summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
Diffstat (limited to 'service')
-rw-r--r--service/pixelated/application.py9
-rw-r--r--service/pixelated/config/leap.py11
-rw-r--r--service/pixelated/resources/auth.py36
-rw-r--r--service/test/support/integration/app_test_client.py3
-rw-r--r--service/test/support/integration/multi_user_client.py2
5 files changed, 13 insertions, 48 deletions
diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index d393b656..fbcc42c0 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -24,7 +24,7 @@ from leap.soledad.common.errors import InvalidAuthTokenError
from twisted.logger import Logger
from twisted.conch import manhole_tap
from twisted.cred import portal
-from twisted.cred.checkers import AllowAnonymousAccess, FilePasswordDB
+from twisted.cred.checkers import AllowAnonymousAccess
from twisted.internet import defer
from twisted.internet import reactor
from twisted.internet import ssl
@@ -36,7 +36,7 @@ from pixelated.config import services
from pixelated.config.leap import initialize_leap_single_user, init_monkeypatches, initialize_leap_provider
from pixelated.config.services import ServicesFactory, SingleUserServicesFactory
from pixelated.config.site import PixelatedSite
-from pixelated.resources.auth import LeapPasswordChecker, PixelatedRealm, PixelatedAuthSessionWrapper, SessionChecker
+from pixelated.resources.auth import PixelatedRealm, PixelatedAuthSessionWrapper, SessionChecker
from pixelated.resources.login_resource import LoginResource
from pixelated.resources.root_resource import RootResource
@@ -152,12 +152,11 @@ def _setup_multi_user(args, root_resource, services_factory):
return protected_resource
-def set_up_protected_resources(root_resource, provider, services_factory, checker=None, banner=None, authenticator=None):
- checker = checker or LeapPasswordChecker(provider)
+def set_up_protected_resources(root_resource, provider, services_factory, banner=None, authenticator=None):
session_checker = SessionChecker(services_factory)
realm = PixelatedRealm()
- _portal = portal.Portal(realm, [checker, session_checker, AllowAnonymousAccess()])
+ _portal = portal.Portal(realm, [session_checker, AllowAnonymousAccess()])
anonymous_resource = LoginResource(services_factory, provider, disclaimer_banner=banner, authenticator=authenticator)
protected_resource = PixelatedAuthSessionWrapper(_portal, root_resource, anonymous_resource, [])
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 0c43fd85..4e9d8394 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -62,17 +62,8 @@ def initialize_leap_single_user(leap_provider_cert,
defer.returnValue(leap_session)
-@defer.inlineCallbacks
-def authenticate(provider, user, password):
- srp_provider = Api(provider.api_uri)
- credentials = Credentials(user, password)
- srp_auth = Session(credentials, srp_provider, provider.local_ca_crt)
- yield srp_auth.authenticate()
- defer.returnValue(Authentication(user, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False}))
-
-
def init_monkeypatches():
- pass
+ import pixelated.extensions.requests_urllib3
class BootstrapUserServices(object):
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 3afbbc36..adac985f 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -16,47 +16,23 @@
import re
-from zope.interface import implements, implementer, Attribute
+from pixelated.resources import IPixelatedSession
+from twisted.cred import error
+from twisted.cred import portal, checkers
from twisted.cred.checkers import ANONYMOUS
from twisted.cred.credentials import ICredentials
-from twisted.cred.error import UnauthorizedLogin
from twisted.internet import defer
+from twisted.logger import Logger
+from twisted.web import util
from twisted.web._auth.wrapper import UnauthorizedResource
from twisted.web.error import UnsupportedMethod
-from twisted.cred import portal, checkers, credentials
-from twisted.web import util
-from twisted.cred import error
from twisted.web.resource import IResource, ErrorPage
-from twisted.logger import Logger
-
-from leap.bitmask.bonafide._srp import SRPAuthError
-from pixelated.config.leap import create_leap_session, authenticate
-from pixelated.resources import IPixelatedSession
+from zope.interface import implements, implementer, Attribute
log = Logger()
-@implementer(checkers.ICredentialsChecker)
-class LeapPasswordChecker(object):
- credentialInterfaces = (
- credentials.IUsernamePassword,
- )
-
- def __init__(self, provider):
- self.provider = provider
-
- @defer.inlineCallbacks
- def requestAvatarId(self, credentials):
- try:
- auth = yield authenticate(self.provider, credentials.username, credentials.password)
- except SRPAuthError:
- raise UnauthorizedLogin()
-
- leap_session = yield create_leap_session(self.provider, credentials.username, credentials.password, auth)
- defer.returnValue(leap_session)
-
-
class ISessionCredential(ICredentials):
request = Attribute('the current request')
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index e4169584..d52c85c0 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -223,11 +223,10 @@ class AppTestClient(object):
else:
self.service_factory = StubServicesFactory(self.accounts, mode)
provider = mock()
- srp_checker = StubSRPChecker(provider)
bonafide_checker = StubAuthenticator(provider)
bonafide_checker.add_user('username', 'password')
- self.resource = set_up_protected_resources(RootResource(self.service_factory), provider, self.service_factory, checker=srp_checker, authenticator=bonafide_checker)
+ self.resource = set_up_protected_resources(RootResource(self.service_factory), provider, self.service_factory, authenticator=bonafide_checker)
@defer.inlineCallbacks
def create_user(self, account_name):
diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py
index 79ab64c1..82acb210 100644
--- a/service/test/support/integration/multi_user_client.py
+++ b/service/test/support/integration/multi_user_client.py
@@ -48,7 +48,7 @@ class MultiUserClient(AppTestClient):
root_resource = RootResource(self.service_factory)
leap_provider = mock()
self.credentials_checker = StubSRPChecker(leap_provider)
- self.resource = set_up_protected_resources(root_resource, leap_provider, self.service_factory, checker=self.credentials_checker)
+ self.resource = set_up_protected_resources(root_resource, leap_provider, self.service_factory)
def _mock_bonafide_auth(self, username, password):
if username == 'username' and password == 'password':