From db9917a769edacfffc9ae1166f07473a30471ef2 Mon Sep 17 00:00:00 2001
From: Bruno Wagner <bwagner@riseup.net>
Date: Fri, 19 Aug 2016 16:55:28 -0300
Subject: Normalizing single and multi user bootstrap #759

Consolidated authentication to always be
done is a defer to thread and changed the
authenticate_user method name to conform
with what it actually does
---
 service/pixelated/config/leap.py    | 50 ++++++++++++++++++-------------------
 service/pixelated/maintenance.py    |  7 +-----
 service/pixelated/resources/auth.py | 30 +++++++++-------------
 3 files changed, 38 insertions(+), 49 deletions(-)

(limited to 'service/pixelated')

diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index f61d3af7..9d0a35c4 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -1,15 +1,16 @@
 from __future__ import absolute_import
+import logging
+from twisted.internet import defer, threads
 from leap.common.events import (server as events_server)
 from leap.soledad.common.errors import InvalidAuthTokenError
+from leap.auth import SRPAuth
 
 from pixelated.config import credentials
 from pixelated.bitmask_libraries.config import LeapConfig
 from pixelated.bitmask_libraries.certs import LeapCertificate
 from pixelated.bitmask_libraries.provider import LeapProvider
 from pixelated.bitmask_libraries.session import LeapSessionFactory
-from twisted.internet import defer
 
-import logging
 log = logging.getLogger(__name__)
 
 
@@ -37,29 +38,18 @@ def initialize_leap_multi_user(provider_hostname,
     defer.returnValue((config, provider))
 
 
-def _create_session(provider, username, password, auth):
-    return LeapSessionFactory(provider).create(username, password, auth)
-
-
-def _force_close_session(session):
-    try:
-        session.close()
-    except Exception, e:
-        log.error(e)
-
-
 @defer.inlineCallbacks
-def authenticate_user(provider, username, password, initial_sync=True, auth=None):
-    leap_session = _create_session(provider, username, password, auth)
+def create_leap_session(provider, username, password, auth=None):
+    leap_session = LeapSessionFactory(provider).create(username, password, auth)
     try:
-        if initial_sync:
-            yield leap_session.initial_sync()
+        yield leap_session.initial_sync()
     except InvalidAuthTokenError:
-        _force_close_session(leap_session)
-
-        leap_session = _create_session(provider, username, password, auth)
-        if initial_sync:
-            yield leap_session.initial_sync()
+        try:
+            leap_session.close()
+        except Exception, e:
+            log.error(e)
+        leap_session = LeapSessionFactory(provider).create(username, password, auth)
+        yield leap_session.initial_sync()
 
     defer.returnValue(leap_session)
 
@@ -68,8 +58,7 @@ def authenticate_user(provider, username, password, initial_sync=True, auth=None
 def initialize_leap_single_user(leap_provider_cert,
                                 leap_provider_cert_fingerprint,
                                 credentials_file,
-                                leap_home,
-                                initial_sync=True):
+                                leap_home):
 
     init_monkeypatches()
     events_server.ensure_server()
@@ -78,10 +67,21 @@ def initialize_leap_single_user(leap_provider_cert,
 
     config, provider = initialize_leap_provider(provider, leap_provider_cert, leap_provider_cert_fingerprint, leap_home)
 
-    leap_session = yield authenticate_user(provider, username, password, initial_sync=initial_sync)
+    try:
+        auth = yield authenticate(provider, username, password)
+    except SRPAuthenticationError:
+        raise UnauthorizedLogin()
+
+    leap_session = yield create_leap_session(provider, username, password, auth)
 
     defer.returnValue(leap_session)
 
 
+def authenticate(provider, user, password):
+    srp_auth = SRPAuth(provider.api_uri, provider.local_ca_crt)
+    d = threads.deferToThread(srp_auth.authenticate, user, password)
+    return d
+
+
 def init_monkeypatches():
     import pixelated.extensions.requests_urllib3
diff --git a/service/pixelated/maintenance.py b/service/pixelated/maintenance.py
index 7809b13d..3b216304 100644
--- a/service/pixelated/maintenance.py
+++ b/service/pixelated/maintenance.py
@@ -47,8 +47,7 @@ def initialize():
             args.leap_provider_cert,
             args.leap_provider_cert_fingerprint,
             args.credentials_file,
-            leap_home=args.leap_home,
-            initial_sync=_do_initial_sync(args))
+            leap_home=args.leap_home)
 
         execute_command(args, leap_session)
 
@@ -56,10 +55,6 @@ def initialize():
     reactor.run()
 
 
-def _do_initial_sync(args):
-    return (not _is_repair_command(args)) and (not _is_integrity_check_command(args))
-
-
 def _is_repair_command(args):
     return args.command == REPAIR_COMMAND
 
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 1e6e293c..5581d080 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -17,12 +17,11 @@
 import logging
 import re
 
-from leap.auth import SRPAuth
 from leap.exceptions import SRPAuthenticationError
 from twisted.cred.checkers import ANONYMOUS
 from twisted.cred.credentials import ICredentials
 from twisted.cred.error import UnauthorizedLogin
-from twisted.internet import defer, threads
+from twisted.internet import defer
 from twisted.web._auth.wrapper import UnauthorizedResource
 from twisted.web.error import UnsupportedMethod
 from zope.interface import implements, implementer, Attribute
@@ -31,7 +30,7 @@ from twisted.web import util
 from twisted.cred import error
 from twisted.web.resource import IResource, ErrorPage
 
-from pixelated.config.leap import authenticate_user
+from pixelated.config.leap import create_leap_session, authenticate
 from pixelated.resources import IPixelatedSession
 
 
@@ -44,23 +43,18 @@ class LeapPasswordChecker(object):
         credentials.IUsernamePassword,
     )
 
-    def __init__(self, leap_provider):
-        self._leap_provider = leap_provider
+    def __init__(self, provider):
+        self.provider = provider
 
+    @defer.inlineCallbacks
     def requestAvatarId(self, credentials):
-        def _validate_credentials():
-            try:
-                srp_auth = SRPAuth(self._leap_provider.api_uri, self._leap_provider.local_ca_crt)
-                return srp_auth.authenticate(credentials.username, credentials.password)
-            except SRPAuthenticationError:
-                raise UnauthorizedLogin()
-
-        def _get_leap_session(srp_auth):
-            return authenticate_user(self._leap_provider, credentials.username, credentials.password, auth=srp_auth)
-
-        d = threads.deferToThread(_validate_credentials)
-        d.addCallback(_get_leap_session)
-        return d
+        try:
+            auth = yield authenticate(self.provider, credentials.username, credentials.password)
+        except SRPAuthenticationError:
+            raise UnauthorizedLogin()
+
+        leap_session = yield create_leap_session(self.provider, credentials.username, credentials.password, auth)
+        defer.returnValue(leap_session)
 
 
 class ISessionCredential(ICredentials):
-- 
cgit v1.2.3