From fe9940276ce3d88c39471f23c298097480ad36b2 Mon Sep 17 00:00:00 2001
From: Thais Siqueira <thais.siqueira@gmail.com>
Date: Tue, 14 Mar 2017 11:30:27 -0300
Subject: [#924] Implements update recovery code through bitmask

with @anikarni
---
 service/pixelated/account_recovery.py              | 31 ++++++++++++++++++++++
 service/pixelated/application.py                   |  9 ++++---
 service/pixelated/authentication.py                | 11 +++++---
 .../pixelated/resources/backup_account_resource.py | 23 ++++++++++++++--
 service/pixelated/resources/login_resource.py      |  2 +-
 service/pixelated/resources/root_resource.py       |  2 +-
 6 files changed, 68 insertions(+), 10 deletions(-)
 create mode 100644 service/pixelated/account_recovery.py

(limited to 'service/pixelated')

diff --git a/service/pixelated/account_recovery.py b/service/pixelated/account_recovery.py
new file mode 100644
index 00000000..405b572a
--- /dev/null
+++ b/service/pixelated/account_recovery.py
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2017 ThoughtWorks, Inc.
+#
+# Pixelated is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Pixelated is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+from twisted.internet.defer import inlineCallbacks, returnValue
+import traceback
+
+
+class AccountRecovery(object):
+    def __init__(self, session):
+        self._session = session
+
+    @inlineCallbacks
+    def update_recovery_code(self, recovery_code):
+        try:
+            response = yield self._session.update_recovery_code(recovery_code)
+            returnValue(response)
+        except Exception as e:
+            traceback.print_exc(e)
+            raise
diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index 46e5ba85..ef99d47c 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -30,6 +30,7 @@ from twisted.internet import reactor
 from twisted.internet import ssl
 
 from pixelated.adapter.welcome_mail import add_welcome_mail
+from pixelated.authentication import Authenticator
 from pixelated.config import arguments
 from pixelated.config import logger
 from pixelated.config import services
@@ -60,7 +61,8 @@ def start_user_agent_in_single_user_mode(root_resource, services_factory, leap_h
 
     services_factory.add_session(leap_session.user_auth.uuid, _services)
 
-    root_resource.initialize(provider=leap_session.provider)
+    authenticator = Authenticator(leap_session.provider)
+    root_resource.initialize(provider=leap_session.provider, authenticator=authenticator)
 
     # soledad needs lots of threads
     reactor.getThreadPool().adjustPoolsize(5, 15)
@@ -153,14 +155,15 @@ def _setup_multi_user(args, root_resource, services_factory):
 
 
 def set_up_protected_resources(root_resource, provider, services_factory, banner=None, authenticator=None):
+    auth = authenticator or Authenticator(provider)
     session_checker = SessionChecker(services_factory)
 
     realm = PixelatedRealm()
     _portal = portal.Portal(realm, [session_checker, AllowAnonymousAccess()])
 
-    anonymous_resource = LoginResource(services_factory, provider, disclaimer_banner=banner, authenticator=authenticator)
+    anonymous_resource = LoginResource(services_factory, provider, disclaimer_banner=banner, authenticator=auth)
     protected_resource = PixelatedAuthSessionWrapper(_portal, root_resource, anonymous_resource, [])
-    root_resource.initialize(provider, disclaimer_banner=banner, authenticator=authenticator)
+    root_resource.initialize(provider, disclaimer_banner=banner, authenticator=auth)
     return protected_resource
 
 
diff --git a/service/pixelated/authentication.py b/service/pixelated/authentication.py
index 983086ce..27d6035a 100644
--- a/service/pixelated/authentication.py
+++ b/service/pixelated/authentication.py
@@ -30,6 +30,7 @@ class Authenticator(object):
     def __init__(self, leap_provider):
         self._leap_provider = leap_provider
         self.domain = leap_provider.server_name
+        self.bonafide_sesssion = None
 
