From 177bfa18ac33f281d0a4f12555f0f3b7c84efc3d Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Thu, 23 May 2013 12:03:50 -0300
Subject: Ensure shared db is created by server.

* Also remove unneeded need_auth() method (because all requests need auth).
* This closes #2491.
---
 src/leap/soledad/server.py | 27 +++++++++------------------
 1 file changed, 9 insertions(+), 18 deletions(-)

(limited to 'src/leap')

diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py
index 7aa253a3..331f64aa 100644
--- a/src/leap/soledad/server.py
+++ b/src/leap/soledad/server.py
@@ -171,21 +171,6 @@ class SoledadAuthMiddleware(object):
             return False
         return True
 
-    def need_auth(self, environ):
-        """
-        Check if action can be performed on database without authentication.
-
-        For now, just allow access to /shared/*.
-
-        @param environ: Dictionary containing CGI variables.
-        @type environ: dict
-
-        @return: Whether the requests needs authentication.
-        @rtype: bool
-        """
-        # TODO: design unauth verification.
-        return not environ.get(self.PATH_INFO_KEY).startswith('/shared/')
-
 
 #-----------------------------------------------------------------------------
 # Soledad WSGI application
@@ -196,6 +181,11 @@ class SoledadApp(http_app.HTTPApp):
     Soledad WSGI application
     """
 
+    SHARED_DB_NAME = 'shared'
+    """
+    The name of the shared database that holds user's encrypted secrets.
+    """
+
     def __call__(self, environ, start_response):
         """
         Handle a WSGI call to the Soledad application.
@@ -209,6 +199,8 @@ class SoledadApp(http_app.HTTPApp):
         @return: HTTP application results.
         @rtype: list
         """
+        # ensure the shared database exists
+        self.state.ensure_database(self.SHARED_DB_NAME)
         return http_app.HTTPApp.__call__(self, environ, start_response)
 
 
@@ -244,11 +236,10 @@ def load_configuration(file_path):
 # Run as Twisted WSGI Resource
 #-----------------------------------------------------------------------------
 
-# TODO: create command-line option for choosing config file.
 conf = load_configuration('/etc/leap/soledad-server.conf')
 state = CouchServerState(conf['couch_url'])
 
-application = SoledadAuthMiddleware(
-    SoledadApp(state))
+# WSGI application that may be used by `twistd -web`
+application = SoledadAuthMiddleware(SoledadApp(state))
 
 resource = WSGIResource(reactor, reactor.getThreadPool(), application)
-- 
cgit v1.2.3


From 5da6cb3a430ee3f510552051bf79e4aa36fd6ad1 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Thu, 23 May 2013 14:27:41 -0300
Subject: Fix tests paths.

---
 src/leap/soledad/tests/__init__.py       | 15 ++++++++++-----
 src/leap/soledad/tests/test_crypto.py    |  4 ++--
 src/leap/soledad/tests/test_soledad.py   | 10 +++++++---
 src/leap/soledad/tests/test_sqlcipher.py |  2 +-
 4 files changed, 20 insertions(+), 11 deletions(-)

(limited to 'src/leap')

diff --git a/src/leap/soledad/tests/__init__.py b/src/leap/soledad/tests/__init__.py
index 00de687b..c00fb847 100644
--- a/src/leap/soledad/tests/__init__.py
+++ b/src/leap/soledad/tests/__init__.py
@@ -2,6 +2,7 @@
 Tests to make sure Soledad provides U1DB functionality and more.
 """
 
+import os
 import u1db
 from mock import Mock
 
@@ -28,8 +29,8 @@ class BaseSoledadTest(BaseLeapTest):
 
     def setUp(self):
         # config info
-        self.db1_file = "%s/db1.u1db" % self.tempdir
-        self.db2_file = "%s/db2.u1db" % self.tempdir
+        self.db1_file = os.path.join(self.tempdir, "db1.u1db")
+        self.db2_file = os.path.join(self.tempdir, "db2.u1db")
         self.email = 'leap@leap.se'
         # open test dbs
         self._db1 = u1db.open(self.db1_file, create=True,
@@ -42,12 +43,15 @@ class BaseSoledadTest(BaseLeapTest):
     def tearDown(self):
         self._db1.close()
         self._db2.close()
+        for f in [self._soledad._local_db_path, self._soledad._secrets_path]:
+            if os.path.isfile(f):
+                os.unlink(f)
         self._soledad.close()
 
     def _soledad_instance(self, user='leap@leap.se', passphrase='123',
                           prefix='',
                           secrets_path=Soledad.STORAGE_SECRETS_FILE_NAME,
-                          local_db_path='/soledad.u1db', server_url='',
+                          local_db_path='soledad.u1db', server_url='',
                           cert_file=None, secret_id=None):
 
