From fe9940276ce3d88c39471f23c298097480ad36b2 Mon Sep 17 00:00:00 2001 From: Thais Siqueira Date: Tue, 14 Mar 2017 11:30:27 -0300 Subject: [#924] Implements update recovery code through bitmask with @anikarni --- service/pixelated/account_recovery.py | 31 ++++++++++++++++++++++ service/pixelated/application.py | 9 ++++--- service/pixelated/authentication.py | 11 +++++--- .../pixelated/resources/backup_account_resource.py | 23 ++++++++++++++-- service/pixelated/resources/login_resource.py | 2 +- service/pixelated/resources/root_resource.py | 2 +- 6 files changed, 68 insertions(+), 10 deletions(-) create mode 100644 service/pixelated/account_recovery.py (limited to 'service/pixelated') diff --git a/service/pixelated/account_recovery.py b/service/pixelated/account_recovery.py new file mode 100644 index 00000000..405b572a --- /dev/null +++ b/service/pixelated/account_recovery.py @@ -0,0 +1,31 @@ +# +# Copyright (c) 2017 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see . +from twisted.internet.defer import inlineCallbacks, returnValue +import traceback + + +class AccountRecovery(object): + def __init__(self, session): + self._session = session + + @inlineCallbacks + def update_recovery_code(self, recovery_code): + try: + response = yield self._session.update_recovery_code(recovery_code) + returnValue(response) + except Exception as e: + traceback.print_exc(e) + raise diff --git a/service/pixelated/application.py b/service/pixelated/application.py index 46e5ba85..ef99d47c 100644 --- a/service/pixelated/application.py +++ b/service/pixelated/application.py @@ -30,6 +30,7 @@ from twisted.internet import reactor from twisted.internet import ssl from pixelated.adapter.welcome_mail import add_welcome_mail +from pixelated.authentication import Authenticator from pixelated.config import arguments from pixelated.config import logger from pixelated.config import services @@ -60,7 +61,8 @@ def start_user_agent_in_single_user_mode(root_resource, services_factory, leap_h services_factory.add_session(leap_session.user_auth.uuid, _services) - root_resource.initialize(provider=leap_session.provider) + authenticator = Authenticator(leap_session.provider) + root_resource.initialize(provider=leap_session.provider, authenticator=authenticator) # soledad needs lots of threads reactor.getThreadPool().adjustPoolsize(5, 15) @@ -153,14 +155,15 @@ def _setup_multi_user(args, root_resource, services_factory): def set_up_protected_resources(root_resource, provider, services_factory, banner=None, authenticator=None): + auth = authenticator or Authenticator(provider) session_checker = SessionChecker(services_factory) realm = PixelatedRealm() _portal = portal.Portal(realm, [session_checker, AllowAnonymousAccess()]) - anonymous_resource = LoginResource(services_factory, provider, disclaimer_banner=banner, authenticator=authenticator) + anonymous_resource = LoginResource(services_factory, provider, disclaimer_banner=banner, authenticator=auth) protected_resource = PixelatedAuthSessionWrapper(_portal, root_resource, anonymous_resource, []) - root_resource.initialize(provider, disclaimer_banner=banner, authenticator=authenticator) + root_resource.initialize(provider, disclaimer_banner=banner, authenticator=auth) return protected_resource diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py index 983086ce..27d6035a 100644 --- a/service/pixelated/authentication.py +++ b/service/pixelated/authentication.py @@ -30,6 +30,7 @@ class Authenticator(object): def __init__(self, leap_provider): self._leap_provider = leap_provider self.domain = leap_provider.server_name + self.bonafide_sesssion = None @inlineCallbacks def authenticate(self, username, password): @@ -49,9 +50,13 @@ class Authenticator(object): def _bonafide_auth(self, user, password): srp_provider = Api(self._leap_provider.api_uri) credentials = Credentials(user, password) - srp_auth = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) - yield srp_auth.authenticate() - returnValue(Authentication(user, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False})) + self.bonafide_sesssion = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) + yield self.bonafide_sesssion.authenticate() + returnValue(Authentication(user, + self.bonafide_sesssion.token, + self.bonafide_sesssion.uuid, + 'session_id', + {'is_admin': False})) def clean_username(self, username): if '@' not in username: diff --git a/service/pixelated/resources/backup_account_resource.py b/service/pixelated/resources/backup_account_resource.py index f1eeee53..d7e081d6 100644 --- a/service/pixelated/resources/backup_account_resource.py +++ b/service/pixelated/resources/backup_account_resource.py @@ -20,7 +20,9 @@ from xml.sax import SAXParseException from pixelated.resources import BaseResource from twisted.python.filepath import FilePath from pixelated.resources import get_protected_static_folder -from twisted.web.http import OK +from pixelated.account_recovery import AccountRecovery +from twisted.web.http import OK, NO_CONTENT, INTERNAL_SERVER_ERROR +from twisted.web.server import NOT_DONE_YET from twisted.web.template import Element, XMLFile, renderElement @@ -34,8 +36,9 @@ class BackupAccountPage(Element): class BackupAccountResource(BaseResource): isLeaf = True - def __init__(self, services_factory): + def __init__(self, services_factory, authenticator): BaseResource.