     @inlineCallbacks
     def authenticate(self, username, password):
@@ -49,9 +50,13 @@ class Authenticator(object):
     def _bonafide_auth(self, user, password):
         srp_provider = Api(self._leap_provider.api_uri)
         credentials = Credentials(user, password)
-        srp_auth = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
-        yield srp_auth.authenticate()
-        returnValue(Authentication(user, srp_auth.token, srp_auth.uuid, 'session_id', {'is_admin': False}))
+        self.bonafide_sesssion = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
+        yield self.bonafide_sesssion.authenticate()
+        returnValue(Authentication(user,
+                                   self.bonafide_sesssion.token,
+                                   self.bonafide_sesssion.uuid,
+                                   'session_id',
+                                   {'is_admin': False}))
 
     def clean_username(self, username):
         if '@' not in username:
diff --git a/service/pixelated/resources/backup_account_resource.py b/service/pixelated/resources/backup_account_resource.py
index f1eeee53..d7e081d6 100644
--- a/service/pixelated/resources/backup_account_resource.py
+++ b/service/pixelated/resources/backup_account_resource.py
@@ -20,7 +20,9 @@ from xml.sax import SAXParseException
 from pixelated.resources import BaseResource
 from twisted.python.filepath import FilePath
 from pixelated.resources import get_protected_static_folder
-from twisted.web.http import OK
+from pixelated.account_recovery import AccountRecovery
+from twisted.web.http import OK, NO_CONTENT, INTERNAL_SERVER_ERROR
+from twisted.web.server import NOT_DONE_YET
 from twisted.web.template import Element, XMLFile, renderElement
 
 
@@ -34,8 +36,9 @@ class BackupAccountPage(Element):
 class BackupAccountResource(BaseResource):
     isLeaf = True
 
-    def __init__(self, services_factory):
+    def __init__(self, services_factory, authenticator):
         BaseResource.__init__(self, services_factory)
+        self._authenticator = authenticator
 
     def render_GET(self, request):
         request.setResponseCode(OK)
@@ -44,3 +47,19 @@ class BackupAccountResource(BaseResource):
     def _render_template(self, request):
         site = BackupAccountPage()
         return renderElement(request, site)
+
+    def render_POST(self, request):
+        account_recovery = AccountRecovery(self._authenticator.bonafide_sesssion)
+
+        def update_response(response):
+            request.setResponseCode(NO_CONTENT)
+            request.finish()
+
+        def error_response(response):
+            request.setResponseCode(INTERNAL_SERVER_ERROR)
+            request.finish()
+
+        d = account_recovery.update_recovery_code("123")
+        d.addCallbacks(update_response)
+        d.addErrback(error_response)
+        return NOT_DONE_YET
diff --git a/service/pixelated/resources/login_resource.py b/service/pixelated/resources/login_resource.py
index 5adfadf9..3e1200d7 100644
--- a/service/pixelated/resources/login_resource.py
+++ b/service/pixelated/resources/login_resource.py
@@ -86,7 +86,7 @@ class LoginResource(BaseResource):
         BaseResource.__init__(self, services_factory)
         self._disclaimer_banner = disclaimer_banner
         self._provider = provider
-        self._authenticator = authenticator or Authenticator(provider)
+        self._authenticator = authenticator
         self._bootstrap_user_services = BootstrapUserServices(services_factory, provider)
 
         static_folder = get_public_static_folder()
diff --git a/service/pixelated/resources/root_resource.py b/service/pixelated/resources/root_resource.py
index 320a1204..10d57c6f 100644
--- a/service/pixelated/resources/root_resource.py
+++ b/service/pixelated/resources/root_resource.py
@@ -91,7 +91,7 @@ class RootResource(BaseResource):
 
     def initialize(self, provider=None, disclaimer_banner=None, authenticator=None):
         self._child_resources.add('assets', File(self._protected_static_folder))
-        self._child_resources.add('backup-account', BackupAccountResource(self._services_factory))
+        self._child_resources.add('backup-account', BackupAccountResource(self._services_factory, authenticator))
         self._child_resources.add('sandbox', SandboxResource(self._protected_static_folder))
         self._child_resources.add('keys', KeysResource(self._services_factory))
         self._child_resources.add(AttachmentsResource.BASE_URL, AttachmentsResource(self._services_factory))
-- 
cgit v1.2.3