From 4fce575de20effc9c4d934028f8ccdfbd97932e1 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Thu, 29 Dec 2016 09:28:10 -0200
Subject: [refactor] remove twisted session persistence

The need for token caching in server is a matter of debate, as is the
ideal way to do it. Twisted sessions store the session id in a cookie
and use that session id to persist. It is not clear if that
implementation is needed, works with future features (as multiple
soledad servers) or represents a security problem in some way. Because
of these, this commit removes it for now. The feature is left in git
history so we can bring it back later if needed.
---
 server/src/leap/soledad/server/session.py | 45 ++-----------------------------
 1 file changed, 2 insertions(+), 43 deletions(-)

(limited to 'server')

diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py
index 59424a7b..4ed2721c 100644
--- a/server/src/leap/soledad/server/session.py
+++ b/server/src/leap/soledad/server/session.py
@@ -21,40 +21,14 @@ from zope.interface import implementer
 
 from twisted.cred import error
 from twisted.python import log
-from twisted.python.components import registerAdapter
 from twisted.web import util
 from twisted.web.guard import HTTPAuthSessionWrapper
 from twisted.web.resource import ErrorPage
 from twisted.web.resource import IResource
-from twisted.web.server import Session
-from zope.interface import Interface
-from zope.interface import Attribute
 
 from leap.soledad.server.auth import portal
 from leap.soledad.server.auth import credentialFactory
 from leap.soledad.server.url_mapper import URLMapper
-from leap.soledad.server.resource import SoledadResource
-
-
-class ISessionData(Interface):
-    username = Attribute('An uuid.')
-    password = Attribute('A token.')
-
-
-@implementer(ISessionData)
-class SessionData(object):
-    def __init__(self, session):
-        self.username = None
-        self.password = None
-
-
-registerAdapter(SessionData, Session, ISessionData)
-
-
-def _sessionData(request):
-    session = request.getSession()
-    data = ISessionData(session)
-    return data
 
 
 @implementer(IResource)
@@ -115,22 +89,7 @@ class SoledadSession(HTTPAuthSessionWrapper):
         if request_uuid and request_uuid != credentials.username:
             return ErrorPage(500, None, None)
 
-        # eventually return a cached resouce
-        sessionData = _sessionData(request)
-        if sessionData.username == credentials.username \
-                and sessionData.password == credentials.password:
-            return SoledadResource()
-
-        return util.DeferredResource(self._login(credentials, sessionData))
-
-    def _login(self, credentials, sessionData):
+        return util.DeferredResource(self._login(credentials))
 
-        def _cacheSessionData(res):
-            sessionData.username = credentials.username
-            sessionData.password = credentials.password
-            return res
 
-        d = self._portal.login(credentials, None, IResource)
-        d.addCallback(_cacheSessionData)
-        d.addCallbacks(self._loginSucceeded, self._loginFailed)
-        return d
+soledadSession = SoledadSession()
-- 
cgit v1.2.3