moving pixelated-maintenance register to use bonafide instead of leap.auth #792

4 files changed, 41 insertions, 41 deletions

diff --git a/service/pixelated/register.py b/service/pixelated/register.py
index 0269c832..66ceea41 100644
--- a/service/pixelated/register.py
+++ b/service/pixelated/register.py
@@ -13,35 +13,29 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
-import re
 import getpass
+import re
 import sys
+from collections import namedtuple
 
-from twisted.logger import Logger
-
-from leap.auth import SRPAuth
+from leap.bitmask.bonafide.provider import Api
+from leap.bitmask.bonafide.session import Session
 from leap.common.events import server as events_server
-
-from pixelated.config import arguments
-from pixelated.config import logger as logger_config
 from pixelated.bitmask_libraries.certs import LeapCertificate
 from pixelated.bitmask_libraries.provider import LeapProvider
+from pixelated.config import arguments
+from pixelated.config import logger as logger_config
+from pixelated.config.authentication import Authentication
 from pixelated.config.sessions import LeapSessionFactory
+from twisted.internet.defer import inlineCallbacks
+from twisted.logger import Logger
 
-logger = Logger()
+Credentials = namedtuple('Credentials', 'username, password')
 
+logger = Logger()
 
-def register(
-        server_name,
-        username,
-        password,
-        leap_home,
-        provider_cert,
-        provider_cert_fingerprint):
-
-    if not password:
-        password = getpass.getpass('Please enter password for %s: ' % username)
 
+def _validate(username, password):
     try:
         validate_username(username)
         validate_password(password)
@@ -49,16 +43,40 @@ def register(
         print(e.message)
         sys.exit(1)
 
+
+def _set_provider(provider_cert, provider_cert_fingerprint, server_name):
     events_server.ensure_server()
     LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint)
     provider = LeapProvider(server_name)
     provider.setup_ca()
     provider.download_settings()
-    srp_auth = SRPAuth(provider.api_uri, provider.provider_api_cert)
+    return provider
+
+
+def _bonafide_session(username, password, provider):
+    srp_provider = Api(provider.api_uri)
+    credentials = Credentials(username, password)
+    return Session(credentials, srp_provider, provider.local_ca_crt)
+
+
+@inlineCallbacks
+def _bootstrap_leap_session(username, password, leap_provider, srp_auth):
+    auth = Authentication(username, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False})
+    yield LeapSessionFactory(leap_provider).create(username, password, auth)
+
+
+@inlineCallbacks
+def register(server_name, username, password, leap_home, provider_cert, provider_cert_fingerprint):
+    if not password:
+        password = getpass.getpass('Please enter password for %s: ' % username)
+
+    _validate(username, password)
+    leap_provider = _set_provider(provider_cert, provider_cert_fingerprint, server_name)
+    srp_auth = _bonafide_session(username, password, leap_provider)
 
-    if srp_auth.register(username, password):
-        auth = srp_auth.authenticate(username, password)
-        LeapSessionFactory(provider).create(username, password, auth)
+    created, user = yield srp_auth.signup(username, password, invite=None)
+    if created:
+        yield _bootstrap_leap_session(username, password, leap_provider, srp_auth)
     else:
         logger.error("Register failed")
 
diff --git a/service/requirements.txt b/service/requirements.txt
index d6552204..6e3d0a03 100644
--- a/service/requirements.txt
+++ b/service/requirements.txt
@@ -7,7 +7,6 @@ srp==1.0.4
 whoosh==2.5.7
 Twisted==16.1.1
 -e 'git+https://github.com/pixelated/leap_pycommon.git@develop#egg=leap.common'
--e 'git+https://github.com/pixelated/leap_auth.git#egg=leap.auth'
 -e 'git+https://github.com/leapcode/bitmask-dev.git@master#egg=leap.bitmask'
 -e 'git+https://github.com/pixelated/soledad.git@develop#egg=leap.soledad.common&subdirectory=common/'
 -e 'git+https://github.com/pixelated/soledad.git@develop#egg=leap.soledad.client&subdirectory=client/'
diff --git a/service/test/unit/resources/test_login_resource.py b/service/test/unit/resources/test_login_resource.py
index be199e0e..5843ef28 100644
--- a/service/test/unit/resources/test_login_resource.py
+++ b/service/test/unit/resources/test_login_resource.py
@@ -241,24 +241,6 @@ class TestLoginPOST(unittest.TestCase):
         d.addCallback(assert_login_setup_service_for_user)
         return d
 
-    @patch('pixelated.config.sessions.LeapSessionFactory.create')
-    @patch('leap.auth.SRPAuth.authenticate')
-    @patch('pixelated.config.services.Services.setup')
-    def test_leap_session_is_not_created_when_leap_auth_fails(self, mock_service_setup, mock_leap_srp_auth, mock_leap_session_create):
-        mock_leap_srp_auth.side_effect = SRPAuthError()
-
-        d = self.web.get(self.request)
-
-        def assert_login_setup_service_for_user(_):
-            verify(self.portal).login(ANY(), None, IResource)
-            self.assertFalse(mock_leap_session_create.called)
-            self.assertFalse(mock_service_setup.called)
-            self.assertEqual(401, self.request.responseCode)
-            self.assertFalse(self.resource.is_logged_in(self.request))
-
-        d.addCallback(assert_login_setup_service_for_user)
-        return d
-
     @patch('twisted.web.util.redirectTo')
     @patch('pixelated.resources.session.PixelatedSession.is_logged_in')
     def test_should_not_process_login_if_already_logged_in(self, mock_logged_in, mock_redirect):
diff --git a/service/test_requirements.txt b/service/test_requirements.txt
index b6b704c7..94b19526 100644
--- a/service/test_requirements.txt
+++ b/service/test_requirements.txt
@@ -10,3 +10,4 @@ coverage
 crochet==1.4.0
 poster==0.8.1
 locustio==0.7.3
+-e 'git+https://github.com/pixelated/leap_auth.git#egg=leap.auth'