Started deferring leap session creation #759

Started adapting get_leap_session to deferreds Soledad and keymanager setup calls will now happen in deferreds and leap session creation itself is a deferred with callbacks This is a start in breaking the big blocking calls we were doing on the main thread, this was done without changing code inside the leap libraries yet so things can be further optimized This breaks the ~4 seconds get_leap_session piece into smaller 1 seconds one, that can be further optimized and deferred to even smaller calls There are requests calls happening on the main thread that should get this number even further down Also moved some pieces from bitmask libraries to our bootstrap, because they are not bitmask libraries anymore and that was causing confusion
author: Bruno Wagner <bwagner@riseup.net> 2016-08-19 21:37:34 -0300
committer: Bruno Wagner <bwagner@riseup.net> 2016-08-19 21:37:34 -0300
commit: 9cdd52be577fff75830c854bd7738ee1649e7083 (patch)
tree: ef560dd628bda40832503250e1325283c49ede83 /service/pixelated
parent: 9c5811c6b760415372c6cc67a9d34680c990cdd8 (diff)
10 files changed, 205 insertions, 259 deletions
diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index 65e974b6..178726ef 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -144,10 +144,9 @@ def _start_in_multi_user_mode(args, root_resource, services_factory):
 def _setup_multi_user(args, root_resource, services_factory):
     if args.provider is None:
         raise ValueError('Multi-user mode: provider name is required')
-
     init_monkeypatches()
     events_server.ensure_server()
-    config, provider = initialize_leap_provider(args.provider, args.leap_provider_cert, args.leap_provider_cert_fingerprint, args.leap_home)
+    provider = initialize_leap_provider(args.provider, args.leap_provider_cert, args.leap_provider_cert_fingerprint, args.leap_home)
     protected_resource = set_up_protected_resources(root_resource, provider, services_factory, banner=args.banner)
     return protected_resource
 
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index 9d543672..e3466d05 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -14,6 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 import os
+from pixelated.config import leap_config
 
 
 class LeapCertificate(object):
@@ -22,7 +23,6 @@ class LeapCertificate(object):
     LEAP_FINGERPRINT = None
 
     def __init__(self, provider):
-        self._config = provider.config
         self._server_name = provider.server_name
         self._provider = provider
 
@@ -41,10 +41,10 @@ class LeapCertificate(object):
 
     @property
     def provider_api_cert(self):
-        return str(os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem'))
+        return str(os.path.join(leap_config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem'))
 
     def setup_ca_bundle(self):
-        path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client')
+        path = os.path.join(leap_config.leap_home, 'providers', self._server_name, 'keys', 'client')
         if not os.path.isdir(path):
             os.makedirs(path, 0700)
         self._download_cert(self.provider_api_cert)
diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/keymanager.py
index aeedab2c..78d6e935 100644
--- a/service/pixelated/bitmask_libraries/nicknym.py
+++ b/service/pixelated/bitmask_libraries/keymanager.py
@@ -14,6 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 from leap.keymanager import KeyManager, KeyNotFound
+from pixelated.config import leap_config
 from .certs import LeapCertificate
 from twisted.internet import defer
 import logging
@@ -21,15 +22,15 @@ import logging
 logger = logging.getLogger(__name__)
 
 
-class NickNym(object):
-    def __init__(self, provider, config, soledad, email_address, token, uuid):
-        nicknym_url = _discover_nicknym_server(provider)
+class Keymanager(object):
+    def __init__(self, provider, soledad, email_address, token, uuid):
+        nicknym_url = provider._discover_nicknym_server()
         self._email = email_address
         self.keymanager = KeyManager(self._email, nicknym_url,
                                      soledad,
                                      token=token, ca_cert_path=LeapCertificate(provider).provider_api_cert, api_uri=provider.api_uri,
                                      api_version=provider.api_version,
-                                     uid=uuid, gpgbinary=config.gpg_binary)
+                                     uid=uuid, gpgbinary=leap_config.gpg_binary)
 
