summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/crypto/srpauth.py
diff options
context:
space:
mode:
authorTomás Touceda <chiiph@leap.se>2014-04-04 16:58:18 -0300
committerTomás Touceda <chiiph@leap.se>2014-04-04 16:58:18 -0300
commit81715dc47d77934c4f67d2527a56c28f58f0345d (patch)
tree6e66940af735e089803c5ce05ad1ce1df16c9d1e /src/leap/bitmask/crypto/srpauth.py
parent496036f15cf257d16b6594770812da64a249280c (diff)
parenteb4cdab9c6b8ff66bb4667cc6195d2c366122540 (diff)
Merge branch 'release-0.5.0'0.5.0
Diffstat (limited to 'src/leap/bitmask/crypto/srpauth.py')
-rw-r--r--src/leap/bitmask/crypto/srpauth.py128
1 files changed, 55 insertions, 73 deletions
diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index 85b9b003..7cf7e55a 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -31,6 +31,7 @@ from requests.adapters import HTTPAdapter
from PySide import QtCore
from twisted.internet import threads
+from leap.bitmask.config.leapsettings import LeapSettings
from leap.bitmask.util import request_helpers as reqhelper
from leap.bitmask.util.compat import requests_has_max_retries
from leap.bitmask.util.constants import REQUEST_TIMEOUT
@@ -147,6 +148,7 @@ class SRPAuth(QtCore.QObject):
"We need a provider config to authenticate")
self._provider_config = provider_config
+ self._settings = LeapSettings()
# **************************************************** #
# Dependency injection helpers, override this for more
@@ -161,17 +163,14 @@ class SRPAuth(QtCore.QObject):
self._session_id = None
self._session_id_lock = QtCore.QMutex()
- self._uid = None
- self._uid_lock = QtCore.QMutex()
+ self._uuid = None
+ self._uuid_lock = QtCore.QMutex()
self._token = None
self._token_lock = QtCore.QMutex()
self._srp_user = None
self._srp_a = None
- # Error msg displayed if the username or the password is invalid
- self._WRONG_USER_PASS = self.tr("Invalid username or password.")
-
# User credentials stored for password changing checks
self._username = None
self._password = None
@@ -265,14 +264,11 @@ class SRPAuth(QtCore.QObject):
# Clean up A value, we don't need it anymore
self._srp_a = None
except requests.exceptions.ConnectionError as e:
- logger.error("No connection made (salt): %r" %
- (e,))
- raise SRPAuthConnectionError("Could not establish a "
- "connection")
+ logger.error("No connection made (salt): {0!r}".format(e))
+ raise SRPAuthConnectionError()
except Exception as e:
logger.error("Unknown error: %r" % (e,))
- raise SRPAuthenticationError("Unknown error: %r" %
- (e,))
+ raise SRPAuthenticationError()
content, mtime = reqhelper.get_content(init_session)
@@ -281,23 +277,22 @@ class SRPAuth(QtCore.QObject):
"Status code = %r. Content: %r" %
(init_session.status_code, content))
if init_session.status_code == 422:
- raise SRPAuthBadUserOrPassword(self._WRONG_USER_PASS)
+ logger.error("Invalid username or password.")
+ raise SRPAuthBadUserOrPassword()
- raise SRPAuthBadStatusCode(self.tr("There was a problem with"
- " authentication"))
+ logger.error("There was a problem with authentication.")
+ raise SRPAuthBadStatusCode()
json_content = json.loads(content)
salt = json_content.get("salt", None)
B = json_content.get("B", None)
if salt is None:
- logger.error("No salt parameter sent")
- raise SRPAuthNoSalt(self.tr("The server did not send "
- "the salt parameter"))
+ logger.error("The server didn't send the salt parameter.")
+ raise SRPAuthNoSalt()
if B is None:
- logger.error("No B parameter sent")
- raise SRPAuthNoB(self.tr("The server did not send "
- "the B parameter"))
+ logger.error("The server didn't send the B parameter.")
