Normalizing single and multi user bootstrap #759

Consolidated authentication to always be done is a defer to thread and changed the authenticate_user method name to conform with what it actually does
author: Bruno Wagner <bwagner@riseup.net> 2016-08-19 16:55:28 -0300
committer: Bruno Wagner <bwagner@riseup.net> 2016-08-19 17:00:53 -0300
commit: db9917a769edacfffc9ae1166f07473a30471ef2 (patch)
tree: d048bbbfba7a31a87749afa721e37ec41c3e5ec1
parent: 09fbc16dc6e55b3fa2f2c9ea7b3fba7eee981dfa (diff)
4 files changed, 43 insertions, 54 deletions
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index f61d3af7..9d0a35c4 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -1,15 +1,16 @@
 from __future__ import absolute_import
+import logging
+from twisted.internet import defer, threads
 from leap.common.events import (server as events_server)
 from leap.soledad.common.errors import InvalidAuthTokenError
+from leap.auth import SRPAuth
 
 from pixelated.config import credentials
 from pixelated.bitmask_libraries.config import LeapConfig
 from pixelated.bitmask_libraries.certs import LeapCertificate
 from pixelated.bitmask_libraries.provider import LeapProvider
 from pixelated.bitmask_libraries.session import LeapSessionFactory
-from twisted.internet import defer
 
-import logging
 log = logging.getLogger(__name__)
 
 
@@ -37,29 +38,18 @@ def initialize_leap_multi_user(provider_hostname,
     defer.returnValue((config, provider))
 
 
-def _create_session(provider, username, password, auth):
-    return LeapSessionFactory(provider).create(username, password, auth)
-
-
-def _force_close_session(session):
-    try:
-        session.close()
-    except Exception, e:
-        log.error(e)
-
-
 @defer.inlineCallbacks
-def authenticate_user(provider, username, password, initial_sync=True, auth=None):
-    leap_session = _create_session(provider, username, password, auth)
+def create_leap_session(provider, username, password, auth=None):
+    leap_session = LeapSessionFactory(provider).create(username, password, auth)
     try:
-        if initial_sync:
-            yield leap_session.initial_sync()
+        yield leap_session.initial_sync()
     except InvalidAuthTokenError:
-        _force_close_session(leap_session)
-
-        leap_session = _create_session(provider, username, password, auth)
-        if initial_sync:
-            yield leap_session.initial_sync()
+        try:
+            leap_session.close()
+        except Exception, e:
+            log.error(e)
+        leap_session = LeapSessionFactory(provider).create(username, password, auth)
+        yield leap_session.initial_sync()
 
     defer.returnValue(leap_session)
 
@@ -68,8 +58,7 @@ def authenticate_user(provider, username, password, initial_sync=True, auth=None
 def initialize_leap_single_user(leap_provider_cert,
                                 leap_provider_cert_fingerprint,
                                 credentials_file,
-                                leap_home,
-                                initial_sync=True):
+                                leap_home):
 
     init_monkeypatches()
     events_server.ensure_server()
@@ -78,10 +67,21 @@ def initialize_leap_single_user(leap_provider_cert,
 
     config, provider = initialize_leap_provider(provider, leap_provider_cert, leap_provider_cert_fingerprint, leap_home)
 
-    leap_session = yield authenticate_user(provider, username, password, initial_sync=initial_sync)
+    try:
+        auth = yield authenticate(provider, username, password)
+    except SRPAuthenticationError:
+        raise UnauthorizedLogin()
+
+    leap_session = yield create_leap_session(provider, username, password, auth)
 
     defer.returnValue(leap_session)
 
 
+def authenticate(provider, user, password):
+    srp_auth = SRPAuth(provider.api_uri, provider.local_ca_crt)
+    d = threads.deferToThread(srp_auth.authenticate, user, password)
+    return d
+
+
 def init_monkeypatches():
     import pixelated.extensions.requests_urllib3
diff --git a/service/pixelated/maintenance.py b/service/pixelated/maintenance.py
index 7809b13d..3b216304 100644
--- a/service/pixelated/maintenance.py
+++ b/service/pixelated/maintenance.py
@@ -47,8 +47,7 @@ def initialize():
             args.leap_provider_cert,
             args.leap_provider_cert_fingerprint,
             args.credentials_file,
-            leap_home=args.leap_home,
-            initial_sync=_do_initial_sync(args))
+            leap_home=args.leap_home)
 
         execute_command(args, leap_session)
 
@@ -56,10 +55,6 @@ def initialize():
     reactor.run()
 
 
-def _do_initial_sync(args):
-    return (not _is_repair_command(args)) and (not _is_integrity_check_command(args))
-
-
 def _is_repair_command(args):
     return args.command == REPAIR_COMMAND
 
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 1e6e293c..5581d080 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -17,12 +17,11 @@
 import logging
 import re
 