     @defer.inlineCallbacks
     def generate_openpgp_key(self):
@@ -55,7 +56,3 @@ class NickNym(object):
 
     def _send_key_to_leap(self):
         return self.keymanager.send_key()
-
-
-def _discover_nicknym_server(provider):
-    return 'https://nicknym.%s:6425/' % provider.domain
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py
index 9c889287..07791624 100644
--- a/service/pixelated/bitmask_libraries/provider.py
+++ b/service/pixelated/bitmask_libraries/provider.py
@@ -19,16 +19,18 @@ import os
 from leap.common.certs import get_digest
 import requests
 from .certs import LeapCertificate
+from pixelated.config import leap_config
 from pixelated.support.tls_adapter import EnforceTLSv1Adapter
-from pixelated.bitmask_libraries.soledad import SoledadDiscoverException
+
+REQUESTS_TIMEOUT = 15
 
 
 class LeapProvider(object):
-    def __init__(self, server_name, config):
+    def __init__(self, server_name):
         self.server_name = server_name
-        self.config = config
-        self.local_ca_crt = '%s/ca.crt' % self.config.leap_home
+        self.local_ca_crt = '%s/ca.crt' % leap_config.leap_home
         self.provider_json = self.fetch_provider_json()
+        self.soledad_json = self.fetch_soledad_json()
 
     @property
     def api_uri(self):
@@ -119,7 +121,7 @@ class LeapProvider(object):
         session = requests.session()
         try:
             session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=LeapCertificate.LEAP_FINGERPRINT))
-            response = session.get(url, verify=LeapCertificate(self).provider_web_cert, timeout=self.config.timeout_in_s)
+            response = session.get(url, verify=LeapCertificate(self).provider_web_cert, timeout=REQUESTS_TIMEOUT)
             response.raise_for_status()
             return response
         finally:
@@ -134,14 +136,14 @@ class LeapProvider(object):
     def fetch_soledad_json(self):
         service_url = "%s/%s/config/soledad-service.json" % (
             self.api_uri, self.api_version)
-        response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s)
+        response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=REQUESTS_TIMEOUT)
         response.raise_for_status()
         return json.loads(response.content)
 
     def fetch_smtp_json(self):
         service_url = '%s/%s/config/smtp-service.json' % (
             self.api_uri, self.api_version)
-        response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s)
+        response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=REQUESTS_TIMEOUT)
         response.raise_for_status()
         return json.loads(response.content)
 
@@ -152,14 +154,11 @@ class LeapProvider(object):
         return '%s@%s' % (username, self.domain)
 
     def discover_soledad_server(self, user_uuid):
-        try:
-            json_data = self.fetch_soledad_json()
-
-            hosts = json_data['hosts']
-            host = hosts.keys()[0]
-            server_url = 'https://%s:%d/user-%s' % \
-                         (hosts[host]['hostname'], hosts[host]['port'],
-                          user_uuid)
-            return server_url
-        except Exception, e:
-            raise SoledadDiscoverException(e)
+        hosts = self.soledad_json['hosts']
+        host = hosts.keys()[0]
+        server_url = 'https://%s:%d/user-%s' % \
+                     (hosts[host]['hostname'], hosts[host]['port'], user_uuid)
+        return server_url
+
+    def _discover_nicknym_server(self):
+        return 'https://nicknym.%s:6425/' % self.domain
diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py
deleted file mode 100644
index 406e9fc1..00000000
--- a/service/pixelated/bitmask_libraries/soledad.py
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# Copyright (c) 2014 ThoughtWorks, Inc.
-#
-# Pixelated is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Pixelated is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
-from leap.soledad.client import Soledad
-from leap.soledad.common.crypto import WrongMacError, UnknownMacMethodError
-
-
-class SoledadDiscoverException(Exception):
-    def __init__(self, *args, **kwargs):
-        super(SoledadDiscoverException, self).__init__(*args, **kwargs)
-
-
-class SoledadWrongPassphraseException(Exception):
-    def __init__(self, *args, **kwargs):
-        super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs)
-
-
-class SoledadFactory(object):
-
-    @classmethod
-    def create(cls, user_token, user_uuid, encryption_passphrase, secrets, local_db, server_url, api_cert):
-        try:
-            return Soledad(user_uuid,
-                           passphrase=unicode(encryption_passphrase),
-                           secrets_path=secrets,
-                           local_db_path=local_db,
-                           server_url=server_url,
-                           cert_file=api_cert,
-                           shared_db=None,
-                           auth_token=user_token,
-                           defer_encryption=False)
-
-        except (WrongMacError, UnknownMacMethodError), e:
-            raise SoledadWrongPassphraseException(e)
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 9d0a35c4..b14aacc7 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -6,10 +6,10 @@ from leap.soledad.common.errors import InvalidAuthTokenError
 from leap.auth import SRPAuth
 
