From 177bfa18ac33f281d0a4f12555f0f3b7c84efc3d Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 23 May 2013 12:03:50 -0300 Subject: Ensure shared db is created by server. * Also remove unneeded need_auth() method (because all requests need auth). * This closes #2491. --- src/leap/soledad/server.py | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) (limited to 'src/leap') diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py index 7aa253a3..331f64aa 100644 --- a/src/leap/soledad/server.py +++ b/src/leap/soledad/server.py @@ -171,21 +171,6 @@ class SoledadAuthMiddleware(object): return False return True - def need_auth(self, environ): - """ - Check if action can be performed on database without authentication. - - For now, just allow access to /shared/*. - - @param environ: Dictionary containing CGI variables. - @type environ: dict - - @return: Whether the requests needs authentication. - @rtype: bool - """ - # TODO: design unauth verification. - return not environ.get(self.PATH_INFO_KEY).startswith('/shared/') - #----------------------------------------------------------------------------- # Soledad WSGI application @@ -196,6 +181,11 @@ class SoledadApp(http_app.HTTPApp): Soledad WSGI application """ + SHARED_DB_NAME = 'shared' + """ + The name of the shared database that holds user's encrypted secrets. + """ + def __call__(self, environ, start_response): """ Handle a WSGI call to the Soledad application. @@ -209,6 +199,8 @@ class SoledadApp(http_app.HTTPApp): @return: HTTP application results. @rtype: list """ + # ensure the shared database exists + self.state.ensure_database(self.SHARED_DB_NAME) return http_app.HTTPApp.__call__(self, environ, start_response) @@ -244,11 +236,10 @@ def load_configuration(file_path): # Run as Twisted WSGI Resource #----------------------------------------------------------------------------- -# TODO: create command-line option for choosing config file. conf = load_configuration('/etc/leap/soledad-server.conf') state = CouchServerState(conf['couch_url']) -application = SoledadAuthMiddleware( - SoledadApp(state)) +# WSGI application that may be used by `twistd -web` +application = SoledadAuthMiddleware(SoledadApp(state)) resource = WSGIResource(reactor, reactor.getThreadPool(), application) -- cgit v1.2.3 From 5da6cb3a430ee3f510552051bf79e4aa36fd6ad1 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 23 May 2013 14:27:41 -0300 Subject: Fix tests paths. --- src/leap/soledad/tests/__init__.py | 15 ++++++++++----- src/leap/soledad/tests/test_crypto.py | 4 ++-- src/leap/soledad/tests/test_soledad.py | 10 +++++++--- src/leap/soledad/tests/test_sqlcipher.py | 2 +- 4 files changed, 20 insertions(+), 11 deletions(-) (limited to 'src/leap') diff --git a/src/leap/soledad/tests/__init__.py b/src/leap/soledad/tests/__init__.py index 00de687b..c00fb847 100644 --- a/src/leap/soledad/tests/__init__.py +++ b/src/leap/soledad/tests/__init__.py @@ -2,6 +2,7 @@ Tests to make sure Soledad provides U1DB functionality and more. """ +import os import u1db from mock import Mock @@ -28,8 +29,8 @@ class BaseSoledadTest(BaseLeapTest): def setUp(self): # config info - self.db1_file = "%s/db1.u1db" % self.tempdir - self.db2_file = "%s/db2.u1db" % self.tempdir + self.db1_file = os.path.join(self.tempdir, "db1.u1db") + self.db2_file = os.path.join(self.tempdir, "db2.u1db") self.email = 'leap@leap.se' # open test dbs self._db1 = u1db.open(self.db1_file, create=True, @@ -42,12 +43,15 @@ class BaseSoledadTest(BaseLeapTest): def tearDown(self): self._db1.close() self._db2.close() + for f in [self._soledad._local_db_path, self._soledad._secrets_path]: + if os.path.isfile(f): + os.unlink(f) self._soledad.close() def _soledad_instance(self, user='leap@leap.se', passphrase='123', prefix='', secrets_path=Soledad.STORAGE_SECRETS_FILE_NAME, - local_db_path='/soledad.u1db', server_url='', + local_db_path='soledad.u1db', server_url='', cert_file=None, secret_id=None): def _put_doc_side_effect(doc): @@ -65,8 +69,9 @@ class BaseSoledadTest(BaseLeapTest): return Soledad( user, passphrase, - secrets_path=self.tempdir+prefix+secrets_path, - local_db_path=self.tempdir+prefix+local_db_path, + secrets_path=os.path.join(self.tempdir, prefix, secrets_path), + local_db_path=os.path.join( + self.tempdir, prefix, local_db_path), server_url=server_url, # Soledad will fail if not given an url. cert_file=cert_file, secret_id=secret_id) diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py index a61b931c..d35fc1c1 100644 --- a/src/leap/soledad/tests/test_crypto.py +++ b/src/leap/soledad/tests/test_crypto.py @@ -192,7 +192,7 @@ class RecoveryDocumentTestCase(BaseSoledadTest): def test_import_recovery_document(self): rd = self._soledad.export_recovery_document() - s = self._soledad_instance(user='anotheruser@leap.se', prefix='/2') + s = self._soledad_instance(user='anotheruser@leap.se') s.import_recovery_document(rd) s._set_secret_id(self._soledad._secret_id) self.assertEqual(self._soledad._uuid, @@ -238,7 +238,7 @@ class CryptoMethodsTestCase(BaseSoledadTest): def test__has_secret(self): - sol = self._soledad_instance(user='user@leap.se', prefix='/4') + sol = self._soledad_instance(user='user@leap.se') self.assertTrue(sol._has_secret(), "Should have a secret at " "this point") # setting secret id to None should not interfere in the fact we have a diff --git a/src/leap/soledad/tests/test_soledad.py b/src/leap/soledad/tests/test_soledad.py index 45cd7eb2..5eef039f 100644 --- a/src/leap/soledad/tests/test_soledad.py +++ b/src/leap/soledad/tests/test_soledad.py @@ -41,7 +41,7 @@ from leap.soledad.backends.leap_backend import LeapDocument class AuxMethodsTestCase(BaseSoledadTest): def test__init_dirs(self): - sol = self._soledad_instance(prefix='/_init_dirs') + sol = self._soledad_instance(prefix='_init_dirs') sol._init_dirs() local_db_dir = os.path.dirname(sol.local_db_path) secrets_path = os.path.dirname(sol.secrets_path) @@ -94,8 +94,12 @@ class AuxMethodsTestCase(BaseSoledadTest): local_db_path='value_2', server_url='value_1', cert_file=None) - self.assertEqual(self.tempdir+'value_3', sol.secrets_path) - self.assertEqual(self.tempdir+'value_2', sol.local_db_path) + self.assertEqual( + os.path.join(self.tempdir, 'value_3'), + sol.secrets_path) + self.assertEqual( + os.path.join(self.tempdir, 'value_2'), + sol.local_db_path) self.assertEqual('value_1', sol.server_url) diff --git a/src/leap/soledad/tests/test_sqlcipher.py b/src/leap/soledad/tests/test_sqlcipher.py index 60261111..5bfb8de6 100644 --- a/src/leap/soledad/tests/test_sqlcipher.py +++ b/src/leap/soledad/tests/test_sqlcipher.py @@ -773,7 +773,7 @@ class SQLCipherEncryptionTest(BaseLeapTest): os.unlink(dbfile) def setUp(self): - self.DB_FILE = self.tempdir + '/test.db' + self.DB_FILE = os.path.join(self.tempdir, 'test.db') self._delete_dbfiles() def tearDown(self): -- cgit v1.2.3 From 0cab642cb1b93185c85bacf10b7ca93a313b7f66 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 23 May 2013 15:56:16 -0300 Subject: Prevent Twisted==12.0.0 from messing with OpenSSL. --- src/leap/soledad/server.