[refactor] remove twisted session persistence

The need for token caching in server is a matter of debate, as is the
ideal way to do it. Twisted sessions store the session id in a cookie
and use that session id to persist. It is not clear if that
implementation is needed, works with future features (as multiple
soledad servers) or represents a security problem in some way. Because
of these, this commit removes it for now. The feature is left in git
history so we can bring it back later if needed.

3 files changed, 6 insertions, 68 deletions

diff --git a/client/src/leap/soledad/client/http_target/__init__.py b/client/src/leap/soledad/client/http_target/__init__.py
index 590ae8f6..b67d03f6 100644
--- a/client/src/leap/soledad/client/http_target/__init__.py
+++ b/client/src/leap/soledad/client/http_target/__init__.py
@@ -24,10 +24,7 @@ after receiving.
 
 import os
 
-from cookielib import CookieJar
-
 from twisted.web.client import Agent
-from twisted.web.client import CookieAgent
 from twisted.internet import reactor
 
 from leap.common.certs import get_compatible_ssl_context_factory
@@ -47,14 +44,6 @@ if os.environ.get('SOLEDAD_STATS'):
     DO_STATS = True
 
 
-def newCookieAgent(cert_file):
-    _factory = get_compatible_ssl_context_factory(cert_file)
-    _agent = Agent(reactor, _factory)
-    _cookieJar = CookieJar()
-    agent = CookieAgent(_agent, _cookieJar)
-    return agent
-
-
 class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
 
     """
@@ -66,8 +55,7 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
     the parsed documents that the remote send us, before being decrypted and
     written to the main database.
     """
-    def __init__(self, url, source_replica_uid, creds, crypto, cert_file,
-                 agent=None):
+    def __init__(self, url, source_replica_uid, creds, crypto, cert_file):
         """
         Initialize the sync target.
 
@@ -85,8 +73,6 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
                           the SSL certificate used by the remote soledad
                           server.
         :type cert_file: str
-        :param agent: an http agent
-        :type agent: twisted.web.client.Agent
         """
         if url.endswith("/"):
             url = url[:-1]
@@ -101,9 +87,8 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
         self._insert_doc_cb = None
 
         # Twisted default Agent with our own ssl context factory
-        if not agent:
-            agent = newCookieAgent(cert_file)
-        self._http = agent
+        factory = get_compatible_ssl_context_factory(cert_file)
+        self._http = Agent(reactor, factory)
 
         if DO_STATS:
             self.sync_exchange_phase = [0]
diff --git a/client/src/leap/soledad/client/sqlcipher.py b/client/src/leap/soledad/client/sqlcipher.py
index 9b352bbf..a3e45228 100644
--- a/client/src/leap/soledad/client/sqlcipher.py
+++ b/client/src/leap/soledad/client/sqlcipher.py
@@ -59,7 +59,6 @@ from leap.soledad.common.l2db.backends import sqlite_backend
 from leap.soledad.common.errors import DatabaseAccessError
 
 from leap.soledad.client.http_target import SoledadHTTPSyncTarget
-from leap.soledad.client.http_target import newCookieAgent
 from leap.soledad.client.sync import SoledadSynchronizer
 from leap.soledad.client import pragmas
 
@@ -407,10 +406,6 @@ class SQLCipherU1DBSync(SQLCipherDatabase):
         # storage for the documents received during a sync
         self.received_docs = []
 
-        # setup an http agent capable of storing cookies, so we can use
-        # server's session persistence feature
-        self._agent = newCookieAgent(cert_file)
-
         self.running = False
         self._db_handle = None
 
@@ -495,8 +490,7 @@ class SQLCipherU1DBSync(SQLCipherDatabase):
                 self._replica_uid,
                 creds=creds,
                 crypto=self._crypto,
-                cert_file=self._cert_file,
-                agent=self._agent))
+                cert_file=self._cert_file))
 
     #
     # Symmetric encryption of syncing docs
diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py
index 59424a7b..4ed2721c 100644
--- a/server/src/leap/soledad/server/session.py
+++ b/server/src/leap/soledad/server/session.py
@@ -21,40 +21,14 @@ from zope.interface import implementer
 
 from twisted.cred import error
 from twisted.python import log
-from twisted.python.components import registerAdapter
 from twisted.web import util
 from twisted.web.guard import HTTPAuthSessionWrapper
 from twisted.web.resource import ErrorPage
 from twisted.web.resource import IResource
-from twisted.web.server import Session
-from zope.interface import Interface
-from zope.interface import Attribute
 
 from leap.soledad.server.auth import portal
 from leap.soledad.server.auth import credentialFactory
 from leap.soledad.server.url_mapper import URLMapper
-from leap.soledad.server.resource import SoledadResource
-
-
-class ISessionData(Interface):
-    username = Attribute('An uuid.')
-    password = Attribute('A token.')
-
-
-@implementer(ISessionData)
-class SessionData(object):
-    def __init__(self, session):
-        self.username = None
-        self.password = None
-
-
-registerAdapter(SessionData, Session, ISessionData)
-
-
-def _sessionData(request):
-    session = request.getSession()
-    data = ISessionData(session)
-    return data
 
 
 @implementer(IResource)
@@ -115,22 +89,7 @@ class SoledadSession(HTTPAuthSessionWrapper):
         if request_uuid and request_uuid != credentials.username:
             return ErrorPage(500, None, None)
 
-        # eventually return a cached resouce
-        sessionData = _sessionData(request)
-        if sessionData.username == credentials.username \
-                and sessionData.password == credentials.password:
-            return SoledadResource()
-
-        return util.DeferredResource(self._login(credentials, sessionData))
-
-    def _login(self, credentials, sessionData):
+        return util.DeferredResource(self._login(credentials))
 
-        def _cacheSessionData(res):
-            sessionData.username = credentials.username
-            sessionData.password = credentials.password
-            return res
 
-        d = self._portal.login(credentials, None, IResource)
-        d.addCallback(_cacheSessionData)
-        d.addCallbacks(self._loginSucceeded, self._loginFailed)
-        return d
+soledadSession = SoledadSession()