 from pixelated.config import credentials
-from pixelated.bitmask_libraries.config import LeapConfig
+from pixelated.config import leap_config
 from pixelated.bitmask_libraries.certs import LeapCertificate
 from pixelated.bitmask_libraries.provider import LeapProvider
-from pixelated.bitmask_libraries.session import LeapSessionFactory
+from pixelated.config.sessions import LeapSessionFactory
 
 log = logging.getLogger(__name__)
 
@@ -17,13 +17,12 @@ log = logging.getLogger(__name__)
 def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home):
     LeapCertificate.set_cert_and_fingerprint(provider_cert,
                                              provider_fingerprint)
-
-    config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
-    provider = LeapProvider(provider_hostname, config)
+    leap_config.set_leap_home(leap_home)
+    provider = LeapProvider(provider_hostname)
     provider.download_certificate()
     LeapCertificate(provider).setup_ca_bundle()
 
-    return config, provider
+    return provider
 
 
 @defer.inlineCallbacks
@@ -40,16 +39,16 @@ def initialize_leap_multi_user(provider_hostname,
 
 @defer.inlineCallbacks
 def create_leap_session(provider, username, password, auth=None):
-    leap_session = LeapSessionFactory(provider).create(username, password, auth)
+    leap_session = yield LeapSessionFactory(provider).create(username, password, auth)
     try:
-        yield leap_session.initial_sync()
+        yield leap_session.first_required_sync()
     except InvalidAuthTokenError:
         try:
             leap_session.close()
         except Exception, e:
             log.error(e)
         leap_session = LeapSessionFactory(provider).create(username, password, auth)
-        yield leap_session.initial_sync()
+        yield leap_session.first_required_sync()
 
     defer.returnValue(leap_session)
 
diff --git a/service/pixelated/bitmask_libraries/config.py b/service/pixelated/config/leap_config.py
index c521a093..324edc5e 100644
--- a/service/pixelated/bitmask_libraries/config.py
+++ b/service/pixelated/config/leap_config.py
@@ -30,17 +30,13 @@ def discover_gpg_binary():
 
 
 SYSTEM_CA_BUNDLE = True
+leap_home = '~/.leap/'
+gpg_binary = discover_gpg_binary()
 
 
-class LeapConfig(object):
+def set_leap_home(new_home):
+    leap_home = new_home
 
-    def __init__(self,
-                 leap_home=None,
-                 timeout_in_s=15,
-                 start_background_jobs=False,
-                 gpg_binary=discover_gpg_binary()):
 
-        self.leap_home = leap_home
-        self.timeout_in_s = timeout_in_s
-        self.start_background_jobs = start_background_jobs
-        self.gpg_binary = gpg_binary
+def set_gpg_binary(new_binary):
+    gpg_binary = binary
diff --git a/service/pixelated/config/services.py b/service/pixelated/config/services.py
index a49e1df9..494be703 100644
--- a/service/pixelated/config/services.py
+++ b/service/pixelated/config/services.py
@@ -12,14 +12,14 @@ from pixelated.adapter.listeners.mailbox_indexer_listener import listen_all_mail
 from twisted.internet import defer, reactor
 from pixelated.adapter.search.index_storage_key import SearchIndexStorageKey
 from pixelated.adapter.services.feedback_service import FeedbackService
-
+from pixelated.config import leap_config
 logger = logging.getLogger(__name__)
 
 
 class Services(object):
 
     def __init__(self, leap_session):
-        self._leap_home = leap_session.config.leap_home
+        self._leap_home = leap_config.leap_home
         self._leap_session = leap_session
 
