| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Issue #684
|
|
|
|
|
|
for all cases, not just when it is csrf valid.
Issue #684
|
|
using the cache
Issue #773
|
|
|
|
In order to replace leap_auth with bonafide, we created a
class to hold the user credentials
|
|
|
|
|
|
The start_plugins part of the manhole initialization
was being initialized, logging lines and creating a
file whenever the user agent was started, as opposed
to only when the manhole option is active
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If we get any problem with the upload of the user's public key,
we are deleting the key pair from the local database and denying
login. That way, a new login will have a chance to regenerate the
key and upload it properly.
|
|
|
|
This still uses the SRPSession object to hold the credentials
so we don't have to adapt the rest of the user agent code
|
|
In case a user was being logged out and there's a soledad invalid
auth token error, there might be an inconsistent state where the
user session doesn't exist when this second logout is tried.
This was breaking the login for that user until the next UA restart,
I adapted the code to make logging out an user idempotent to
prevent this corner case
|
|
We were always sending the public key to nicknym, even if it was
already there. The send_key method purpose is to update the public
key in case a new pair is created and shouldn't be done at every
login
|
|
Register was trying to use LeapConfig and breaking
when trying to register users
|
|
The interstitial was being read at every login
request, that was a blocking read on the main
loop for every user.
That file was also being opened and not closed
at every request, that would aggravate the
'too many open files' problem
|
|
Since we are creating the combined certificates at the beginning
of the UA and using it for multiple users, it makes more sense to
create it in the leap folder instead of on a temporary file
This bundle will be updated on every UA start
|
|
With this change we don't have to create the combined_ca_bundle
for every user at every login.
To support this change, we started migrating away from the
LeapCertificate class that was making the LeapProvider setup
more brittle
|
|
|
|
SMTP json is a blocking HTTP request that was taking ~1 sec
of the session creation. We moved it to the UA initialization
|
|
In some cases, the default home was not expanding
the user part of the path and was causing errors,
now we make sure the path is expanded when setting
the default value
|
|
Soledad json must only be downloaded after we
fetch the api provider certificate, we can't
make the request for it before having this cert
|
|
|
|
Now we can clock how long a piece of code takes
to execute without being constrained by whole
method like we were with the decorator
|
|
Started adapting get_leap_session to deferreds
Soledad and keymanager setup calls will now
happen in deferreds and leap session creation
itself is a deferred with callbacks
This is a start in breaking the big blocking
calls we were doing on the main thread, this
was done without changing code inside the
leap libraries yet so things can be further
optimized
This breaks the ~4 seconds get_leap_session
piece into smaller 1 seconds one, that can be
further optimized and deferred to even smaller
calls
There are requests calls happening on the main
thread that should get this number even further
down
Also moved some pieces from bitmask libraries
to our bootstrap, because they are not bitmask
libraries anymore and that was causing confusion
|
|
Authentication is now consistently done before
creating the leap session, so I removed the
auth attempt from inside the leap session
factory
|
|
Consolidated authentication to always be
done is a defer to thread and changed the
authenticate_user method name to conform
with what it actually does
|
|
It is already done earlier in the bootstrap and
is not user specific, so shouldn't be done on
user bootstrap
|
|
|
|
|
|
|
|
The previous behaviour only checked xsrf-token in headers, but it can be
informed in a token as well.
|
|
|
|
services sessions
|
|
|
|
Previously some attachments were being showed as UNNAMED. This change fix it and
creates propers tests for attachments.
See: #608
|
|
See: #608
|
|
handling during multi-user boostrap
- reactor.stop will not work if the reactor is not running. This will make sure it will be stopped on bootstrap errors now.
- added a wrapper that returns a defer.fail for exceptions thrown during the multi-user boostrap
- Issue #535
|
|
This is needed as we need to provide empty FEEDBACK_URL, just to remind that it can be set if desired
Issue #710
|
|
Some keymanager api was updated, so we needed to update some calls.
|
