diff options
-rw-r--r-- | server/src/leap/soledad/server/auth.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index 6ce11e71..aea003ff 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -31,8 +31,8 @@ from twisted.cred.credentials import Anonymous from twisted.cred.credentials import UsernamePassword from twisted.cred.portal import IRealm from twisted.cred.portal import Portal -from twisted.logger import Logger from twisted.internet import defer +from twisted.logger import Logger from twisted.web.iweb import ICredentialFactory from twisted.web.resource import IResource @@ -65,6 +65,11 @@ class SoledadRealm(object): return (IResource, resource, lambda: None) # Authenticated users + + # XXX review this... we're creating a Resource tree + # for each request, for every user. + # What are the perf implications of this?? + if IResource in interfaces: resource = SoledadResource( enable_blobs=enable_blobs, @@ -113,7 +118,6 @@ class TokenChecker(object): def requestAvatarId(self, credentials): if IAnonymous.providedBy(credentials): - log.warn('we are anon') return defer.succeed(Anonymous()) uuid = credentials.username @@ -125,7 +129,6 @@ class TokenChecker(object): db = self._tokens_db() token = db.get(sha512(token).hexdigest()) if token is None: - log.warn('token is none') return defer.fail(error.UnauthorizedLogin()) # TODO -- use cryptography constant time builtin comparison. |