summaryrefslogtreecommitdiff
path: root/server/src
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2016-12-29 09:28:10 -0200
committerKali Kaneko <kali@leap.se>2017-02-09 17:41:41 +0100
commit4fce575de20effc9c4d934028f8ccdfbd97932e1 (patch)
tree80dd68b054eab41fb319bfe5d86504f92784bb61 /server/src
parent5058cae83227d4ba1b6390aa52a63b22a1acb11d (diff)
[refactor] remove twisted session persistence
The need for token caching in server is a matter of debate, as is the ideal way to do it. Twisted sessions store the session id in a cookie and use that session id to persist. It is not clear if that implementation is needed, works with future features (as multiple soledad servers) or represents a security problem in some way. Because of these, this commit removes it for now. The feature is left in git history so we can bring it back later if needed.
Diffstat (limited to 'server/src')
-rw-r--r--server/src/leap/soledad/server/session.py45
1 files changed, 2 insertions, 43 deletions
diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py
index 59424a7b..4ed2721c 100644
--- a/server/src/leap/soledad/server/session.py
+++ b/server/src/leap/soledad/server/session.py
@@ -21,40 +21,14 @@ from zope.interface import implementer
from twisted.cred import error
from twisted.python import log
-from twisted.python.components import registerAdapter
from twisted.web import util
from twisted.web.guard import HTTPAuthSessionWrapper
from twisted.web.resource import ErrorPage
from twisted.web.resource import IResource
-from twisted.web.server import Session
-from zope.interface import Interface
-from zope.interface import Attribute
from leap.soledad.server.auth import portal
from leap.soledad.server.auth import credentialFactory
from leap.soledad.server.url_mapper import URLMapper
-from leap.soledad.server.resource import SoledadResource
-
-
-class ISessionData(Interface):
- username = Attribute('An uuid.')
- password = Attribute('A token.')
-
-
-@implementer(ISessionData)
-class SessionData(object):
- def __init__(self, session):
- self.username = None
- self.password = None
-
-
-registerAdapter(SessionData, Session, ISessionData)
-
-
-def _sessionData(request):
- session = request.getSession()
- data = ISessionData(session)
- return data
@implementer(IResource)
@@ -115,22 +89,7 @@ class SoledadSession(HTTPAuthSessionWrapper):
if request_uuid and request_uuid != credentials.username:
return ErrorPage(500, None, None)
- # eventually return a cached resouce
- sessionData = _sessionData(request)
- if sessionData.username == credentials.username \
- and sessionData.password == credentials.password:
- return SoledadResource()
-
- return util.DeferredResource(self._login(credentials, sessionData))
-
- def _login(self, credentials, sessionData):
+ return util.DeferredResource(self._login(credentials))
- def _cacheSessionData(res):
- sessionData.username = credentials.username
- sessionData.password = credentials.password
- return res
- d = self._portal.login(credentials, None, IResource)
- d.addCallback(_cacheSessionData)
- d.addCallbacks(self._loginSucceeded, self._loginFailed)
- return d
+soledadSession = SoledadSession()