summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/leap/soledad/auth.py5
-rw-r--r--src/leap/soledad/server.py39
-rw-r--r--src/leap/soledad/tests/__init__.py15
-rw-r--r--src/leap/soledad/tests/test_crypto.py4
-rw-r--r--src/leap/soledad/tests/test_leap_backend.py22
-rw-r--r--src/leap/soledad/tests/test_soledad.py10
-rw-r--r--src/leap/soledad/tests/test_sqlcipher.py2
7 files changed, 44 insertions, 53 deletions
diff --git a/src/leap/soledad/auth.py b/src/leap/soledad/auth.py
index 562a8263..8c093099 100644
--- a/src/leap/soledad/auth.py
+++ b/src/leap/soledad/auth.py
@@ -25,6 +25,7 @@ they can do token-based auth requests to the Soledad server.
from u1db.remote.http_client import HTTPClientBase
+from u1db import errors
class TokenBasedAuth(object):
@@ -66,5 +67,5 @@ class TokenBasedAuth(object):
auth = '%s:%s' % (uuid, token)
return [('Authorization', 'Token %s' % auth.encode('base64')[:-1])]
else:
- return HTTPClientBase._sign_request(
- self, method, url_query, params)
+ raise errors.UnknownAuthMethod(
+ 'Wrong credentials: %s' % self._creds)
diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py
index 7aa253a3..e2944057 100644
--- a/src/leap/soledad/server.py
+++ b/src/leap/soledad/server.py
@@ -32,10 +32,22 @@ except ImportError:
from u1db.remote import http_app
+# Keep OpenSSL's tsafe before importing Twisted submodules so we can put
+# it back if Twisted==12.0.0 messes with it.
+from OpenSSL import tsafe
+old_tsafe = tsafe
+
from twisted.web.wsgi import WSGIResource
from twisted.internet import reactor
from twisted.python import log
+from twisted import version
+if version.base() == "12.0.0":
+ # Put OpenSSL's tsafe back into place. This can probably be removed if we
+ # come to use Twisted>=12.3.0.
+ import sys
+ sys.modules['OpenSSL.tsafe'] = old_tsafe
+
from couchdb.client import Server
from leap.soledad.backends.couch import CouchServerState
@@ -171,21 +183,6 @@ class SoledadAuthMiddleware(object):
return False
return True
- def need_auth(self, environ):
- """
- Check if action can be performed on database without authentication.
-
- For now, just allow access to /shared/*.
-
- @param environ: Dictionary containing CGI variables.
- @type environ: dict
-
- @return: Whether the requests needs authentication.
- @rtype: bool
- """
- # TODO: design unauth verification.
- return not environ.get(self.PATH_INFO_KEY).startswith('/shared/')
-
#-----------------------------------------------------------------------------
# Soledad WSGI application
@@ -196,6 +193,11 @@ class SoledadApp(http_app.HTTPApp):
Soledad WSGI application
"""
+ SHARED_DB_NAME = 'shared'
+ """
+ The name of the shared database that holds user's encrypted secrets.
+ """
+
def __call__(self, environ, start_response):
"""
Handle a WSGI call to the Soledad application.
@@ -209,6 +211,8 @@ class SoledadApp(http_app.HTTPApp):
@return: HTTP application results.
@rtype: list
"""
+ # ensure the shared database exists
+ self.state.ensure_database(self.SHARED_DB_NAME)
return http_app.HTTPApp.__call__(self, environ, start_response)
@@ -244,11 +248,10 @@ def load_configuration(file_path):
# Run as Twisted WSGI Resource
#-----------------------------------------------------------------------------
-# TODO: create command-line option for choosing config file.
conf = load_configuration('/etc/leap/soledad-server.conf')
state = CouchServerState(conf['couch_url'])
-application = SoledadAuthMiddleware(
- SoledadApp(state))
+# WSGI application that may be used by `twistd -web`
+application = SoledadAuthMiddleware(SoledadApp(state))
resource = WSGIResource(reactor, reactor.getThreadPool(), application)
diff --git a/src/leap/soledad/tests/__init__.py b/src/leap/soledad/tests/__init__.py
index 00de687b..c00fb847 100644
--- a/src/leap/soledad/tests/__init__.py
+++ b/src/leap/soledad/tests/__init__.py
@@ -2,6 +2,7 @@
Tests to make sure Soledad provides U1DB functionality and more.
