From 177bfa18ac33f281d0a4f12555f0f3b7c84efc3d Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 23 May 2013 12:03:50 -0300 Subject: Ensure shared db is created by server. * Also remove unneeded need_auth() method (because all requests need auth). * This closes #2491. --- src/leap/soledad/server.py | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) (limited to 'src/leap/soledad/server.py') diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py index 7aa253a3..331f64aa 100644 --- a/src/leap/soledad/server.py +++ b/src/leap/soledad/server.py @@ -171,21 +171,6 @@ class SoledadAuthMiddleware(object): return False return True - def need_auth(self, environ): - """ - Check if action can be performed on database without authentication. - - For now, just allow access to /shared/*. - - @param environ: Dictionary containing CGI variables. - @type environ: dict - - @return: Whether the requests needs authentication. - @rtype: bool - """ - # TODO: design unauth verification. - return not environ.get(self.PATH_INFO_KEY).startswith('/shared/') - #----------------------------------------------------------------------------- # Soledad WSGI application @@ -196,6 +181,11 @@ class SoledadApp(http_app.HTTPApp): Soledad WSGI application """ + SHARED_DB_NAME = 'shared' + """ + The name of the shared database that holds user's encrypted secrets. + """ + def __call__(self, environ, start_response): """ Handle a WSGI call to the Soledad application. @@ -209,6 +199,8 @@ class SoledadApp(http_app.HTTPApp): @return: HTTP application results. @rtype: list """ + # ensure the shared database exists + self.state.ensure_database(self.SHARED_DB_NAME) return http_app.HTTPApp.__call__(self, environ, start_response) @@ -244,11 +236,10 @@ def load_configuration(file_path): # Run as Twisted WSGI Resource #----------------------------------------------------------------------------- -# TODO: create command-line option for choosing config file. conf = load_configuration('/etc/leap/soledad-server.conf') state = CouchServerState(conf['couch_url']) -application = SoledadAuthMiddleware( - SoledadApp(state)) +# WSGI application that may be used by `twistd -web` +application = SoledadAuthMiddleware(SoledadApp(state)) resource = WSGIResource(reactor, reactor.getThreadPool(), application) -- cgit v1.2.3 From 0cab642cb1b93185c85bacf10b7ca93a313b7f66 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 23 May 2013 15:56:16 -0300 Subject: Prevent Twisted==12.0.0 from messing with OpenSSL. --- src/leap/soledad/server.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/leap/soledad/server.py') diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py index 331f64aa..e2944057 100644 --- a/src/leap/soledad/server.py +++ b/src/leap/soledad/server.py @@ -32,10 +32,22 @@ except ImportError: from u1db.remote import http_app +# Keep OpenSSL's tsafe before importing Twisted submodules so we can put +# it back if Twisted==12.0.0 messes with it. +from OpenSSL import tsafe +old_tsafe = tsafe + from twisted.web.wsgi import WSGIResource from twisted.internet import reactor from twisted.python import log +from twisted import version +if version.base() == "12.0.0": + # Put OpenSSL's tsafe back into place. This can probably be removed if we + # come to use Twisted>=12.3.0. + import sys + sys.modules['OpenSSL.tsafe'] = old_tsafe + from couchdb.client import Server from leap.soledad.backends.couch import CouchServerState -- cgit v1.2.3