summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--common/src/leap/soledad/common/errors.py16
-rw-r--r--server/changes/bug_5191_fix-raise-of-auth-token-errors1
-rw-r--r--server/src/leap/soledad/server/auth.py25
3 files changed, 16 insertions, 26 deletions
diff --git a/common/src/leap/soledad/common/errors.py b/common/src/leap/soledad/common/errors.py
index 446c4c75..3a7eadd2 100644
--- a/common/src/leap/soledad/common/errors.py
+++ b/common/src/leap/soledad/common/errors.py
@@ -51,23 +51,15 @@ class SoledadError(errors.U1DBError):
#
@register_exception
-class MissingAuthTokenError(errors.Unauthorized):
- """
- Exception raised when failing to get authorization for some action because
- the auth token is missing in the tokens db.
- """
-
- wire_description = "missing token"
- status = 401
-
-@register_exception
class InvalidAuthTokenError(errors.Unauthorized):
"""
Exception raised when failing to get authorization for some action because
- the provided token is different from the one in the tokens db.
+ the provided token either does not exist in the tokens database, has a
+ distinct structure from the expected one, or is associated with a user
+ with a distinct uuid than the one provided by the client.
"""
- wire_descrition = "token mismatch"
+ wire_descrition = "invalid auth token"
status = 401
#
diff --git a/server/changes/bug_5191_fix-raise-of-auth-token-errors b/server/changes/bug_5191_fix-raise-of-auth-token-errors
new file mode 100644
index 00000000..4e3b08ad
--- /dev/null
+++ b/server/changes/bug_5191_fix-raise-of-auth-token-errors
@@ -0,0 +1 @@
+ o Fix raising of auth token errors (#5191).
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py
index 11805005..e9d2b032 100644
--- a/server/src/leap/soledad/server/auth.py
+++ b/server/src/leap/soledad/server/auth.py
@@ -25,7 +25,7 @@ import httplib
import simplejson as json
-from u1db import DBNAME_CONSTRAINTS
+from u1db import DBNAME_CONSTRAINTS, errors as u1db_errors
from abc import ABCMeta, abstractmethod
from routes.mapper import Mapper
from couchdb.client import Server
@@ -36,8 +36,8 @@ from leap.soledad.common import (
SHARED_DB_NAME,
SHARED_DB_LOCK_DOC_ID_PREFIX,
USER_DB_PREFIX,
- errors,
)
+from leap.soledad.common.errors import InvalidAuthTokenError
class URLToAuthorization(object):
@@ -275,7 +275,7 @@ class SoledadAuthMiddleware(object):
return self._unauthorized_error(
start_response,
self._get_auth_error_string())
- except Unauthorized as e:
+ except u1db_errors.Unauthorized as e:
return self._error(
start_response,
401,
@@ -392,16 +392,14 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
"""
token = auth_data # we expect a cleartext token at this point
try:
- return self._verify_token_in_couchdb(uuid, token)
- except MissingAuthTokenError():
- raise
- except TokenMismatchError():
+ return self._verify_token_in_couch(uuid, token)
+ except InvalidAuthTokenError:
raise
except Exception as e:
log.err(e)
return False
- def _verify_token_in_couchdb(self, uuid, token):
+ def _verify_token_in_couch(self, uuid, token):
"""
Query couchdb to decide if C{token} is valid for C{uuid}.
@@ -410,17 +408,16 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
@param token: The token.
@type token: str
- @raise MissingAuthTokenError: Raised when given token is missing in
- tokens db.
- @raise InvalidAuthTokenError: Raised when token is invalid.
+ @raise InvalidAuthTokenError: Raised when token received from user is
+ either missing in the tokens db or is
+ invalid.
"""
server = Server(url=self._app.state.couch_url)
dbname = self.TOKENS_DB
db = server[dbname]
token = db.get(token)
- if token is None:
- raise MissingAuthTokenError()
- if token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF or \
+ if token is None or \
+ token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF or \
token[self.TOKENS_USER_ID_KEY] != uuid:
raise InvalidAuthTokenError()
return True