binascii +import os + +from twisted.application import service +from twisted.logger import Logger + +from leap.bitmask.hooks import HookableService + + +logger = Logger() + + +class SessionService(HookableService): + + """ + This service holds random local-session tokens, that will be use to protect + the access to the API resources. + + These tokens are different from the (remote) SRP session tokens: the + local-session tokens are ephimeral and generated by the local Bitmask + deamon. + + Right now, they are generated when a soledad instance is successfully + created. This might be subject to further discussion, but this is the + earliest moment in which we can decide if a user should be authenticated + locally: it means that the entered password is able to decrypt the local + store. In this way, we can protect the API resources even in the case that + we don't have connectivity. + """ + + name = 'sessions' + + def __init__(self, basedir, tokens): + service.Service.__init__(self) + self._basedir = basedir + self._tokens = tokens + + def startService(self): + logger.info('starting Session Service') + super(SessionService, self).startService() + + def stopService(self): + pass + + def hook_on_new_soledad_instance(self, **kw): + user = kw['user'] + session_token = binascii.hexlify(os.urandom(10)) + print '---------------------------------------------------' + print "hook on new soledad instance!", user, session_token + self._tokens[user] = session_token -- cgit v1.2.3