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/leap') diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py index 331f64aa..e2944057 100644 --- a/src/leap/soledad/server.py +++ b/src/leap/soledad/server.py @@ -32,10 +32,22 @@ except ImportError: from u1db.remote import http_app +# Keep OpenSSL's tsafe before importing Twisted submodules so we can put +# it back if Twisted==12.0.0 messes with it. +from OpenSSL import tsafe +old_tsafe = tsafe + from twisted.web.wsgi import WSGIResource from twisted.internet import reactor from twisted.python import log +from twisted import version +if version.base() == "12.0.0": + # Put OpenSSL's tsafe back into place. This can probably be removed if we + # come to use Twisted>=12.3.0. + import sys + sys.modules['OpenSSL.tsafe'] = old_tsafe + from couchdb.client import Server from leap.soledad.backends.couch import CouchServerState -- cgit v1.2.3 From 6fc38f043e51131647e2a16dad8e1abd10440821 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 23 May 2013 16:09:23 -0300 Subject: Remove non-token auth schemes. * Closes #2371. --- src/leap/soledad/auth.py | 5 +++-- src/leap/soledad/tests/test_leap_backend.py | 22 ---------------------- 2 files changed, 3 insertions(+), 24 deletions(-) (limited to 'src/leap') diff --git a/src/leap/soledad/auth.py b/src/leap/soledad/auth.py index 562a8263..8c093099 100644 --- a/src/leap/soledad/auth.py +++ b/src/leap/soledad/auth.py @@ -25,6 +25,7 @@ they can do token-based auth requests to the Soledad server. from u1db.remote.http_client import HTTPClientBase +from u1db import errors class TokenBasedAuth(object): @@ -66,5 +67,5 @@ class TokenBasedAuth(object): auth = '%s:%s' % (uuid, token) return [('Authorization', 'Token %s' % auth.encode('base64')[:-1])] else: - return HTTPClientBase._sign_request( - self, method, url_query, params) + raise errors.UnknownAuthMethod( + 'Wrong credentials: %s' % self._creds) diff --git a/src/leap/soledad/tests/test_leap_backend.py b/src/leap/soledad/tests/test_leap_backend.py index 8afae6f6..2e4b3b01 100644 --- a/src/leap/soledad/tests/test_leap_backend.py +++ b/src/leap/soledad/tests/test_leap_backend.py @@ -46,9 +46,6 @@ from leap.soledad import auth from leap.soledad.tests import u1db_tests as tests -from leap.soledad.tests.u1db_tests.test_remote_sync_target import ( - make_oauth_http_app, -) from leap.soledad.tests import BaseSoledadTest from leap.soledad.tests.u1db_tests import test_backends from leap.soledad.tests.u1db_tests import test_http_database @@ -128,12 +125,6 @@ def copy_token_http_database_for_test(test, db): class LeapTests(test_backends.AllDatabaseTests, BaseSoledadTest): scenarios = LEAP_SCENARIOS + [ - ('oauth_http', {'make_database_for_test': - test_backends.make_oauth_http_database_for_test, - 'copy_database_for_test': - test_backends.copy_oauth_http_database_for_test, - 'make_document_for_test': make_leap_document_for_test, - 'make_app_with_state': make_oauth_http_app}), ('token_http', {'make_database_for_test': make_token_http_database_for_test, 'copy_database_for_test': @@ -362,13 +353,6 @@ def leap_sync_target(test, path): test.getURL(path), crypto=test._soledad._crypto) -def oauth_leap_sync_target(test, path): - st = leap_sync_target(test, '~/' + path) - st.set_oauth_credentials(tests.consumer1.key, tests.consumer1.secret, - tests.token1.key, tests.token1.secret) - return st - - def token_leap_sync_target(test, path): st = leap_sync_target(test, path) st.set_token_credentials('user-uuid', 'auth-token') @@ -379,12 +363,6 @@ class TestLeapSyncTarget( test_remote_sync_target.TestRemoteSyncTargets, BaseSoledadTest): scenarios = [ - ('http', {'make_app_with_state': make_soledad_app, - 'make_document_for_test': make_leap_document_for_test, - 'sync_target': leap_sync_target}), - ('oauth_http', {'make_app_with_state': make_oauth_http_app, - 'make_document_for_test': make_leap_document_for_test, - 'sync_target': oauth_leap_sync_target}), ('token_soledad', {'make_app_with_state': make_token_soledad_app, 'make_document_for_test': make_leap_document_for_test, -- cgit v1.2.3