+ raise SRPAuthNoB()
return salt, B
@@ -328,8 +323,7 @@ class SRPAuth(QtCore.QObject):
unhex_B = self._safe_unhexlify(B)
except (TypeError, ValueError) as e:
logger.error("Bad data from server: %r" % (e,))
- raise SRPAuthBadDataFromServer(
- self.tr("The data sent from the server had errors"))
+ raise SRPAuthBadDataFromServer()
M = self._srp_user.process_challenge(unhex_salt, unhex_B)
auth_url = "%s/%s/%s/%s" % (self._provider_config.get_api_uri(),
@@ -350,13 +344,13 @@ class SRPAuth(QtCore.QObject):
timeout=REQUEST_TIMEOUT)
except requests.exceptions.ConnectionError as e:
logger.error("No connection made (HAMK): %r" % (e,))
- raise SRPAuthConnectionError(self.tr("Could not connect to "
- "the server"))
+ raise SRPAuthConnectionError()
try:
content, mtime = reqhelper.get_content(auth_result)
except JSONDecodeError:
- raise SRPAuthJSONDecodeError("Bad JSON content in auth result")
+ logger.error("Bad JSON content in auth result.")
+ raise SRPAuthJSONDecodeError()
if auth_result.status_code == 422:
error = ""
@@ -370,14 +364,13 @@ class SRPAuth(QtCore.QObject):
"received: %s", (content,))
logger.error("[%s] Wrong password (HAMK): [%s]" %
(auth_result.status_code, error))
- raise SRPAuthBadUserOrPassword(self._WRONG_USER_PASS)
+ raise SRPAuthBadUserOrPassword()
if auth_result.status_code not in (200,):
logger.error("No valid response (HAMK): "
"Status code = %s. Content = %r" %
(auth_result.status_code, content))
- raise SRPAuthBadStatusCode(self.tr("Unknown error (%s)") %
- (auth_result.status_code,))
+ raise SRPAuthBadStatusCode()
return json.loads(content)
@@ -394,24 +387,22 @@ class SRPAuth(QtCore.QObject):
"""
try:
M2 = json_content.get("M2", None)
- uid = json_content.get("id", None)
+ uuid = json_content.get("id", None)
token = json_content.get("token", None)
except Exception as e:
logger.error(e)
- raise SRPAuthBadDataFromServer("Something went wrong with the "
- "login")
+ raise SRPAuthBadDataFromServer()
- self.set_uid(uid)
+ self.set_uuid(uuid)
self.set_token(token)
- if M2 is None or self.get_uid() is None:
+ if M2 is None or self.get_uuid() is None:
logger.error("Something went wrong. Content = %r" %
(json_content,))
- raise SRPAuthBadDataFromServer(self.tr("Problem getting data "
- "from server"))
+ raise SRPAuthBadDataFromServer()
events_signal(
- proto.CLIENT_UID, content=uid,
+ proto.CLIENT_UID, content=uuid,
reqcbk=lambda req, res: None) # make the rpc call async
return M2
@@ -434,22 +425,19 @@ class SRPAuth(QtCore.QObject):
unhex_M2 = self._safe_unhexlify(M2)
except TypeError:
logger.error("Bad data from server (HAWK)")
- raise SRPAuthBadDataFromServer(self.tr("Bad data from server"))
+ raise SRPAuthBadDataFromServer()
self._srp_user.verify_session(unhex_M2)
if not self._srp_user.authenticated():
- logger.error("Auth verification failed")
- raise SRPAuthVerificationFailed(self.tr("Auth verification "
- "failed"))
+ logger.error("Auth verification failed.")