"""
+import os
import u1db
from mock import Mock
@@ -28,8 +29,8 @@ class BaseSoledadTest(BaseLeapTest):
def setUp(self):
# config info
- self.db1_file = "%s/db1.u1db" % self.tempdir
- self.db2_file = "%s/db2.u1db" % self.tempdir
+ self.db1_file = os.path.join(self.tempdir, "db1.u1db")
+ self.db2_file = os.path.join(self.tempdir, "db2.u1db")
self.email = 'leap@leap.se'
# open test dbs
self._db1 = u1db.open(self.db1_file, create=True,
@@ -42,12 +43,15 @@ class BaseSoledadTest(BaseLeapTest):
def tearDown(self):
self._db1.close()
self._db2.close()
+ for f in [self._soledad._local_db_path, self._soledad._secrets_path]:
+ if os.path.isfile(f):
+ os.unlink(f)
self._soledad.close()
def _soledad_instance(self, user='leap@leap.se', passphrase='123',
prefix='',
secrets_path=Soledad.STORAGE_SECRETS_FILE_NAME,
- local_db_path='/soledad.u1db', server_url='',
+ local_db_path='soledad.u1db', server_url='',
cert_file=None, secret_id=None):
def _put_doc_side_effect(doc):
@@ -65,8 +69,9 @@ class BaseSoledadTest(BaseLeapTest):
return Soledad(
user,
passphrase,
- secrets_path=self.tempdir+prefix+secrets_path,
- local_db_path=self.tempdir+prefix+local_db_path,
+ secrets_path=os.path.join(self.tempdir, prefix, secrets_path),
+ local_db_path=os.path.join(
+ self.tempdir, prefix, local_db_path),
server_url=server_url, # Soledad will fail if not given an url.
cert_file=cert_file,
secret_id=secret_id)
diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py
index a61b931c..d35fc1c1 100644
--- a/src/leap/soledad/tests/test_crypto.py
+++ b/src/leap/soledad/tests/test_crypto.py
@@ -192,7 +192,7 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
def test_import_recovery_document(self):
rd = self._soledad.export_recovery_document()
- s = self._soledad_instance(user='anotheruser@leap.se', prefix='/2')
+ s = self._soledad_instance(user='anotheruser@leap.se')
s.import_recovery_document(rd)
s._set_secret_id(self._soledad._secret_id)
self.assertEqual(self._soledad._uuid,
@@ -238,7 +238,7 @@ class CryptoMethodsTestCase(BaseSoledadTest):
def test__has_secret(self):
- sol = self._soledad_instance(user='user@leap.se', prefix='/4')
+ sol = self._soledad_instance(user='user@leap.se')
self.assertTrue(sol._has_secret(), "Should have a secret at "
"this point")
# setting secret id to None should not interfere in the fact we have a
diff --git a/src/leap/soledad/tests/test_leap_backend.py b/src/leap/soledad/tests/test_leap_backend.py
index 8afae6f6..2e4b3b01 100644
--- a/src/leap/soledad/tests/test_leap_backend.py
+++ b/src/leap/soledad/tests/test_leap_backend.py
@@ -46,9 +46,6 @@ from leap.soledad import auth
from leap.soledad.tests import u1db_tests as tests
-from leap.soledad.tests.u1db_tests.test_remote_sync_target import (
- make_oauth_http_app,
-)
from leap.soledad.tests import BaseSoledadTest
from leap.soledad.tests.u1db_tests import test_backends
from leap.soledad.tests.u1db_tests import test_http_database
@@ -128,12 +125,6 @@ def copy_token_http_database_for_test(test, db):
