diff options
| author | drebs <drebs@leap.se> | 2016-12-29 09:28:10 -0200 |
|---|---|---|
| committer | Kali Kaneko <kali@leap.se> | 2017-02-09 17:41:41 +0100 |
| commit | 4fce575de20effc9c4d934028f8ccdfbd97932e1 (patch) | |
| tree | 80dd68b054eab41fb319bfe5d86504f92784bb61 /server/src | |
| parent | 5058cae83227d4ba1b6390aa52a63b22a1acb11d (diff) | |
[refactor] remove twisted session persistence
The need for token caching in server is a matter of debate, as is the
ideal way to do it. Twisted sessions store the session id in a cookie
and use that session id to persist. It is not clear if that
implementation is needed, works with future features (as multiple
soledad servers) or represents a security problem in some way. Because
of these, this commit removes it for now. The feature is left in git
history so we can bring it back later if needed.
Diffstat (limited to 'server/src')
| -rw-r--r-- | server/src/leap/soledad/server/session.py | 45 |
1 files changed, 2 insertions, 43 deletions
diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py index 59424a7b..4ed2721c 100644 --- a/server/src/leap/soledad/server/session.py +++ b/server/src/leap/soledad/server/session.py @@ -21,40 +21,14 @@ from zope.interface import implementer from twisted.cred import error from twisted.python import log -from twisted.python.components import registerAdapter from twisted.web import util from twisted.web.guard import HTTPAuthSessionWrapper from twisted.web.resource import ErrorPage from twisted.web.resource import IResource -from twisted.web.server import Session -from zope.interface import Interface -from zope.interface import Attribute from leap.soledad.server.auth import portal from leap.soledad.server.auth import credentialFactory from leap.soledad.server.url_mapper import URLMapper -from leap.soledad.server.resource import SoledadResource - - -class ISessionData(Interface): - username = Attribute('An uuid.') - password = Attribute('A token.') - - -@implementer(ISessionData) -class SessionData(object): - def __init__(self, session): - self.username = None - self.password = None - - -registerAdapter(SessionData, Session, ISessionData) - - -def _sessionData(request): - session = request.getSession() - data = ISessionData(session) - return data @implementer(IResource) @@ -115,22 +89,7 @@ class SoledadSession(HTTPAuthSessionWrapper): if request_uuid and request_uuid != credentials.username: return ErrorPage(500, None, None) - # eventually return a cached resouce - sessionData = _sessionData(request) - if sessionData.username == credentials.username \ - and sessionData.password == credentials.password: - return SoledadResource() - - return util.DeferredResource(self._login(credentials, sessionData)) - - def _login(self, credentials, sessionData): + return util.DeferredResource(self._login(credentials)) - def _cacheSessionData(res): - sessionData.username = credentials.username - sessionData.password = credentials.password - return res - d = self._portal.login(credentials, None, IResource) - d.addCallback(_cacheSessionData) - d.addCallbacks(self._loginSucceeded, self._loginFailed) - return d +soledadSession = SoledadSession() |