Give out FTPAvatarID objects instead. 134/head
authorJean-Paul Calderone <exarkun@twistedmatrix.com>
Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)
committerJean-Paul Calderone <exarkun@twistedmatrix.com>
Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)
src/allmydata/frontends/auth.py
src/allmydata/test/test_auth.py

index 745adbe8a1d6a407f7e5664675921d0be7374010..bba6d64b3315fad168104fc08184210629cf229a 100644 (file)
@@ -43,9 +43,12 @@ class AccountFileChecker:
                 rootcap = rest
             self.rootcaps[name] = rootcap
 
+    def _avatarId(self, username):
+        return FTPAvatarID(username, self.rootcaps[username])
+
     def _cbPasswordMatch(self, matched, username):
         if matched:
-            return FTPAvatarID(username, self.rootcaps[username])
+            return self._avatarId(username)
         raise error.UnauthorizedLogin
 
     def requestAvatarId(self, creds):
@@ -110,7 +113,7 @@ class AccountFileChecker:
             if creds.signature is None:
                 return defer.fail(conch_error.ValidPublicKey())
             if self._correctSignature(creds):
-                return defer.succeed(creds.username)
+                return defer.succeed(self._avatarId(creds.username))
         return defer.fail(error.UnauthorizedLogin())
 
 class AccountURLChecker:
index 46c2fbfb99e6c135224c93cbd7c12f54e32174e4..b61531b1b31a043926c318f92f47d29f0d638a81 100644 (file)
@@ -103,10 +103,11 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDJGMWlPXh2M3pYzTiamjcBIMqctt4VvLVW2QZgEFc8
 
     def test_authenticated(self):
         """
-        AccountFileChecker.requestAvatarId returns a Deferred that fires with
-        the username portion of the account file line that matches the username
-        and key blob portion of the SSHPrivateKey object if that object also
-        has a correct signature.
+        If called with an SSHPrivateKey object with a username and public key
+        found in the account file and a signature that proves possession of the
+        corresponding private key, AccountFileChecker.requestAvatarId returns a
+        Deferred that fires with an FTPAvatarID giving the username and root
+        capability for that user.
         """
         username = b"carol"
         signed_data = b"signed data"
@@ -115,5 +116,10 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDJGMWlPXh2M3pYzTiamjcBIMqctt4VvLVW2QZgEFc8
         key_credentials = credentials.SSHPrivateKey(
             username, b"md5", right_key_blob, signed_data, signature)
         avatarId = self.checker.requestAvatarId(key_credentials)
-        avatarId.addCallback(self.assertEqual, username)
+        def authenticated(avatarId):
+            self.assertEqual(
+                (username,
+                 b"URI:DIR2:cccccccccccccccccccccccccc:3333333333333333333333333333333333333333333333333333"),
+                (avatarId.username, avatarId.rootcap))
+        avatarId.addCallback(authenticated)
         return avatarId