class LeapTests(test_backends.AllDatabaseTests, BaseSoledadTest):
scenarios = LEAP_SCENARIOS + [
- ('oauth_http', {'make_database_for_test':
- test_backends.make_oauth_http_database_for_test,
- 'copy_database_for_test':
- test_backends.copy_oauth_http_database_for_test,
- 'make_document_for_test': make_leap_document_for_test,
- 'make_app_with_state': make_oauth_http_app}),
('token_http', {'make_database_for_test':
make_token_http_database_for_test,
'copy_database_for_test':
@@ -362,13 +353,6 @@ def leap_sync_target(test, path):
test.getURL(path), crypto=test._soledad._crypto)
-def oauth_leap_sync_target(test, path):
- st = leap_sync_target(test, '~/' + path)
- st.set_oauth_credentials(tests.consumer1.key, tests.consumer1.secret,
- tests.token1.key, tests.token1.secret)
- return st
-
-
def token_leap_sync_target(test, path):
st = leap_sync_target(test, path)
st.set_token_credentials('user-uuid', 'auth-token')
@@ -379,12 +363,6 @@ class TestLeapSyncTarget(
test_remote_sync_target.TestRemoteSyncTargets, BaseSoledadTest):
scenarios = [
- ('http', {'make_app_with_state': make_soledad_app,
- 'make_document_for_test': make_leap_document_for_test,
- 'sync_target': leap_sync_target}),
- ('oauth_http', {'make_app_with_state': make_oauth_http_app,
- 'make_document_for_test': make_leap_document_for_test,
- 'sync_target': oauth_leap_sync_target}),
('token_soledad',
{'make_app_with_state': make_token_soledad_app,
'make_document_for_test': make_leap_document_for_test,
diff --git a/src/leap/soledad/tests/test_soledad.py b/src/leap/soledad/tests/test_soledad.py
index 45cd7eb2..5eef039f 100644
--- a/src/leap/soledad/tests/test_soledad.py
+++ b/src/leap/soledad/tests/test_soledad.py
@@ -41,7 +41,7 @@ from leap.soledad.backends.leap_backend import LeapDocument
class AuxMethodsTestCase(BaseSoledadTest):
def test__init_dirs(self):
- sol = self._soledad_instance(prefix='/_init_dirs')
+ sol = self._soledad_instance(prefix='_init_dirs')
sol._init_dirs()
local_db_dir = os.path.dirname(sol.local_db_path)
secrets_path = os.path.dirname(sol.secrets_path)
@@ -94,8 +94,12 @@ class AuxMethodsTestCase(BaseSoledadTest):
local_db_path='value_2',
server_url='value_1',
cert_file=None)
- self.assertEqual(self.tempdir+'value_3', sol.secrets_path)
- self.assertEqual(self.tempdir+'value_2', sol.local_db_path)
+ self.assertEqual(
+ os.path.join(self.tempdir, 'value_3'),
+ sol.secrets_path)
+ self.assertEqual(
+ os.path.join(self.tempdir, 'value_2'),
+ sol.local_db_path)
self.assertEqual('value_1', sol.server_url)
diff --git a/src/leap/soledad/tests/test_sqlcipher.py b/src/leap/soledad/tests/test_sqlcipher.py
index 60261111..5bfb8de6 100644
--- a/src/leap/soledad/tests/test_sqlcipher.py
+++ b/src/leap/soledad/tests/test_sqlcipher.py
@@ -773,7 +773,7 @@ class SQLCipherEncryptionTest(BaseLeapTest):
os.unlink(dbfile)
def setUp(self):
- self.DB_FILE = self.tempdir + '/test.db'
+ self.DB_FILE = os.path.join(self.tempdir, 'test.db')
self._delete_dbfiles()
def tearDown(self):