     @defer.inlineCallbacks
@@ -33,7 +33,7 @@ class Services(object):
 
         self.mail_service = self._setup_mail_service(self.search_engine)
 
-        self.keymanager = self._leap_session.nicknym
+        self.keymanager = self._leap_session.keymanager
         self.draft_service = self._setup_draft_service(self._leap_session.mail_store)
         self.feedback_service = self._setup_feedback_service()
 
@@ -61,7 +61,7 @@ class Services(object):
         self.search_engine = search_engine
 
     def _setup_mail_service(self, search_engine):
-        pixelated_mail_sender = MailSender(self._leap_session.smtp_config, self._leap_session.nicknym.keymanager)
+        pixelated_mail_sender = MailSender(self._leap_session.smtp_config, self._leap_session.keymanager.keymanager)
 
         return MailService(
             pixelated_mail_sender,
diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/config/sessions.py
index 72ad8520..ed492ea9 100644
--- a/service/pixelated/bitmask_libraries/session.py
+++ b/service/pixelated/config/sessions.py
@@ -1,81 +1,160 @@
-#
-# Copyright (c) 2014 ThoughtWorks, Inc.
-#
-# Pixelated is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Pixelated is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
-import errno
-import traceback
-import sys
+from __future__ import absolute_import
+
 import os
+import errno
 import requests
 import logging
-
-from twisted.internet import reactor, defer
-from pixelated.bitmask_libraries.certs import LeapCertificate
-from pixelated.adapter.mailstore import LeapMailStore
+from twisted.internet import defer, threads, reactor
+from leap.soledad.common.crypto import WrongMacError, UnknownMacMethodError
+from leap.soledad.client import Soledad
+from pixelated.bitmask_libraries.keymanager import Keymanager
 from leap.mail.incoming.service import IncomingMail
 from leap.mail.mail import Account
-from leap.auth import SRPAuth
-from .nicknym import NickNym
-from .smtp import LeapSMTPConfig
-from .soledad import SoledadFactory
 import leap.common.certs as leap_certs
-
 from leap.common.events import (
     register, unregister,
     catalog as events
 )
 
