Implements bonafide to replace leap.auth

This still uses the SRPSession object to hold the credentials
so we don't have to adapt the rest of the user agent code

1 files changed, 13 insertions, 4 deletions

diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 42eb495d..22c1e57a 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -1,10 +1,13 @@
 from __future__ import absolute_import
 import logging
+from collections import namedtuple
 from twisted.internet import defer, threads
 from leap.common.events import (server as events_server)
 from leap.soledad.common.errors import InvalidAuthTokenError
-from leap.auth import SRPAuth
+from leap.auth import SRPSession
 
+from leap.bonafide.session import Session
+from leap.bonafide.provider import Api
 from pixelated.config import credentials
 from pixelated.config import leap_config
 from pixelated.bitmask_libraries.certs import LeapCertificate
@@ -14,6 +17,9 @@ from pixelated.config.sessions import LeapSessionFactory
 log = logging.getLogger(__name__)
 
 
+Credentials = namedtuple('Credentials', 'username, password')
+
+
 def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home):
     LeapCertificate.set_cert_and_fingerprint(provider_cert,
                                              provider_fingerprint)
@@ -75,10 +81,13 @@ def initialize_leap_single_user(leap_provider_cert,
     defer.returnValue(leap_session)
 
 
+@defer.inlineCallbacks
 def authenticate(provider, user, password):
-    srp_auth = SRPAuth(provider.api_uri, provider.local_ca_crt)
-    d = threads.deferToThread(srp_auth.authenticate, user, password)
-    return d
+    srp_provider = Api(provider.api_uri)
+    credentials = Credentials(user, password)
+    srp_auth = Session(credentials, srp_provider, provider.local_ca_crt)
+    yield srp_auth.authenticate()
+    defer.returnValue(SRPSession(user, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False}))
 
 
 def init_monkeypatches():