summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/src/leap/soledad/server/auth.py18
-rw-r--r--server/src/leap/soledad/server/session.py3
-rw-r--r--testing/tests/server/test_auth.py11
-rw-r--r--testing/tests/server/test_session.py45
4 files changed, 26 insertions, 51 deletions
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py
index bcef2e7c..1f078bff 100644
--- a/server/src/leap/soledad/server/auth.py
+++ b/server/src/leap/soledad/server/auth.py
@@ -67,24 +67,20 @@ class TokenChecker(object):
self._dbs = {}
def _tokens_dbname(self):
- dbname = self.TOKENS_DB_PREFIX + \
- str(int(time.time() / self.TOKENS_DB_EXPIRE))
- return dbname
-
- def _get_db(self, dbname):
- if dbname not in self._dbs:
- self._dbs[dbname] = self._server[dbname]
- return self._dbs[dbname]
-
- def _tokens_db(self):
# the tokens db rotates every 30 days, and the current db name is
# "tokens_NNN", where NNN is the number of seconds since epoch
# divide dby the rotate period in seconds. When rotating, old and
# new tokens db coexist during a certain window of time and valid
# tokens are replicated from the old db to the new one. See:
# https://leap.se/code/issues/6785
+ dbname = self.TOKENS_DB_PREFIX + \
+ str(int(time.time() / self.TOKENS_DB_EXPIRE))
+ return dbname
+
+ def _tokens_db(self):
dbname = self._tokens_dbname()
- db = self._get_db(dbname)
+ with self._server as server:
+ db = server[dbname]
return db
def requestAvatarId(self, credentials):
diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py
index a56e4e97..a2793bd3 100644
--- a/server/src/leap/soledad/server/session.py
+++ b/server/src/leap/soledad/server/session.py
@@ -104,6 +104,3 @@ class SoledadSession(HTTPAuthSessionWrapper):
# if all checks pass, try to login with credentials
return util.DeferredResource(self._login(credentials))
-
-
-soledadSession = SoledadSession()
diff --git a/testing/tests/server/test_auth.py b/testing/tests/server/test_auth.py
index 0e6baba3..5b215650 100644
--- a/testing/tests/server/test_auth.py
+++ b/testing/tests/server/test_auth.py
@@ -19,6 +19,8 @@ Tests for auth pieces.
"""
import collections
+from contextlib import contextmanager
+
from twisted.cred.credentials import UsernamePassword
from twisted.cred.error import UnauthorizedLogin
from twisted.internet.defer import inlineCallbacks
@@ -54,13 +56,18 @@ class DummyServer(object):
return self._token
+@contextmanager
+def dummy_server(token):
+ yield collections.defaultdict(lambda: DummyServer(token))
+
+
class TokenCheckerTestCase(unittest.TestCase):
@inlineCallbacks
def test_good_creds(self):
# set up a dummy server which always return a *valid* token document
token = {'user_id': 'user', 'type': 'Token'}
- server = collections.defaultdict(lambda: DummyServer(token))
+ server = dummy_server(token)
# setup the checker with the custom server
checker = TokenChecker(server=server)
# assert the checker *can* verify the creds
@@ -72,7 +79,7 @@ class TokenCheckerTestCase(unittest.TestCase):
def test_bad_creds(self):
# set up a dummy server which always return an *invalid* token document
token = None
- server = collections.defaultdict(lambda: DummyServer(token))
+ server = dummy_server(token)
# setup the checker with the custom server
checker = TokenChecker(server=server)
# assert the checker *cannot* verify the creds
diff --git a/testing/tests/server/test_session.py b/testing/tests/server/test_session.py
index 7883ef4a..8131ddb3 100644
--- a/testing/tests/server/test_session.py
+++ b/testing/tests/server/test_session.py
@@ -17,24 +17,20 @@
"""
Tests for server session entrypoint.
"""
-from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
+from twisted.trial import unittest
+
from twisted.cred import portal
+from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
+from twisted.cred.credentials import IUsernamePassword
+from twisted.web.resource import getChildForRequest
+from twisted.web.static import Data
+from twisted.web.test.requesthelper import DummyRequest
from twisted.web.test.test_httpauth import b64encode
from twisted.web.test.test_httpauth import Realm
-from twisted.web.test.requesthelper import DummyRequest
-from twisted.web.resource import getChildForRequest
-
-from twisted.web.resource import Resource
-
-from twisted.trial import unittest
+from twisted.web._auth.wrapper import UnauthorizedResource
from leap.soledad.server.session import SoledadSession
-from twisted.web.static import Data
-from twisted.web._auth.wrapper import UnauthorizedResource
-from twisted.cred.credentials import IUsernamePassword
-from twisted.cred.checkers import ANONYMOUS, AllowAnonymousAccess
-
class SoledadSessionTestCase(unittest.TestCase):
"""
@@ -168,6 +164,7 @@ class SoledadSessionTestCase(unittest.TestCase):
child = getChildForRequest(self.wrapper, request)
request.render(child)
self.assertEqual(request.responseCode, 500)
+ self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def test_unexpectedLoginError(self):
class UnexpectedException(Exception):
@@ -184,26 +181,4 @@ class SoledadSessionTestCase(unittest.TestCase):
child = self._authorizedTokenLogin(request)
request.render(child)
self.assertEqual(request.responseCode, 500)
-
- def test_anonymousAccess(self):
- """
- Anonymous requests are allowed if a L{Portal} has an anonymous checker
- registered.
- """
- unprotectedContents = b"contents of the unprotected child resource"
-
- self.avatars[ANONYMOUS] = Resource()
- self.avatars[ANONYMOUS].putChild(
- self.childName, Data(unprotectedContents, 'text/plain'))
- self.portal.registerChecker(AllowAnonymousAccess())
-
- request = self.makeRequest([self.childName])
- child = getChildForRequest(self.wrapper, request)
- d = request.notifyFinish()
-
- def cbFinished(ignored):
- self.assertEqual(request.written, [unprotectedContents])
-
- d.addCallback(cbFinished)
- request.render(child)
- return d
+ self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)