         def _put_doc_side_effect(doc):
@@ -65,8 +69,9 @@ class BaseSoledadTest(BaseLeapTest):
         return Soledad(
             user,
             passphrase,
-            secrets_path=self.tempdir+prefix+secrets_path,
-            local_db_path=self.tempdir+prefix+local_db_path,
+            secrets_path=os.path.join(self.tempdir, prefix, secrets_path),
+            local_db_path=os.path.join(
+                self.tempdir, prefix, local_db_path),
             server_url=server_url,  # Soledad will fail if not given an url.
             cert_file=cert_file,
             secret_id=secret_id)
diff --git a/src/leap/soledad/tests/test_crypto.py b/src/leap/soledad/tests/test_crypto.py
index a61b931c..d35fc1c1 100644
--- a/src/leap/soledad/tests/test_crypto.py
+++ b/src/leap/soledad/tests/test_crypto.py
@@ -192,7 +192,7 @@ class RecoveryDocumentTestCase(BaseSoledadTest):
 
     def test_import_recovery_document(self):
         rd = self._soledad.export_recovery_document()
-        s = self._soledad_instance(user='anotheruser@leap.se', prefix='/2')
+        s = self._soledad_instance(user='anotheruser@leap.se')
         s.import_recovery_document(rd)
         s._set_secret_id(self._soledad._secret_id)
         self.assertEqual(self._soledad._uuid,
@@ -238,7 +238,7 @@ class CryptoMethodsTestCase(BaseSoledadTest):
 
 
     def test__has_secret(self):
-        sol = self._soledad_instance(user='user@leap.se', prefix='/4')
+        sol = self._soledad_instance(user='user@leap.se')
         self.assertTrue(sol._has_secret(), "Should have a secret at "
                                            "this point")
         # setting secret id to None should not interfere in the fact we have a
diff --git a/src/leap/soledad/tests/test_soledad.py b/src/leap/soledad/tests/test_soledad.py
index 45cd7eb2..5eef039f 100644
--- a/src/leap/soledad/tests/test_soledad.py
+++ b/src/leap/soledad/tests/test_soledad.py
@@ -41,7 +41,7 @@ from leap.soledad.backends.leap_backend import LeapDocument
 class AuxMethodsTestCase(BaseSoledadTest):
 
     def test__init_dirs(self):
-        sol = self._soledad_instance(prefix='/_init_dirs')
+        sol = self._soledad_instance(prefix='_init_dirs')
         sol._init_dirs()
         local_db_dir = os.path.dirname(sol.local_db_path)
         secrets_path = os.path.dirname(sol.secrets_path)
@@ -94,8 +94,12 @@ class AuxMethodsTestCase(BaseSoledadTest):
             local_db_path='value_2',
             server_url='value_1',
             cert_file=None)
-        self.assertEqual(self.tempdir+'value_3', sol.secrets_path)
-        self.assertEqual(self.tempdir+'value_2', sol.local_db_path)
+        self.assertEqual(
+            os.path.join(self.tempdir, 'value_3'),
+            sol.secrets_path)
+        self.assertEqual(
+            os.path.join(self.tempdir, 'value_2'),
+            sol.local_db_path)
         self.assertEqual('value_1', sol.server_url)
 
 
diff --git a/src/leap/soledad/tests/test_sqlcipher.py b/src/leap/soledad/tests/test_sqlcipher.py
index 60261111..5bfb8de6 100644
--- a/src/leap/soledad/tests/test_sqlcipher.py
+++ b/src/leap/soledad/tests/test_sqlcipher.py
@@ -773,7 +773,7 @@ class SQLCipherEncryptionTest(BaseLeapTest):
                 os.unlink(dbfile)
 
     def setUp(self):
-        self.DB_FILE = self.tempdir + '/test.db'
+        self.DB_FILE = os.path.join(self.tempdir, 'test.db')
         self._delete_dbfiles()
 
     def tearDown(self):
-- 
cgit v1.2.3


From 0cab642cb1b93185c85bacf10b7ca93a313b7f66 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Thu, 23 May 2013 15:56:16 -0300
Subject: Prevent Twisted==12.0.0 from messing with OpenSSL.

