5 files changed, 13 insertions, 48 deletions
diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index d393b656..fbcc42c0 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -24,7 +24,7 @@ from leap.soledad.common.errors import InvalidAuthTokenError
 from twisted.logger import Logger
 from twisted.conch import manhole_tap
 from twisted.cred import portal
-from twisted.cred.checkers import AllowAnonymousAccess, FilePasswordDB
+from twisted.cred.checkers import AllowAnonymousAccess
 from twisted.internet import defer
 from twisted.internet import reactor
 from twisted.internet import ssl
@@ -36,7 +36,7 @@ from pixelated.config import services
 from pixelated.config.leap import initialize_leap_single_user, init_monkeypatches, initialize_leap_provider
 from pixelated.config.services import ServicesFactory, SingleUserServicesFactory
 from pixelated.config.site import PixelatedSite
-from pixelated.resources.auth import LeapPasswordChecker, PixelatedRealm, PixelatedAuthSessionWrapper, SessionChecker
+from pixelated.resources.auth import PixelatedRealm, PixelatedAuthSessionWrapper, SessionChecker
 from pixelated.resources.login_resource import LoginResource
 from pixelated.resources.root_resource import RootResource
 
@@ -152,12 +152,11 @@ def _setup_multi_user(args, root_resource, services_factory):
     return protected_resource
 
 
-def set_up_protected_resources(root_resource, provider, services_factory, checker=None, banner=None, authenticator=None):
-    checker = checker or LeapPasswordChecker(provider)
+def set_up_protected_resources(root_resource, provider, services_factory, banner=None, authenticator=None):
     session_checker = SessionChecker(services_factory)
 
     realm = PixelatedRealm()
-    _portal = portal.Portal(realm, [checker, session_checker, AllowAnonymousAccess()])
+    _portal = portal.Portal(realm, [session_checker, AllowAnonymousAccess()])
 
     anonymous_resource = LoginResource(services_factory, provider, disclaimer_banner=banner, authenticator=authenticator)
     protected_resource = PixelatedAuthSessionWrapper(_portal, root_resource, anonymous_resource, [])
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 0c43fd85..4e9d8394 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -62,17 +62,8 @@ def initialize_leap_single_user(leap_provider_cert,
     defer.returnValue(leap_session)
 
 
-@defer.inlineCallbacks
-def authenticate(provider, user, password):
-    srp_provider = Api(provider.api_uri)
-    credentials = Credentials(user, password)
-    srp_auth = Session(credentials, srp_provider, provider.local_ca_crt)
-    yield srp_auth.authenticate()
-    defer.returnValue(Authentication(user, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False}))
-
-
 def init_monkeypatches():
-    pass
+    import pixelated.extensions.requests_urllib3
 
 
 class BootstrapUserServices(object):
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 3afbbc36..adac985f 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -16,47 +16,23 @@
 
 import re
 
-from zope.interface import implements, implementer, Attribute
+from pixelated.resources import IPixelatedSession
+from twisted.cred import error
+from twisted.cred import portal, checkers
 from twisted.cred.checkers import ANONYMOUS
 from twisted.cred.credentials import ICredentials
-from twisted.cred.error import UnauthorizedLogin
 from twisted.internet import defer
+from twisted.logger import Logger
+from twisted.web import util
 from twisted.web._auth.wrapper import UnauthorizedResource
 from twisted.web.error import UnsupportedMethod
-from twisted.cred import portal, checkers, credentials
-from twisted.web import util
-from twisted.cred import error
 from twisted.web.resource import IResource, ErrorPage
-from twisted.logger import Logger
-
-from leap.bitmask.bonafide._srp import SRPAuthError
-from pixelated.config.leap import create_leap_session, authenticate
-from pixelated.resources import IPixelatedSession
+from zope.interface import implements, implementer, Attribute
 
 
 log = Logger()
 
 
-@implementer(checkers.ICredentialsChecker)
-class LeapPasswordChecker(object):
-    credentialInterfaces = (
-        credentials.IUsernamePassword,
-    )
-
-    def __init__(self, provider):
-        self.provider = provider
-
-    @defer.inlineCallbacks
-    def requestAvatarId(self, credentials):
-        try:
-            auth = yield authenticate(self.provider, credentials.username, credentials.password)
-        except SRPAuthError:
-            raise UnauthorizedLogin()
-
-        leap_session = yield create_leap_session(self.provider, credentials.username, credentials.password, auth)
-        defer.returnValue(leap_session)
-
-
 class ISessionCredential(ICredentials):
 
     request = Attribute('the current request')
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index e4169584..d52c85c0 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -223,11 +223,10 @@ class AppTestClient(object):
         else:
             self.service_factory = StubServicesFactory(self.accounts, mode)
             provider = mock()
-            srp_checker = StubSRPChecker(provider)
             bonafide_checker = StubAuthenticator(provider)
             bonafide_checker.add_user('username', 'password')
 
-            self.resource = set_up_protected_resources(RootResource(self.service_factory), provider, self.service_factory, checker=srp_checker, authenticator=bonafide_checker)
+            self.resource = set_up_protected_resources(RootResource(self.service_factory), provider, self.service_factory, authenticator=bonafide_checker)
 
     @defer.inlineCallbacks
     def create_user(self, account_name):
diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py
index 79ab64c1..82acb210 100644
--- a/service/test/support/integration/multi_user_client.py
+++ b/service/test/support/integration/multi_user_client.py
@@ -48,7 +48,7 @@ class MultiUserClient(AppTestClient):
         root_resource = RootResource(self.service_factory)
         leap_provider = mock()
         self.credentials_checker = StubSRPChecker(leap_provider)
-        self.resource = set_up_protected_resources(root_resource, leap_provider, self.service_factory, checker=self.credentials_checker)
+        self.resource = set_up_protected_resources(root_resource, leap_provider, self.service_factory)
 
     def _mock_bonafide_auth(self, username, password):
         if username == 'username' and password == 'password':