diff options
Diffstat (limited to 'service')
-rw-r--r-- | service/pixelated/application.py | 9 | ||||
-rw-r--r-- | service/pixelated/config/leap.py | 11 | ||||
-rw-r--r-- | service/pixelated/resources/auth.py | 36 | ||||
-rw-r--r-- | service/test/support/integration/app_test_client.py | 3 | ||||
-rw-r--r-- | service/test/support/integration/multi_user_client.py | 2 |
5 files changed, 13 insertions, 48 deletions
diff --git a/service/pixelated/application.py b/service/pixelated/application.py index d393b656..fbcc42c0 100644 --- a/service/pixelated/application.py +++ b/service/pixelated/application.py @@ -24,7 +24,7 @@ from leap.soledad.common.errors import InvalidAuthTokenError from twisted.logger import Logger from twisted.conch import manhole_tap from twisted.cred import portal -from twisted.cred.checkers import AllowAnonymousAccess, FilePasswordDB +from twisted.cred.checkers import AllowAnonymousAccess from twisted.internet import defer from twisted.internet import reactor from twisted.internet import ssl @@ -36,7 +36,7 @@ from pixelated.config import services from pixelated.config.leap import initialize_leap_single_user, init_monkeypatches, initialize_leap_provider from pixelated.config.services import ServicesFactory, SingleUserServicesFactory from pixelated.config.site import PixelatedSite -from pixelated.resources.auth import LeapPasswordChecker, PixelatedRealm, PixelatedAuthSessionWrapper, SessionChecker +from pixelated.resources.auth import PixelatedRealm, PixelatedAuthSessionWrapper, SessionChecker from pixelated.resources.login_resource import LoginResource from pixelated.resources.root_resource import RootResource @@ -152,12 +152,11 @@ def _setup_multi_user(args, root_resource, services_factory): return protected_resource -def set_up_protected_resources(root_resource, provider, services_factory, checker=None, banner=None, authenticator=None): - checker = checker or LeapPasswordChecker(provider) +def set_up_protected_resources(root_resource, provider, services_factory, banner=None, authenticator=None): session_checker = SessionChecker(services_factory) realm = PixelatedRealm() - _portal = portal.Portal(realm, [checker, session_checker, AllowAnonymousAccess()]) + _portal = portal.Portal(realm, [session_checker, AllowAnonymousAccess()]) anonymous_resource = LoginResource(services_factory, provider, disclaimer_banner=banner, authenticator=authenticator) protected_resource = PixelatedAuthSessionWrapper(_portal, root_resource, anonymous_resource, []) diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py index 0c43fd85..4e9d8394 100644 --- a/service/pixelated/config/leap.py +++ b/service/pixelated/config/leap.py @@ -62,17 +62,8 @@ def initialize_leap_single_user(leap_provider_cert, defer.returnValue(leap_session) -@defer.inlineCallbacks -def authenticate(provider, user, password): - srp_provider = Api(provider.api_uri) - credentials = Credentials(user, password) - srp_auth = Session(credentials, srp_provider, provider.local_ca_crt) - yield srp_auth.authenticate() - defer.returnValue(Authentication(user, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False})) - - def init_monkeypatches(): - pass + import pixelated.extensions.requests_urllib3 class BootstrapUserServices(object): diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py index 3afbbc36..adac985f 100644 --- a/service/pixelated/resources/auth.py +++ b/service/pixelated/resources/auth.py @@ -16,47 +16,23 @@ import re -from zope.interface import implements, implementer, Attribute +from pixelated.resources import IPixelatedSession +from twisted.cred import error +from twisted.cred import portal, checkers from twisted.cred.checkers import ANONYMOUS from twisted.cred.credentials import ICredentials -from twisted.cred.error import UnauthorizedLogin from twisted.internet import defer +from twisted.logger import Logger +from twisted.web import util from twisted.web._auth.wrapper import UnauthorizedResource from twisted.web.error import UnsupportedMethod -from twisted.cred import portal, checkers, credentials -from twisted.web import util -from twisted.cred import error from twisted.web.resource import IResource, ErrorPage -from twisted.logger import Logger - -from leap.bitmask.bonafide._srp import SRPAuthError -from pixelated.config.leap import create_leap_session, authenticate -from pixelated.resources import IPixelatedSession +from zope.interface import implements, implementer, Attribute log = Logger() -@implementer(checkers.ICredentialsChecker) -class LeapPasswordChecker(object): - credentialInterfaces = ( - credentials.IUsernamePassword, - ) - - def __init__(self, provider): - self.provider = provider - - @defer.inlineCallbacks - def requestAvatarId(self, credentials): - try: - auth = yield authenticate(self.provider, credentials.username, credentials.password) - except SRPAuthError: - raise UnauthorizedLogin() - - leap_session = yield create_leap_session(self.provider, credentials.username, credentials.password, auth) - defer.returnValue(leap_session) - - class ISessionCredential(ICredentials): request = Attribute('the current request') diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index e4169584..d52c85c0 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -223,11 +223,10 @@ class AppTestClient(object): else: self.service_factory = StubServicesFactory(self.accounts, mode) provider = mock() - srp_checker = StubSRPChecker(provider) bonafide_checker = StubAuthenticator(provider) bonafide_checker.add_user('username', 'password') - self.resource = set_up_protected_resources(RootResource(self.service_factory), provider, self.service_factory, checker=srp_checker, authenticator=bonafide_checker) + self.resource = set_up_protected_resources(RootResource(self.service_factory), provider, self.service_factory, authenticator=bonafide_checker) @defer.inlineCallbacks def create_user(self, account_name): diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py index 79ab64c1..82acb210 100644 --- a/service/test/support/integration/multi_user_client.py +++ b/service/test/support/integration/multi_user_client.py @@ -48,7 +48,7 @@ class MultiUserClient(AppTestClient): root_resource = RootResource(self.service_factory) leap_provider = mock() self.credentials_checker = StubSRPChecker(leap_provider) - self.resource = set_up_protected_resources(root_resource, leap_provider, self.service_factory, checker=self.credentials_checker) + self.resource = set_up_protected_resources(root_resource, leap_provider, self.service_factory) def _mock_bonafide_auth(self, username, password): if username == 'username' and password == 'password': |