---
 src/leap/soledad/server.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/leap')

diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py
index 331f64aa..e2944057 100644
--- a/src/leap/soledad/server.py
+++ b/src/leap/soledad/server.py
@@ -32,10 +32,22 @@ except ImportError:
 
 from u1db.remote import http_app
 
+# Keep OpenSSL's tsafe before importing Twisted submodules so we can put
+# it back if Twisted==12.0.0 messes with it.
+from OpenSSL import tsafe
+old_tsafe = tsafe
+
 from twisted.web.wsgi import WSGIResource
 from twisted.internet import reactor
 from twisted.python import log
 
+from twisted import version
+if version.base() == "12.0.0":
+    # Put OpenSSL's tsafe back into place. This can probably be removed if we
+    # come to use Twisted>=12.3.0.
+    import sys
+    sys.modules['OpenSSL.tsafe'] = old_tsafe
+
 from couchdb.client import Server
 
 from leap.soledad.backends.couch import CouchServerState
-- 
cgit v1.2.3


From 6fc38f043e51131647e2a16dad8e1abd10440821 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Thu, 23 May 2013 16:09:23 -0300
Subject: Remove non-token auth schemes.

* Closes #2371.
---
 src/leap/soledad/auth.py                    |  5 +++--
 src/leap/soledad/tests/test_leap_backend.py | 22 ----------------------
 2 files changed, 3 insertions(+), 24 deletions(-)

(limited to 'src/leap')

diff --git a/src/leap/soledad/auth.py b/src/leap/soledad/auth.py
index 562a8263..8c093099 100644
--- a/src/leap/soledad/auth.py
+++ b/src/leap/soledad/auth.py
@@ -25,6 +25,7 @@ they can do token-based auth requests to the Soledad server.
 
 
 from u1db.remote.http_client import HTTPClientBase
+from u1db import errors
 
 
 class TokenBasedAuth(object):
@@ -66,5 +67,5 @@ class TokenBasedAuth(object):
             auth = '%s:%s' % (uuid, token)
             return [('Authorization', 'Token %s' % auth.encode('base64')[:-1])]
         else:
-            return HTTPClientBase._sign_request(
-                self, method, url_query, params)
+            raise errors.UnknownAuthMethod(
+                'Wrong credentials: %s' % self._creds)
diff --git a/src/leap/soledad/tests/test_leap_backend.py b/src/leap/soledad/tests/test_leap_backend.py
index 8afae6f6..2e4b3b01 100644
--- a/src/leap/soledad/tests/test_leap_backend.py
+++ b/src/leap/soledad/tests/test_leap_backend.py
@@ -46,9 +46,6 @@ from leap.soledad import auth
 
 
 from leap.soledad.tests import u1db_tests as tests
-from leap.soledad.tests.u1db_tests.test_remote_sync_target import (
-    make_oauth_http_app,
-)
 from leap.soledad.tests import BaseSoledadTest
 from leap.soledad.tests.u1db_tests import test_backends
 from leap.soledad.tests.u1db_tests import test_http_database
@@ -128,12 +125,6 @@ def copy_token_http_database_for_test(test, db):
 class LeapTests(test_backends.AllDatabaseTests, BaseSoledadTest):
 
     scenarios = LEAP_SCENARIOS + [
-        ('oauth_http', {'make_database_for_test':
-                        test_backends.make_oauth_http_database_for_test,
-                        'copy_database_for_test':
-                        test_backends.copy_oauth_http_database_for_test,
-                        'make_document_for_test': make_leap_document_for_test,
-                        'make_app_with_state': make_oauth_http_app}),
         ('token_http', {'make_database_for_test':
                         make_token_http_database_for_test,
                         'copy_database_for_test':
@@ -362,13 +353,6 @@ def leap_sync_target(test, path):
         test.getURL(path), crypto=test._soledad._crypto)
 
 
-def oauth_leap_sync_target(test, path):
-    st = leap_sync_target(test, '~/' + path)
-    st.set_oauth_credentials(tests.consumer1.key, tests.consumer1.secret,
-                             tests.token1.key, tests.token1.secret)
-    return st
-
-
 def token_leap_sync_target(test, path):
     st = leap_sync_target(test, path)
     st.set_token_credentials('user-uuid', 'auth-token')
@@ -379,12 +363,6 @@ class TestLeapSyncTarget(
         test_remote_sync_target.TestRemoteSyncTargets, BaseSoledadTest):
 
     scenarios = [
-        ('http', {'make_app_with_state': make_soledad_app,
-                  'make_document_for_test': make_leap_document_for_test,
-                  'sync_target': leap_sync_target}),
-        ('oauth_http', {'make_app_with_state': make_oauth_http_app,
-                        'make_document_for_test': make_leap_document_for_test,
-                        'sync_target': oauth_leap_sync_target}),
         ('token_soledad',
             {'make_app_with_state': make_token_soledad_app,
              'make_document_for_test': make_leap_document_for_test,
-- 
cgit v1.2.3