+from pixelated.adapter.mailstore import LeapMailStore
+from pixelated.config import leap_config
+from pixelated.bitmask_libraries.certs import LeapCertificate
+from pixelated.bitmask_libraries.smtp import LeapSMTPConfig
+
+logger = logging.getLogger(__name__)
+
+
+class LeapSessionFactory(object):
+    def __init__(self, provider):
+        self._provider = provider
+
+    @defer.inlineCallbacks
+    def create(self, username, password, auth):
+        key = SessionCache.session_key(self._provider, username)
+        session = SessionCache.lookup_session(key)
+        if not session:
+            session = yield self._create_new_session(username, password, auth)
+            SessionCache.remember_session(key, session)
+        defer.returnValue(session)
+
+    @defer.inlineCallbacks
+    def _create_new_session(self, username, password, auth):
+        account_email = self._provider.address_for(username)
+
+        self._create_database_dir(auth.uuid)
+
+        api_cert = LeapCertificate(self._provider).provider_api_cert
+
+        soledad = yield self.setup_soledad(auth.token, auth.uuid, password, api_cert)
+
+        mail_store = LeapMailStore(soledad)
+
+        keymanager = yield self.setup_keymanager(self._provider, soledad, account_email, auth.token, auth.uuid)
+
+        smtp_client_cert = self._download_smtp_cert(auth)
+        smtp_host, smtp_port = self._provider.smtp_info()
+        smtp_config = LeapSMTPConfig(account_email, smtp_client_cert, smtp_host, smtp_port)
+
+        leap_session = LeapSession(self._provider, auth, mail_store, soledad, keymanager, smtp_config)
+
+        defer.returnValue(leap_session)
+
+    @defer.inlineCallbacks
+    def setup_soledad(self,
+                      user_token,
+                      user_uuid,
+                      password,
+                      api_cert):
+        secrets = self._secrets_path(user_uuid)
+        local_db = self._local_db_path(user_uuid)
+        server_url = self._provider.discover_soledad_server(user_uuid)
+        try:
+            soledad = yield threads.deferToThread(Soledad,
+                                                  user_uuid,
+                                                  passphrase=unicode(password),
+                                                  secrets_path=secrets,
+                                                  local_db_path=local_db,
+                                                  server_url=server_url,
+                                                  cert_file=api_cert,
+                                                  shared_db=None,
+                                                  auth_token=user_token,
+                                                  defer_encryption=False)
+            defer.returnValue(soledad)
+        except (WrongMacError, UnknownMacMethodError), e:
+            raise SoledadWrongPassphraseException(e)
+
+    @defer.inlineCallbacks
+    def setup_keymanager(self, provider, soledad, account_email, token, uuid):
+        keymanager = yield threads.deferToThread(Keymanager,
+                                                 provider,
+                                                 soledad,
+                                                 account_email,
+                                                 token,
+                                                 uuid)
+        defer.returnValue(keymanager)
+
+    def _download_smtp_cert(self, auth):
+        cert = SmtpClientCertificate(self._provider, auth, self._user_path(auth.uuid))
+        return cert.cert_path()
+
+    def _create_dir(self, path):
+        try:
+            os.makedirs(path)
+        except OSError as exc:
+            if exc.errno == errno.EEXIST and os.path.isdir(path):
+                pass
+            else:
+                raise
+
+    def _user_path(self, user_uuid):
+        return os.path.join(leap_config.leap_home, user_uuid)
+
+    def _soledad_path(self, user_uuid):
+        return os.path.join(leap_config.leap_home, user_uuid, 'soledad')
+
+    def _secrets_path(self, user_uuid):
+        return os.path.join(self._soledad_path(user_uuid), 'secrets')
+
+    def _local_db_path(self, user_uuid):
+        return os.path.join(self._soledad_path(user_uuid), 'soledad.db')
 
-log = logging.getLogger(__name__)
+    def _create_database_dir(self, user_uuid):
+        try:
+            os.makedirs(self._soledad_path(user_uuid))
+        except OSError as exc:
+            if exc.errno == errno.EEXIST and os.path.isdir(self._soledad_path(user_uuid)):
+                pass
+            else:
+                raise
 
 
 class LeapSession(object):
 
-    def __init__(self, provider, user_auth, mail_store, soledad, nicknym, smtp_config):
+    def __init__(self, provider, user_auth, mail_store, soledad, keymanager, smtp_config):
         self.smtp_config = smtp_config
-        self.config = provider.config
         self.provider = provider
         self.user_auth = user_auth
         self.mail_store = mail_store
         self.soledad = soledad
-        self.nicknym = nicknym
+        self.keymanager = keymanager
         self.fresh_account = False
         self.incoming_mail_fetcher = None
         self.account = None
         self._has_been_initially_synced = False
-        self._sem_intial_sync = defer.DeferredLock()
         self._is_closed = False
         register(events.KEYMANAGER_FINISHED_KEY_GENERATION, self._set_fresh_account, uid=self.account_email())
 
     @defer.inlineCallbacks
-    def initial_sync(self):
-        yield self._sem_intial_sync.acquire()
-        try:
-            yield self.sync()
-            if not self._has_been_initially_synced:
-                yield self.after_first_sync()
-                self._has_been_initially_synced = True
-        finally:
-            yield self._sem_intial_sync.release()
-        defer.returnValue(self)
+    def first_required_sync(self):
+        yield self.sync()
+        yield self.finish_bootstrap()
 
