From e3006fff2f71787e9879e2f88e57dc9b935b7782 Mon Sep 17 00:00:00 2001
From: Denis Costa <deniscostadsc@gmail.com>
Date: Tue, 25 Oct 2016 12:16:23 -0200
Subject: Adds real authentication

We also did some refactoring in order to have things working. #795
---
 service/pixelated/authentication.py | 36 ++++++++++++++++++++----------------
 service/pixelated/config/leap.py    | 13 ++++++++++++-
 2 files changed, 32 insertions(+), 17 deletions(-)

(limited to 'service/pixelated')

diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py
index c9961476..a8326fb9 100644
--- a/service/pixelated/authentication.py
+++ b/service/pixelated/authentication.py
@@ -1,29 +1,33 @@
 import re
+from pixelated.config.leap import authenticate
+from leap.bitmask.bonafide._srp import SRPAuthError
 
-
-class Authentication(object):
-    def __init__(self, username, token, uuid, session_id, user_attributes):
-        self.username = username
-        self.token = token
-        self.uuid = uuid
-        self.session_id = session_id
-        self._user_attributes = user_attributes
-
-    def is_admin(self):
-        return self._user_attributes.get('is_admin', False)
+from twisted.cred.error import UnauthorizedLogin
+from twisted.internet.defer import inlineCallbacks
 
 
 class Authenticator(object):
-    def __init__(self, domain):
-        self.domain = domain
+    def __init__(self, leap_provider):
+        self._leap_provider = leap_provider
+        self.domain = leap_provider.server_name
 
+    @inlineCallbacks
     def authenticate(self, username, password):
-        self.username = self.validate_username(username)
-        self.srp_auth(username, password)
+        if self.validate_username(username):
+            yield self._srp_auth(username, password)
+        else:
+            raise UnauthorizedLogin()
+
+    @inlineCallbacks
+    def _srp_auth(self, username, password):
+        try:
+            auth = yield authenticate(self._leap_provider, username, password)
+        except SRPAuthError:
+            raise UnauthorizedLogin()
 
     def validate_username(self, username):
         if '@' not in username:
-            return True
+                return True
         extracted_username = self.extract_username(username)
         return self.username_with_domain(extracted_username) == username
 
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 5dbfe21b..b86b756e 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -13,7 +13,6 @@ from leap.bitmask.bonafide.provider import Api
 
 from pixelated.config import credentials
 from pixelated.config import leap_config
-from pixelated.authentication import Authentication
 from pixelated.bitmask_libraries.certs import LeapCertificate
 from pixelated.bitmask_libraries.provider import LeapProvider
 from pixelated.config.sessions import LeapSessionFactory
@@ -86,3 +85,15 @@ def authenticate(provider, user, password):
 
 def init_monkeypatches():
     import pixelated.extensions.requests_urllib3
+
+
+class Authentication(object):
+    def __init__(self, username, token, uuid, session_id, user_attributes):
+        self.username = username
+        self.token = token
+        self.uuid = uuid
+        self.session_id = session_id
+        self._user_attributes = user_attributes
+
+    def is_admin(self):
+        return self._user_attributes.get('is_admin', False)
-- 
cgit v1.2.3