diff options
author | drebs <drebs@leap.se> | 2015-06-04 11:21:40 -0300 |
---|---|---|
committer | drebs <drebs@leap.se> | 2015-06-04 11:21:40 -0300 |
commit | 293c71080e9a21115d248e46d1a706c53cc8ee37 (patch) | |
tree | 3353672f1f770ef5f5c87ea7e3e27debe737a50b /server | |
parent | fa7708e256ba56cd1e9913993d68611b4ae95824 (diff) | |
parent | 9fb1c47ca7da06d6feef6846b812aec28128ed78 (diff) |
Merge tag '0.7.0'
Tag version 0.7.0.
Conflicts:
CHANGELOG
client/src/leap/soledad/client/__init__.py
client/src/leap/soledad/client/sqlcipher.py
client/src/leap/soledad/client/target.py
server/pkg/soledad-server
Diffstat (limited to 'server')
-rw-r--r-- | server/pkg/requirements.pip | 17 | ||||
-rw-r--r-- | server/pkg/soledad-server (renamed from server/pkg/soledad) | 2 | ||||
-rw-r--r-- | server/setup.py | 2 | ||||
-rw-r--r-- | server/src/leap/soledad/server/auth.py | 22 |
4 files changed, 20 insertions, 23 deletions
diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index be5d156b..df6ad95d 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -4,19 +4,12 @@ simplejson u1db routes PyOpenSSL<0.14 - -# TODO: maybe we just want twisted-web? -twisted>=12.0.0 +twisted # leap deps -- bump me! -leap.soledad.common>=0.3.0 - -# -# Things yet to fix: -# - -# oauth is not strictly needed by us, but we need it -# until u1db adds it to its release as a dep. +leap.soledad.common>=0.6.5 +# XXX -- fix me! +# oauth is not strictly needed by us, but we need it until u1db adds it to its +# release as a dep. oauth - diff --git a/server/pkg/soledad b/server/pkg/soledad-server index ccb3e9b0..811ad55b 100644 --- a/server/pkg/soledad +++ b/server/pkg/soledad-server @@ -34,8 +34,8 @@ case "${1}" in start) echo -n "Starting soledad: twistd" start-stop-daemon --start --quiet \ - --user=${USER} --group=${GROUP} \ --exec ${TWISTD_PATH} -- \ + --uid=${USER} --gid=${GROUP} \ --pidfile=${PIDFILE} \ --logfile=${LOGFILE} \ web \ diff --git a/server/setup.py b/server/setup.py index 573622ce..124ddd32 100644 --- a/server/setup.py +++ b/server/setup.py @@ -35,7 +35,7 @@ if isset('VIRTUAL_ENV') or isset('LEAP_SKIP_INIT'): data_files = None else: # XXX this should go only for linux/mac - data_files = [("/etc/init.d/", ["pkg/soledad"])] + data_files = [("/etc/init.d/", ["pkg/soledad-server"])] trove_classifiers = ( diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index 57f600a1..7af4e54b 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -21,10 +21,10 @@ Authentication facilities for Soledad Server. """ +import time import httplib import simplejson as json - from u1db import DBNAME_CONSTRAINTS, errors as u1db_errors from abc import ABCMeta, abstractmethod from routes.mapper import Mapper @@ -32,12 +32,8 @@ from couchdb.client import Server from twisted.python import log from hashlib import sha512 - -from leap.soledad.common import ( - SHARED_DB_NAME, - SHARED_DB_LOCK_DOC_ID_PREFIX, - USER_DB_PREFIX, -) +from leap.soledad.common import SHARED_DB_NAME +from leap.soledad.common import USER_DB_PREFIX from leap.soledad.common.errors import InvalidAuthTokenError @@ -354,7 +350,8 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware): Token based authentication. """ - TOKENS_DB = "tokens" + TOKENS_DB_PREFIX = "tokens_" + TOKENS_DB_EXPIRE = 30 * 24 * 3600 # 30 days in seconds TOKENS_TYPE_KEY = "type" TOKENS_TYPE_DEF = "Token" TOKENS_USER_ID_KEY = "user_id" @@ -414,7 +411,14 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware): invalid. """ server = Server(url=self._app.state.couch_url) - dbname = self.TOKENS_DB + # the tokens db rotates every 30 days, and the current db name is + # "tokens_NNN", where NNN is the number of seconds since epoch divided + # by the rotate period in seconds. When rotating, old and new tokens + # db coexist during a certain window of time and valid tokens are + # replicated from the old db to the new one. See: + # https://leap.se/code/issues/6785 + dbname = self.TOKENS_DB_PREFIX + \ + str(int(time.time() / self.TOKENS_DB_EXPIRE)) db = server[dbname] # lookup key is a hash of the token to prevent timing attacks. token = db.get(sha512(token).hexdigest()) |