1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# -*- coding: utf-8 -*-
# shared_db.py
# Copyright (C) 2013 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
A shared database for storing/retrieving encrypted key material.
"""
try:
import simplejson as json
except ImportError:
import json # noqa
from u1db import errors
from u1db.remote import http_database
from leap.soledad.auth import (
set_token_credentials,
_sign_request,
)
#-----------------------------------------------------------------------------
# Soledad shared database
#-----------------------------------------------------------------------------
class NoTokenForAuth(Exception):
"""
No token was found for token-based authentication.
"""
class Unauthorized(Exception):
"""
User does not have authorization to perform task.
"""
class SoledadSharedDatabase(http_database.HTTPDatabase):
"""
This is a shared recovery database that enables users to store their
encryption secrets in the server and retrieve them afterwards.
"""
# TODO: prevent client from messing with the shared DB.
# TODO: define and document API.
#
# Token auth methods.
#
set_token_credentials = set_token_credentials
_sign_request = _sign_request
#
# Modified HTTPDatabase methods.
#
@staticmethod
def open_database(url, create, creds=None):
# TODO: users should not be able to create the shared database, so we
# have to remove this from here in the future.
"""
Open a Soledad shared database.
@param url: URL of the remote database.
@type url: str
@param create: Should the database be created if it does not already
exist?
@type create: bool
@param token: An authentication token for accessing the shared db.
@type token: str
@return: The shared database in the given url.
@rtype: SoledadSharedDatabase
"""
db = SoledadSharedDatabase(url, creds=creds)
db.open(create)
return db
@staticmethod
def delete_database(url):
"""
Dummy method that prevents from deleting shared database.
@raise: This will always raise an Unauthorized exception.
@param url: The database URL.
@type url: str
"""
raise Unauthorized("Can't delete shared database.")
def __init__(self, url, document_factory=None, creds=None):
"""
Initialize database with auth token and encryption powers.
@param url: URL of the remote database.
@type url: str
@param document_factory: A factory for U1BD documents.
@type document_factory: u1db.Document
@param creds: A tuple containing the authentication method and
credentials.
@type creds: tuple
"""
http_database.HTTPDatabase.__init__(self, url, document_factory,
creds)
|