     @defer.inlineCallbacks
-    def after_first_sync(self):
-        yield self.nicknym.generate_openpgp_key()
+    def finish_bootstrap(self):
+        yield self.keymanager.generate_openpgp_key()
         yield self._create_account(self.soledad, self.user_auth.uuid)
         self.incoming_mail_fetcher = yield self._create_incoming_mail_fetcher(
-            self.nicknym,
+            self.keymanager,
             self.soledad,
             self.account,
             self.account_email())
@@ -86,7 +165,7 @@ class LeapSession(object):
         return self.account.deferred_initialization
 
     def _set_fresh_account(self, event, email_address):
-        log.debug('Key for email %s has been generated' % email_address)
+        logger.debug('Key for email %s has been generated' % email_address)
         if email_address == self.account_email():
             self.fresh_account = True
 
@@ -115,9 +194,9 @@ class LeapSession(object):
         SessionCache.remove_session(key)
 
     @defer.inlineCallbacks
-    def _create_incoming_mail_fetcher(self, nicknym, soledad, account, user_mail):
+    def _create_incoming_mail_fetcher(self, keymanager, soledad, account, user_mail):
         inbox = yield account.callWhenReady(lambda _: account.get_collection_by_mailbox('INBOX'))
-        defer.returnValue(IncomingMail(nicknym.keymanager,
+        defer.returnValue(IncomingMail(keymanager.keymanager,
                           soledad,
                           inbox,
                           user_mail))
@@ -135,6 +214,33 @@ class LeapSession(object):
             raise
 
 
+class SessionCache(object):
+
+    sessions = {}
+
+    @staticmethod
+    def lookup_session(key):
+        session = SessionCache.sessions.get(key, None)
+        if session is not None and session.is_closed:
+            SessionCache.remove_session(key)
+            return None
+        else:
+            return session
+
+    @staticmethod
+    def remember_session(key, session):
+        SessionCache.sessions[key] = session
+
+    @staticmethod
+    def remove_session(key):
+        if key in SessionCache.sessions:
+            del SessionCache.sessions[key]
+
+    @staticmethod
+    def session_key(provider, username):
+        return hash((provider, username))
+
+
 class SmtpClientCertificate(object):
     def __init__(self, provider, auth, user_path):
         self._provider = provider
@@ -159,7 +265,7 @@ class SmtpClientCertificate(object):
         if not os.path.exists(os.path.dirname(cert_path)):
             os.makedirs(os.path.dirname(cert_path))
 
-        SmtpCertDownloader(self._provider, self._auth).download_to(cert_path)
+        self.download_to(cert_path)
 
     def _smtp_client_cert_path(self):
         return os.path.join(
@@ -168,13 +274,6 @@ class SmtpClientCertificate(object):
             self._provider.domain,
             "keys", "client", "smtp.pem")
 
-
-class SmtpCertDownloader(object):
-
-    def __init__(self, provider, auth):
-        self._provider = provider
-        self._auth = auth
-
     def download(self):
         cert_url = '%s/%s/smtp_cert' % (self._provider.api_uri, self._provider.api_version)
         headers = {}
@@ -185,7 +284,7 @@ class SmtpCertDownloader(object):
             params=params,
             data=params,
             verify=LeapCertificate(self._provider).provider_api_cert,
-            timeout=self._provider.config.timeout_in_s,
+            timeout=15,
             headers=headers)
         response.raise_for_status()
 
@@ -200,102 +299,6 @@ class SmtpCertDownloader(object):
             f.write(client_cert)
 
