From db9917a769edacfffc9ae1166f07473a30471ef2 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Fri, 19 Aug 2016 16:55:28 -0300 Subject: Normalizing single and multi user bootstrap #759 Consolidated authentication to always be done is a defer to thread and changed the authenticate_user method name to conform with what it actually does --- service/pixelated/resources/auth.py | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) (limited to 'service/pixelated/resources/auth.py') diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py index 1e6e293c..5581d080 100644 --- a/service/pixelated/resources/auth.py +++ b/service/pixelated/resources/auth.py @@ -17,12 +17,11 @@ import logging import re -from leap.auth import SRPAuth from leap.exceptions import SRPAuthenticationError from twisted.cred.checkers import ANONYMOUS from twisted.cred.credentials import ICredentials from twisted.cred.error import UnauthorizedLogin -from twisted.internet import defer, threads +from twisted.internet import defer from twisted.web._auth.wrapper import UnauthorizedResource from twisted.web.error import UnsupportedMethod from zope.interface import implements, implementer, Attribute @@ -31,7 +30,7 @@ from twisted.web import util from twisted.cred import error from twisted.web.resource import IResource, ErrorPage -from pixelated.config.leap import authenticate_user +from pixelated.config.leap import create_leap_session, authenticate from pixelated.resources import IPixelatedSession @@ -44,23 +43,18 @@ class LeapPasswordChecker(object): credentials.IUsernamePassword, ) - def __init__(self, leap_provider): - self._leap_provider = leap_provider + def __init__(self, provider): + self.provider = provider + @defer.inlineCallbacks def requestAvatarId(self, credentials): - def _validate_credentials(): - try: - srp_auth = SRPAuth(self._leap_provider.api_uri, self._leap_provider.local_ca_crt) - return srp_auth.authenticate(credentials.username, credentials.password) - except SRPAuthenticationError: - raise UnauthorizedLogin() - - def _get_leap_session(srp_auth): - return authenticate_user(self._leap_provider, credentials.username, credentials.password, auth=srp_auth) - - d = threads.deferToThread(_validate_credentials) - d.addCallback(_get_leap_session) - return d + try: + auth = yield authenticate(self.provider, credentials.username, credentials.password) + except SRPAuthenticationError: + raise UnauthorizedLogin() + + leap_session = yield create_leap_session(self.provider, credentials.username, credentials.password, auth) + defer.returnValue(leap_session) class ISessionCredential(ICredentials): -- cgit v1.2.3