diff options
author | drebs <drebs@leap.se> | 2016-12-19 09:43:03 -0200 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-02-09 17:41:37 +0100 |
commit | 6043f7966b64d6922987bca9137a524fb06a3379 (patch) | |
tree | 70f5416685405c084fbc5e4451565c460cb2203e /server/src/leap/soledad | |
parent | 994eaa79b274c3c37af42cb343c41b5dec6e8d19 (diff) |
[refactor] separate url mapper, avoid hanging tests
Because the wsgi resource has its own threadpool, tests might get
confused when shutting down and the reactor may get clogged waiting for
the threadpool to be stopped. By refactoring the URLMapper to its own
module, server tests can avoid loading the resource module, where the
wsgi threadpool resides, so the threapool will not be started.
Diffstat (limited to 'server/src/leap/soledad')
-rw-r--r-- | server/src/leap/soledad/server/auth.py | 68 | ||||
-rw-r--r-- | server/src/leap/soledad/server/session.py | 17 | ||||
-rw-r--r-- | server/src/leap/soledad/server/url_mapper.py | 74 |
3 files changed, 89 insertions, 70 deletions
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index c5b90359..13245cfe 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -21,7 +21,6 @@ import binascii import time from hashlib import sha512 -from routes.mapper import Mapper from zope.interface import implementer from twisted.cred import error @@ -33,9 +32,7 @@ from twisted.cred.portal import Portal from twisted.web.iweb import ICredentialFactory from twisted.web.resource import IResource -from leap.soledad.common import SHARED_DB_NAME from leap.soledad.common.couch import couch_server -from leap.soledad.common.l2db import DBNAME_CONSTRAINTS from leap.soledad.server.resource import SoledadResource from leap.soledad.server.application import get_config @@ -119,68 +116,3 @@ class TokenCredentialFactory(object): portal = Portal(SoledadRealm(), [TokenChecker()]) credentialFactory = TokenCredentialFactory() - - -class URLMapper(object): - """ - Maps the URLs users can access. - """ - - def __init__(self): - self._map = Mapper(controller_scan=None) - self._connect_urls() - self._map.create_regs() - - def match(self, path, method): - environ = {'PATH_INFO': path, 'REQUEST_METHOD': method} - return self._map.match(environ=environ) - - def _connect(self, pattern, http_methods): - self._map.connect( - None, pattern, http_methods=http_methods, - conditions=dict(method=http_methods), - requirements={'dbname': DBNAME_CONSTRAINTS}) - - def _connect_urls(self): - """ - Register the authorization info in the mapper using C{SHARED_DB_NAME} - as the user's database name. - - This method sets up the following authorization rules: - - URL path | Authorized actions - -------------------------------------------------- - / | GET - /shared-db | GET - /shared-db/docs | - - /shared-db/doc/{any_id} | GET, PUT, DELETE - /shared-db/sync-from/{source} | - - /user-db | - - /user-db/docs | - - /user-db/doc/{id} | - - /user-db/sync-from/{source} | GET, PUT, POST - """ - # auth info for global resource - self._connect('/', ['GET']) - # auth info for shared-db database resource - self._connect('/%s' % SHARED_DB_NAME, ['GET']) - # auth info for shared-db doc resource - self._connect('/%s/doc/{id:.*}' % SHARED_DB_NAME, - ['GET', 'PUT', 'DELETE']) - # auth info for user-db sync resource - self._connect('/user-{uuid}/sync-from/{source_replica_uid}', - ['GET', 'PUT', 'POST']) - - -@implementer(IResource) -class UnauthorizedResource(object): - isLeaf = True - - def render(self, request): - request.setResponseCode(401) - if request.method == b'HEAD': - return b'' - return b'Unauthorized' - - def getChildWithDefault(self, path, request): - return self diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py index 75440089..1ef5b6a6 100644 --- a/server/src/leap/soledad/server/session.py +++ b/server/src/leap/soledad/server/session.py @@ -30,10 +30,9 @@ from twisted.web.server import Session from zope.interface import Interface from zope.interface import Attribute -from leap.soledad.server.auth import URLMapper from leap.soledad.server.auth import portal from leap.soledad.server.auth import credentialFactory -from leap.soledad.server.auth import UnauthorizedResource +from leap.soledad.server.urlmapper import URLMapper from leap.soledad.server.resource import SoledadResource @@ -59,6 +58,20 @@ def _sessionData(request): @implementer(IResource) +class UnauthorizedResource(object): + isLeaf = True + + def render(self, request): + request.setResponseCode(401) + if request.method == b'HEAD': + return b'' + return b'Unauthorized' + + def getChildWithDefault(self, path, request): + return self + + +@implementer(IResource) class SoledadSession(HTTPAuthSessionWrapper): def __init__(self): diff --git a/server/src/leap/soledad/server/url_mapper.py b/server/src/leap/soledad/server/url_mapper.py new file mode 100644 index 00000000..483f7e87 --- /dev/null +++ b/server/src/leap/soledad/server/url_mapper.py @@ -0,0 +1,74 @@ +# -*- coding: utf-8 -*- +# url_mapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +An URL mapper that represents authorized paths. +""" +from routes.mapper import Mapper + +from leap.soledad.common import SHARED_DB_NAME +from leap.soledad.common.l2db import DBNAME_CONSTRAINTS + + +class URLMapper(object): + """ + Maps the URLs users can access. + """ + + def __init__(self): + self._map = Mapper(controller_scan=None) + self._connect_urls() + self._map.create_regs() + + def match(self, path, method): + environ = {'PATH_INFO': path, 'REQUEST_METHOD': method} + return self._map.match(environ=environ) + + def _connect(self, pattern, http_methods): + self._map.connect( + None, pattern, http_methods=http_methods, + conditions=dict(method=http_methods), + requirements={'dbname': DBNAME_CONSTRAINTS}) + + def _connect_urls(self): + """ + Register the authorization info in the mapper using C{SHARED_DB_NAME} + as the user's database name. + + This method sets up the following authorization rules: + + URL path | Authorized actions + -------------------------------------------------- + / | GET + /shared-db | GET + /shared-db/docs | - + /shared-db/doc/{any_id} | GET, PUT, DELETE + /shared-db/sync-from/{source} | - + /user-db | - + /user-db/docs | - + /user-db/doc/{id} | - + /user-db/sync-from/{source} | GET, PUT, POST + """ + # auth info for global resource + self._connect('/', ['GET']) + # auth info for shared-db database resource + self._connect('/%s' % SHARED_DB_NAME, ['GET']) + # auth info for shared-db doc resource + self._connect('/%s/doc/{id:.*}' % SHARED_DB_NAME, + ['GET', 'PUT', 'DELETE']) + # auth info for user-db sync resource + self._connect('/user-{uuid}/sync-from/{source_replica_uid}', + ['GET', 'PUT', 'POST']) |