__init__(self, services_factory) + self._authenticator = authenticator def render_GET(self, request): request.setResponseCode(OK) @@ -44,3 +47,19 @@ class BackupAccountResource(BaseResource): def _render_template(self, request): site = BackupAccountPage() return renderElement(request, site) + + def render_POST(self, request): + account_recovery = AccountRecovery(self._authenticator.bonafide_sesssion) + + def update_response(response): + request.setResponseCode(NO_CONTENT) + request.finish() + + def error_response(response): + request.setResponseCode(INTERNAL_SERVER_ERROR) + request.finish() + + d = account_recovery.update_recovery_code("123") + d.addCallbacks(update_response) + d.addErrback(error_response) + return NOT_DONE_YET diff --git a/service/pixelated/resources/login_resource.py b/service/pixelated/resources/login_resource.py index 5adfadf9..3e1200d7 100644 --- a/service/pixelated/resources/login_resource.py +++ b/service/pixelated/resources/login_resource.py @@ -86,7 +86,7 @@ class LoginResource(BaseResource): BaseResource.__init__(self, services_factory) self._disclaimer_banner = disclaimer_banner self._provider = provider - self._authenticator = authenticator or Authenticator(provider) + self._authenticator = authenticator self._bootstrap_user_services = BootstrapUserServices(services_factory, provider) static_folder = get_public_static_folder() diff --git a/service/pixelated/resources/root_resource.py b/service/pixelated/resources/root_resource.py index 320a1204..10d57c6f 100644 --- a/service/pixelated/resources/root_resource.py +++ b/service/pixelated/resources/root_resource.py @@ -91,7 +91,7 @@ class RootResource(BaseResource): def initialize(self, provider=None, disclaimer_banner=None, authenticator=None): self._child_resources.add('assets', File(self._protected_static_folder)) - self._child_resources.add('backup-account', BackupAccountResource(self._services_factory)) + self._child_resources.add('backup-account', BackupAccountResource(self._services_factory, authenticator)) self._child_resources.add('sandbox', SandboxResource(self._protected_static_folder)) self._child_resources.add('keys', KeysResource(self._services_factory)) self._child_resources.add(AttachmentsResource.BASE_URL, AttachmentsResource(self._services_factory)) -- cgit v1.2.3 From f904bf312c08dfb0c81783e892560e49a5d87221 Mon Sep 17 00:00:00 2001 From: Thais Siqueira Date: Wed, 15 Mar 2017 11:10:46 -0300 Subject: [#924] Fix typo on bonafide session variable name. with @anikarni --- service/pixelated/authentication.py | 10 +++++----- service/pixelated/resources/backup_account_resource.py | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'service/pixelated') diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py index 27d6035a..b5edbec0 100644 --- a/service/pixelated/authentication.py +++ b/service/pixelated/authentication.py @@ -30,7 +30,7 @@ class Authenticator(object): def __init__(self, leap_provider): self._leap_provider = leap_provider self.domain = leap_provider.server_name - self.bonafide_sesssion = None + self.bonafide_session = None @inlineCallbacks def authenticate(self, username, password): @@ -50,11 +50,11 @@ class Authenticator(object): def _bonafide_auth(self, user, password): srp_provider = Api(self._leap_provider.api_uri) credentials = Credentials(user, password) - self.bonafide_sesssion = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) - yield self.bonafide_sesssion.authenticate() + self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt) + yield self.bonafide_session.authenticate() returnValue(Authentication(user, - self.bonafide_sesssion.token, - self.bonafide_sesssion.uuid, + self.bonafide_session.token, + self.bonafide_session.uuid, 'session_id', {'is_admin': False})) diff --git a/service/pixelated/resources/backup_account_resource.py b/service/pixelated/resources/backup_account_resource.py index d7e081d6..3d95879c 100644 --- a/service/pixelated/resources/backup_account_resource.py +++ b/service/pixelated/resources/backup_account_resource.py @@ -49,7 +49,7 @@ class BackupAccountResource(BaseResource): return renderElement(request, site) def render_POST(self, request): - account_recovery = AccountRecovery(self._authenticator.bonafide_sesssion) + account_recovery = AccountRecovery(self._authenticator.bonafide_session) def update_response(response): request.setResponseCode(NO_CONTENT) -- cgit v1.2.3 From 69cb3dac9142540d48c644a6367afc0a3cdbdb44 Mon Sep 17 00:00:00 2001 From: Thais Siqueira Date: Wed, 15 Mar 2017 11:14:59 -0300 Subject: [#924] Logs warning when saving recovery code. with @anikarni --- service/pixelated/account_recovery.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'service/pixelated') diff --git a/service/pixelated/account_recovery.py b/service/pixelated/account_recovery.py index 405b572a..39614b4c 100644 --- a/service/pixelated/account_recovery.py +++ b/service/pixelated/account_recovery.py @@ -14,7 +14,9 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see . from twisted.internet.defer import inlineCallbacks, returnValue -import traceback +from twisted.logger import Logger + +log = Logger() class AccountRecovery(object): @@ -27,5 +29,5 @@ class AccountRecovery(object): response = yield self._session.update_recovery_code(recovery_code) returnValue(response) except Exception as e: - traceback.print_exc(e) + log.warn('Something went wrong when trying to save the recovery code') raise -- cgit v1.2.3 From ea8ca5d0551e742a14ecabb5f23663c5e3e14c21 Mon Sep 17 00:00:00 2001 From: Thais Siqueira Date: Wed, 15 Mar 2017 11:20:00 -0300 Subject: [#924] Simplifies callback chain for recovery code call. with @anikarni --- service/pixelated/resources/backup_account_resource.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'service/pixelated') diff --git a/service/pixelated/resources/backup_account_resource.py b/service/pixelated/resources/backup_account_resource.py index 3d95879c..0b73bc35 100644 --- a/service/pixelated/resources/backup_account_resource.py +++ b/service/pixelated/resources/backup_account_resource.py @@ -60,6 +60,5 @@ class BackupAccountResource(BaseResource): request.finish() d = account_recovery.update_recovery_code("123") - d.addCallbacks(update_response) - d.addErrback(error_response) + d.addCallbacks(update_response, error_response) return NOT_DONE_YET -- cgit v1.2.3