diff options
| author | Bruno Wagner <bwagner@riseup.net> | 2016-08-19 16:55:28 -0300 |
|---|---|---|
| committer | Bruno Wagner <bwagner@riseup.net> | 2016-08-19 17:00:53 -0300 |
| commit | db9917a769edacfffc9ae1166f07473a30471ef2 (patch) | |
| tree | d048bbbfba7a31a87749afa721e37ec41c3e5ec1 /service/pixelated/resources/auth.py | |
| parent | 09fbc16dc6e55b3fa2f2c9ea7b3fba7eee981dfa (diff) | |
Normalizing single and multi user bootstrap #759
Consolidated authentication to always be
done is a defer to thread and changed the
authenticate_user method name to conform
with what it actually does
Diffstat (limited to 'service/pixelated/resources/auth.py')
| -rw-r--r-- | service/pixelated/resources/auth.py | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py index 1e6e293c..5581d080 100644 --- a/service/pixelated/resources/auth.py +++ b/service/pixelated/resources/auth.py @@ -17,12 +17,11 @@ import logging import re -from leap.auth import SRPAuth from leap.exceptions import SRPAuthenticationError from twisted.cred.checkers import ANONYMOUS from twisted.cred.credentials import ICredentials from twisted.cred.error import UnauthorizedLogin -from twisted.internet import defer, threads +from twisted.internet import defer from twisted.web._auth.wrapper import UnauthorizedResource from twisted.web.error import UnsupportedMethod from zope.interface import implements, implementer, Attribute @@ -31,7 +30,7 @@ from twisted.web import util from twisted.cred import error from twisted.web.resource import IResource, ErrorPage -from pixelated.config.leap import authenticate_user +from pixelated.config.leap import create_leap_session, authenticate from pixelated.resources import IPixelatedSession @@ -44,23 +43,18 @@ class LeapPasswordChecker(object): credentials.IUsernamePassword, ) - def __init__(self, leap_provider): - self._leap_provider = leap_provider + def __init__(self, provider): + self.provider = provider + @defer.inlineCallbacks def requestAvatarId(self, credentials): - def _validate_credentials(): - try: - srp_auth = SRPAuth(self._leap_provider.api_uri, self._leap_provider.local_ca_crt) - return srp_auth.authenticate(credentials.username, credentials.password) - except SRPAuthenticationError: - raise UnauthorizedLogin() - - def _get_leap_session(srp_auth): - return authenticate_user(self._leap_provider, credentials.username, credentials.password, auth=srp_auth) - - d = threads.deferToThread(_validate_credentials) - d.addCallback(_get_leap_session) - return d + try: + auth = yield authenticate(self.provider, credentials.username, credentials.password) + except SRPAuthenticationError: + raise UnauthorizedLogin() + + leap_session = yield create_leap_session(self.provider, credentials.username, credentials.password, auth) + defer.returnValue(leap_session) class ISessionCredential(ICredentials): |