summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/pkg/requirements.pip17
-rw-r--r--server/pkg/soledad-server (renamed from server/pkg/soledad)2
-rw-r--r--server/setup.py2
-rw-r--r--server/src/leap/soledad/server/auth.py22
4 files changed, 20 insertions, 23 deletions
diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip
index be5d156b..df6ad95d 100644
--- a/server/pkg/requirements.pip
+++ b/server/pkg/requirements.pip
@@ -4,19 +4,12 @@ simplejson
u1db
routes
PyOpenSSL<0.14
-
-# TODO: maybe we just want twisted-web?
-twisted>=12.0.0
+twisted
# leap deps -- bump me!
-leap.soledad.common>=0.3.0
-
-#
-# Things yet to fix:
-#
-
-# oauth is not strictly needed by us, but we need it
-# until u1db adds it to its release as a dep.
+leap.soledad.common>=0.6.5
+# XXX -- fix me!
+# oauth is not strictly needed by us, but we need it until u1db adds it to its
+# release as a dep.
oauth
-
diff --git a/server/pkg/soledad b/server/pkg/soledad-server
index ccb3e9b0..811ad55b 100644
--- a/server/pkg/soledad
+++ b/server/pkg/soledad-server
@@ -34,8 +34,8 @@ case "${1}" in
start)
echo -n "Starting soledad: twistd"
start-stop-daemon --start --quiet \
- --user=${USER} --group=${GROUP} \
--exec ${TWISTD_PATH} -- \
+ --uid=${USER} --gid=${GROUP} \
--pidfile=${PIDFILE} \
--logfile=${LOGFILE} \
web \
diff --git a/server/setup.py b/server/setup.py
index 573622ce..124ddd32 100644
--- a/server/setup.py
+++ b/server/setup.py
@@ -35,7 +35,7 @@ if isset('VIRTUAL_ENV') or isset('LEAP_SKIP_INIT'):
data_files = None
else:
# XXX this should go only for linux/mac
- data_files = [("/etc/init.d/", ["pkg/soledad"])]
+ data_files = [("/etc/init.d/", ["pkg/soledad-server"])]
trove_classifiers = (
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py
index 57f600a1..7af4e54b 100644
--- a/server/src/leap/soledad/server/auth.py
+++ b/server/src/leap/soledad/server/auth.py
@@ -21,10 +21,10 @@ Authentication facilities for Soledad Server.
"""
+import time
import httplib
import simplejson as json
-
from u1db import DBNAME_CONSTRAINTS, errors as u1db_errors
from abc import ABCMeta, abstractmethod
from routes.mapper import Mapper
@@ -32,12 +32,8 @@ from couchdb.client import Server
from twisted.python import log
from hashlib import sha512
-
-from leap.soledad.common import (
- SHARED_DB_NAME,
- SHARED_DB_LOCK_DOC_ID_PREFIX,
- USER_DB_PREFIX,
-)
+from leap.soledad.common import SHARED_DB_NAME
+from leap.soledad.common import USER_DB_PREFIX
from leap.soledad.common.errors import InvalidAuthTokenError
@@ -354,7 +350,8 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
Token based authentication.
"""
- TOKENS_DB = "tokens"
+ TOKENS_DB_PREFIX = "tokens_"
+ TOKENS_DB_EXPIRE = 30 * 24 * 3600 # 30 days in seconds
TOKENS_TYPE_KEY = "type"
TOKENS_TYPE_DEF = "Token"
TOKENS_USER_ID_KEY = "user_id"
@@ -414,7 +411,14 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
invalid.
"""
server = Server(url=self._app.state.couch_url)
- dbname = self.TOKENS_DB
+ # the tokens db rotates every 30 days, and the current db name is
+ # "tokens_NNN", where NNN is the number of seconds since epoch divided
+ # by the rotate period in seconds. When rotating, old and new tokens
+ # db coexist during a certain window of time and valid tokens are
+ # replicated from the old db to the new one. See:
+ # https://leap.se/code/issues/6785
+ dbname = self.TOKENS_DB_PREFIX + \
+ str(int(time.time() / self.TOKENS_DB_EXPIRE))
db = server[dbname]
# lookup key is a hash of the token to prevent timing attacks.
token = db.get(sha512(token).hexdigest())
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 00:51:21 +0000