summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2016-12-29 09:28:10 -0200
committerKali Kaneko <kali@leap.se>2017-02-09 17:41:41 +0100
commit4fce575de20effc9c4d934028f8ccdfbd97932e1 (patch)
tree80dd68b054eab41fb319bfe5d86504f92784bb61
parent5058cae83227d4ba1b6390aa52a63b22a1acb11d (diff)
[refactor] remove twisted session persistence
The need for token caching in server is a matter of debate, as is the ideal way to do it. Twisted sessions store the session id in a cookie and use that session id to persist. It is not clear if that implementation is needed, works with future features (as multiple soledad servers) or represents a security problem in some way. Because of these, this commit removes it for now. The feature is left in git history so we can bring it back later if needed.
-rw-r--r--client/src/leap/soledad/client/http_target/__init__.py21
-rw-r--r--client/src/leap/soledad/client/sqlcipher.py8
-rw-r--r--server/src/leap/soledad/server/session.py45
3 files changed, 6 insertions, 68 deletions
diff --git a/client/src/leap/soledad/client/http_target/__init__.py b/client/src/leap/soledad/client/http_target/__init__.py
index 590ae8f6..b67d03f6 100644
--- a/client/src/leap/soledad/client/http_target/__init__.py
+++ b/client/src/leap/soledad/client/http_target/__init__.py
@@ -24,10 +24,7 @@ after receiving.
import os
-from cookielib import CookieJar
-
from twisted.web.client import Agent
-from twisted.web.client import CookieAgent
from twisted.internet import reactor
from leap.common.certs import get_compatible_ssl_context_factory
@@ -47,14 +44,6 @@ if os.environ.get('SOLEDAD_STATS'):
DO_STATS = True
-def newCookieAgent(cert_file):
- _factory = get_compatible_ssl_context_factory(cert_file)
- _agent = Agent(reactor, _factory)
- _cookieJar = CookieJar()
- agent = CookieAgent(_agent, _cookieJar)
- return agent
-
-
class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
"""
@@ -66,8 +55,7 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
the parsed documents that the remote send us, before being decrypted and
written to the main database.
"""
- def __init__(self, url, source_replica_uid, creds, crypto, cert_file,
- agent=None):
+ def __init__(self, url, source_replica_uid, creds, crypto, cert_file):
"""
Initialize the sync target.
@@ -85,8 +73,6 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
the SSL certificate used by the remote soledad
server.
:type cert_file: str
- :param agent: an http agent
- :type agent: twisted.web.client.Agent
"""
if url.endswith("/"):
url = url[:-1]
@@ -101,9 +87,8 @@ class SoledadHTTPSyncTarget(SyncTargetAPI, HTTPDocSender, HTTPDocFetcher):
self._insert_doc_cb = None
# Twisted default Agent with our own ssl context factory
- if not agent:
- agent = newCookieAgent(cert_file)
- self._http = agent
+ factory = get_compatible_ssl_context_factory(cert_file)
+ self._http = Agent(reactor, factory)
if DO_STATS:
self.sync_exchange_phase = [0]
diff --git a/client/src/leap/soledad/client/sqlcipher.py b/client/src/leap/soledad/client/sqlcipher.py
index 9b352bbf..a3e45228 100644
--- a/client/src/leap/soledad/client/sqlcipher.py
+++ b/client/src/leap/soledad/client/sqlcipher.py
@@ -59,7 +59,6 @@ from leap.soledad.common.l2db.backends import sqlite_backend
from leap.soledad.common.errors import DatabaseAccessError
from leap.soledad.client.http_target import SoledadHTTPSyncTarget
-from leap.soledad.client.http_target import newCookieAgent
from leap.soledad.client.sync import SoledadSynchronizer
from leap.soledad.client import pragmas
@@ -407,10 +406,6 @@ class SQLCipherU1DBSync(SQLCipherDatabase):
# storage for the documents received during a sync
self.received_docs = []
- # setup an http agent capable of storing cookies, so we can use
- # server's session persistence feature
- self._agent = newCookieAgent(cert_file)
-
self.running = False
self._db_handle = None
@@ -495,8 +490,7 @@ class SQLCipherU1DBSync(SQLCipherDatabase):
self._replica_uid,
creds=creds,
crypto=self._crypto,
- cert_file=self._cert_file,
- agent=self._agent))
+ cert_file=self._cert_file))
#
# Symmetric encryption of syncing docs
diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py
index 59424a7b..4ed2721c 100644
--- a/server/src/leap/soledad/server/session.py
+++ b/server/src/leap/soledad/server/session.py
@@ -21,40 +21,14 @@ from zope.interface import implementer
from twisted.cred import error
from twisted.python import log
-from twisted.python.components import registerAdapter
from twisted.web import util
from twisted.web.guard import HTTPAuthSessionWrapper
from twisted.web.resource import ErrorPage
from twisted.web.resource import IResource
-from twisted.web.server import Session
-from zope.interface import Interface
-from zope.interface import Attribute
from leap.soledad.server.auth import portal
from leap.soledad.server.auth import credentialFactory
from leap.soledad.server.url_mapper import URLMapper
-from leap.soledad.server.resource import SoledadResource
-
-
-class ISessionData(Interface):
- username = Attribute('An uuid.')
- password = Attribute('A token.')
-
-
-@implementer(ISessionData)
-class SessionData(object):
- def __init__(self, session):
- self.username = None
- self.password = None
-
-
-registerAdapter(SessionData, Session, ISessionData)
-
-
-def _sessionData(request):
- session = request.getSession()
- data = ISessionData(session)
- return data
@implementer(IResource)
@@ -115,22 +89,7 @@ class SoledadSession(HTTPAuthSessionWrapper):
if request_uuid and request_uuid != credentials.username:
return ErrorPage(500, None, None)
- # eventually return a cached resouce
- sessionData = _sessionData(request)
- if sessionData.username == credentials.username \
- and sessionData.password == credentials.password:
- return SoledadResource()
-
- return util.DeferredResource(self._login(credentials, sessionData))
-
- def _login(self, credentials, sessionData):
+ return util.DeferredResource(self._login(credentials))
- def _cacheSessionData(res):
- sessionData.username = credentials.username
- sessionData.password = credentials.password
- return res
- d = self._portal.login(credentials, None, IResource)
- d.addCallback(_cacheSessionData)
- d.addCallbacks(self._loginSucceeded, self._loginFailed)
- return d
+soledadSession = SoledadSession()