 
-class LeapSessionFactory(object):
-    def __init__(self, provider):
-        self._provider = provider
-        self._config = provider.config
-
-    def create(self, username, password, auth):
-        key = SessionCache.session_key(self._provider, username)
-        session = SessionCache.lookup_session(key)
-        if not session:
-            session = self._create_new_session(username, password, auth)
-            SessionCache.remember_session(key, session)
-
-        return session
-
-    def _create_new_session(self, username, password, auth):
-        account_email = self._provider.address_for(username)
-
-        self._create_database_dir(auth.uuid)
-
-        soledad = SoledadFactory.create(auth.token,
-                                        auth.uuid,
-                                        password,
-                                        self._secrets_path(auth.uuid),
-                                        self._local_db_path(auth.uuid),
-                                        self._provider.discover_soledad_server(auth.uuid),
-                                        LeapCertificate(self._provider).provider_api_cert)
-
-        mail_store = LeapMailStore(soledad)
-        nicknym = self._create_nicknym(account_email, auth.token, auth.uuid, soledad)
-
-        smtp_client_cert = self._download_smtp_cert(auth)
-        smtp_host, smtp_port = self._provider.smtp_info()
-        smtp_config = LeapSMTPConfig(account_email, smtp_client_cert, smtp_host, smtp_port)
-
-        return LeapSession(self._provider, auth, mail_store, soledad, nicknym, smtp_config)
-
-    def _download_smtp_cert(self, auth):
-        cert = SmtpClientCertificate(self._provider, auth, self._user_path(auth.uuid))
-        return cert.cert_path()
-
-    def _create_dir(self, path):
-        try:
-            os.makedirs(path)
-        except OSError as exc:
-            if exc.errno == errno.EEXIST and os.path.isdir(path):
-                pass
-            else:
-                raise
-
-    def _create_nicknym(self, email_address, token, uuid, soledad):
-        return NickNym(self._provider, self._config, soledad, email_address, token, uuid)
-
-    def _user_path(self, user_uuid):
-        return os.path.join(self._config.leap_home, user_uuid)
-
-    def _soledad_path(self, user_uuid):
-        return os.path.join(self._config.leap_home, user_uuid, 'soledad')
-
-    def _secrets_path(self, user_uuid):
-        return os.path.join(self._soledad_path(user_uuid), 'secrets')
-
-    def _local_db_path(self, user_uuid):
-        return os.path.join(self._soledad_path(user_uuid), 'soledad.db')
-
-    def _create_database_dir(self, user_uuid):
-        try:
-            os.makedirs(self._soledad_path(user_uuid))
-        except OSError as exc:
-            if exc.errno == errno.EEXIST and os.path.isdir(self._soledad_path(user_uuid)):
-                pass
-            else:
-                raise
-
-
-class SessionCache(object):
-
-    sessions = {}
-
-    @staticmethod
-    def lookup_session(key):
-        session = SessionCache.sessions.get(key, None)
-        if session is not None and session.is_closed:
-            SessionCache.remove_session(key)
-            return None
-        else:
-            return session
-
-    @staticmethod
-    def remember_session(key, session):
-        SessionCache.sessions[key] = session
-
-    @staticmethod
-    def remove_session(key):
-        if key in SessionCache.sessions:
-            del SessionCache.sessions[key]
-
-    @staticmethod
-    def session_key(provider, username):
-        return hash((provider, username))
+class SoledadWrongPassphraseException(Exception):
+    def __init__(self, *args, **kwargs):
+        super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs)
diff --git a/service/pixelated/register.py b/service/pixelated/register.py
index 2bdbb27b..93b55872 100644
--- a/service/pixelated/register.py
+++ b/service/pixelated/register.py
@@ -21,9 +21,8 @@ import sys
 from pixelated.config import arguments
 from pixelated.config import logger as logger_config
 from pixelated.bitmask_libraries.certs import LeapCertificate
-from pixelated.bitmask_libraries.config import LeapConfig
 from pixelated.bitmask_libraries.provider import LeapProvider
-from pixelated.bitmask_libraries.session import LeapSessionFactory
+from pixelated.config.sessions import LeapSessionFactory
 from leap.auth import SRPAuth
 from leap.common.events import server as events_server
 import pixelated.extensions.shared_db
@@ -53,7 +52,7 @@ def register(
     events_server.ensure_server()
     LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint)
     config = LeapConfig(leap_home=leap_home)
-    provider = LeapProvider(server_name, config)
+    provider = LeapProvider(server_name)
     LeapCertificate(provider).setup_ca_bundle()
     srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert)
author	Bruno Wagner <bwagner@riseup.net>	2016-08-19 21:37:34 -0300
committer	Bruno Wagner <bwagner@riseup.net>	2016-08-19 21:37:34 -0300
commit	9cdd52be577fff75830c854bd7738ee1649e7083 (patch)
tree	ef560dd628bda40832503250e1325283c49ede83 /service/pixelated
parent	9c5811c6b760415372c6cc67a9d34680c990cdd8 (diff)