+ raise SRPAuthVerificationFailed()
logger.debug("Session verified.")
session_id = self._session.cookies.get(self.SESSION_ID_KEY, None)
if not session_id:
logger.error("Bad cookie from server (missing _session_id)")
- raise SRPAuthNoSessionId(self.tr("Session cookie "
- "verification "
- "failed"))
+ raise SRPAuthNoSessionId()
events_signal(
proto.CLIENT_SESSION_ID, content=session_id,
@@ -475,7 +463,7 @@ class SRPAuth(QtCore.QObject):
:param new_password: the new password for the user
:type new_password: str
"""
- leap_assert(self.get_uid() is not None)
+ leap_assert(self.get_uuid() is not None)
if current_password != self._password:
raise SRPAuthBadUserOrPassword
@@ -483,7 +471,7 @@ class SRPAuth(QtCore.QObject):
url = "%s/%s/users/%s.json" % (
self._provider_config.get_api_uri(),
self._provider_config.get_api_version(),
- self.get_uid())
+ self.get_uuid())
salt, verifier = self._srp.create_salted_verification_key(
self._username.encode('utf-8'), new_password.encode('utf-8'),
@@ -580,7 +568,7 @@ class SRPAuth(QtCore.QObject):
raise
else:
self.set_session_id(None)
- self.set_uid(None)
+ self.set_uuid(None)
self.set_token(None)
# Also reset the session
self._session = self._fetcher.session()
@@ -594,13 +582,17 @@ class SRPAuth(QtCore.QObject):
QtCore.QMutexLocker(self._session_id_lock)
return self._session_id
- def set_uid(self, uid):
- QtCore.QMutexLocker(self._uid_lock)
- self._uid = uid
+ def set_uuid(self, uuid):
+ QtCore.QMutexLocker(self._uuid_lock)
+ full_uid = "%s@%s" % (
+ self._username, self._provider_config.get_domain())
+ if uuid is not None: # avoid removing the uuid from settings
+ self._settings.set_uuid(full_uid, uuid)
+ self._uuid = uuid
- def get_uid(self):
- QtCore.QMutexLocker(self._uid_lock)
- return self._uid
+ def get_uuid(self):
+ QtCore.QMutexLocker(self._uuid_lock)
+ return self._uuid
def set_token(self, token):
QtCore.QMutexLocker(self._token_lock)
@@ -612,8 +604,9 @@ class SRPAuth(QtCore.QObject):
__instance = None
- authentication_finished = QtCore.Signal(bool, str)
- logout_finished = QtCore.Signal(bool, str)
+ authentication_finished = QtCore.Signal()
+ logout_ok = QtCore.Signal()
+ logout_error = QtCore.Signal()
def __init__(self, provider_config):
"""
@@ -650,7 +643,6 @@ class SRPAuth(QtCore.QObject):
username = username.lower()
d = self.__instance.authenticate(username, password)
d.addCallback(self._gui_notify)
- d.addErrback(self._errback)
return d
def change_password(self, current_password, new_password):
@@ -676,7 +668,7 @@ class SRPAuth(QtCore.QObject):
:rtype: str or None
"""
- if self.get_uid() is None:
+ if self.get_uuid() is None:
return None
return self.__instance._username
@@ -688,25 +680,13 @@ class SRPAuth(QtCore.QObject):
:type _: IGNORED
"""
logger.debug("Successful login!")
- self.authentication_finished.emit(True, self.tr("Succeeded"))
-
- def _errback(self, failure):
- """
- General errback for the whole login process. Will notify the
- UI with the proper signal.
-
- :param failure: Failure object captured from a callback.
- :type failure: twisted.python.failure.Failure
- """
- logger.error("Error logging in %s" % (failure,))
- self.authentication_finished.emit(False, "%s" % (failure.value,))
- failure.trap(Exception)
+ self.authentication_finished.emit()
def get_session_id(self):
return self.__instance.get_session_id()
- def get_uid(self):
- return self.__instance.get_uid()
+ def get_uuid(self):
+ return self.__instance.get_uuid()
def get_token(self):
return self.__instance.get_token()
@@ -718,8 +698,10 @@ class SRPAuth(QtCore.QObject):
"""
try:
self.__instance.logout()
- self.logout_finished.emit(True, self.tr("Succeeded"))
+ logger.debug("Logout success")
+ self.logout_ok.emit()
return True
except Exception as e:
- self.logout_finished.emit(False, "%s" % (e,))
+ logger.debug("Logout error: {0!r}".format(e))
+ self.logout_error.emit()
return False