-from leap.auth import SRPAuth
 from leap.exceptions import SRPAuthenticationError
 from twisted.cred.checkers import ANONYMOUS
 from twisted.cred.credentials import ICredentials
 from twisted.cred.error import UnauthorizedLogin
-from twisted.internet import defer, threads
+from twisted.internet import defer
 from twisted.web._auth.wrapper import UnauthorizedResource
 from twisted.web.error import UnsupportedMethod
 from zope.interface import implements, implementer, Attribute
@@ -31,7 +30,7 @@ from twisted.web import util
 from twisted.cred import error
 from twisted.web.resource import IResource, ErrorPage
 
-from pixelated.config.leap import authenticate_user
+from pixelated.config.leap import create_leap_session, authenticate
 from pixelated.resources import IPixelatedSession
 
 
@@ -44,23 +43,18 @@ class LeapPasswordChecker(object):
         credentials.IUsernamePassword,
     )
 
-    def __init__(self, leap_provider):
-        self._leap_provider = leap_provider
+    def __init__(self, provider):
+        self.provider = provider
 
+    @defer.inlineCallbacks
     def requestAvatarId(self, credentials):
-        def _validate_credentials():
-            try:
-                srp_auth = SRPAuth(self._leap_provider.api_uri, self._leap_provider.local_ca_crt)
-                return srp_auth.authenticate(credentials.username, credentials.password)
-            except SRPAuthenticationError:
-                raise UnauthorizedLogin()
-
-        def _get_leap_session(srp_auth):
-            return authenticate_user(self._leap_provider, credentials.username, credentials.password, auth=srp_auth)
-
-        d = threads.deferToThread(_validate_credentials)
-        d.addCallback(_get_leap_session)
-        return d
+        try:
+            auth = yield authenticate(self.provider, credentials.username, credentials.password)
+        except SRPAuthenticationError:
+            raise UnauthorizedLogin()
+
+        leap_session = yield create_leap_session(self.provider, credentials.username, credentials.password, auth)
+        defer.returnValue(leap_session)
 
 
 class ISessionCredential(ICredentials):
diff --git a/service/test/unit/config/test_leap.py b/service/test/unit/config/test_leap.py
index 6b34d717..5576cca8 100644
--- a/service/test/unit/config/test_leap.py
+++ b/service/test/unit/config/test_leap.py
@@ -2,14 +2,14 @@ from leap.soledad.common.errors import InvalidAuthTokenError
 from mock import MagicMock, patch
 from twisted.trial import unittest
 from twisted.internet import defer
-from pixelated.config.leap import authenticate_user
+from pixelated.config.leap import create_leap_session
 
 
 class TestAuth(unittest.TestCase):
 
     @patch('pixelated.config.leap.LeapSessionFactory')
     @defer.inlineCallbacks
-    def test_authenticate_user_calls_initinal_sync(self, session_factory__ctor_mock):
+    def test_create_leap_session_calls_initinal_sync(self, session_factory__ctor_mock):
         session_factory_mock = session_factory__ctor_mock.return_value
         provider_mock = MagicMock()
         auth_mock = MagicMock()
@@ -17,13 +17,13 @@ class TestAuth(unittest.TestCase):
 
         session_factory_mock.create.return_value = session
 
-        yield authenticate_user(provider_mock, 'username', 'password', auth=auth_mock)
+        yield create_leap_session(provider_mock, 'username', 'password', auth=auth_mock)
 
         session.initial_sync.assert_called_with()
 
     @patch('pixelated.config.leap.LeapSessionFactory')
     @defer.inlineCallbacks
-    def test_authenticate_user_calls_initial_sync_a_second_time_if_invalid_auth_exception_is_raised(self, session_factory__ctor_mock):
+    def test_create_leap_session_calls_initial_sync_a_second_time_if_invalid_auth_exception_is_raised(self, session_factory__ctor_mock):
         session_factory_mock = session_factory__ctor_mock.return_value
         provider_mock = MagicMock()
         auth_mock = MagicMock()
@@ -32,7 +32,7 @@ class TestAuth(unittest.TestCase):
         session.initial_sync.side_effect = [InvalidAuthTokenError, defer.succeed(None)]
         session_factory_mock.create.return_value = session
 
-        yield authenticate_user(provider_mock, 'username', 'password', auth=auth_mock)
+        yield create_leap_session(provider_mock, 'username', 'password', auth=auth_mock)
 
         session.close.assert_called_with()
         self.assertEqual(2, session.initial_sync.call_count)
author	Bruno Wagner <bwagner@riseup.net>	2016-08-19 16:55:28 -0300
committer	Bruno Wagner <bwagner@riseup.net>	2016-08-19 17:00:53 -0300
commit	db9917a769edacfffc9ae1166f07473a30471ef2 (patch)
tree	d048bbbfba7a31a87749afa721e37ec41c3e5ec1
parent	09fbc16dc6e55b3fa2f2c9ea7b3fba7eee981dfa (diff)