Give out FTPAvatarID objects instead.

author Jean-Paul Calderone <exarkun@twistedmatrix.com>

Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)

committer Jean-Paul Calderone <exarkun@twistedmatrix.com>

Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)
author Jean-Paul Calderone <exarkun@twistedmatrix.com>
Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)
committer Jean-Paul Calderone <exarkun@twistedmatrix.com>
Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)
diff --git a/src/allmydata/frontends/auth.py b/src/allmydata/frontends/auth.py

index 745adbe8a1d6a407f7e5664675921d0be7374010..bba6d64b3315fad168104fc08184210629cf229a 100644 (file)
--- a/src/allmydata/frontends/auth.py
+++ b/src/allmydata/frontends/auth.py
@@ -43,9 +43,12 @@ class AccountFileChecker:
                  rootcap = rest
              self.rootcaps[name] = rootcap
  
+    def _avatarId(self, username):
+        return FTPAvatarID(username, self.rootcaps[username])
+
      def _cbPasswordMatch(self, matched, username):
          if matched:
-            return FTPAvatarID(username, self.rootcaps[username])
+            return self._avatarId(username)
          raise error.UnauthorizedLogin
  
      def requestAvatarId(self, creds):
@@ -110,7 +113,7 @@ class AccountFileChecker:
              if creds.signature is None:
                  return defer.fail(conch_error.ValidPublicKey())
              if self._correctSignature(creds):
-                return defer.succeed(creds.username)
+                return defer.succeed(self._avatarId(creds.username))
          return defer.fail(error.UnauthorizedLogin())
  
  class AccountURLChecker:
diff --git a/src/allmydata/test/test_auth.py b/src/allmydata/test/test_auth.py

index 46c2fbfb99e6c135224c93cbd7c12f54e32174e4..b61531b1b31a043926c318f92f47d29f0d638a81 100644 (file)
--- a/src/allmydata/test/test_auth.py
+++ b/src/allmydata/test/test_auth.py
@@ -103,10 +103,11 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDJGMWlPXh2M3pYzTiamjcBIMqctt4VvLVW2QZgEFc8
  
      def test_authenticated(self):
          """
-        AccountFileChecker.requestAvatarId returns a Deferred that fires with
-        the username portion of the account file line that matches the username
-        and key blob portion of the SSHPrivateKey object if that object also
-        has a correct signature.
+        If called with an SSHPrivateKey object with a username and public key
+        found in the account file and a signature that proves possession of the
+        corresponding private key, AccountFileChecker.requestAvatarId returns a
+        Deferred that fires with an FTPAvatarID giving the username and root
+        capability for that user.
          """
          username = b"carol"
          signed_data = b"signed data"
@@ -115,5 +116,10 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDJGMWlPXh2M3pYzTiamjcBIMqctt4VvLVW2QZgEFc8
          key_credentials = credentials.SSHPrivateKey(
              username, b"md5", right_key_blob, signed_data, signature)
          avatarId = self.checker.requestAvatarId(key_credentials)
-        avatarId.addCallback(self.assertEqual, username)
+        def authenticated(avatarId):
+            self.assertEqual(
+                (username,
+                 b"URI:DIR2:cccccccccccccccccccccccccc:3333333333333333333333333333333333333333333333333333"),
+                (avatarId.username, avatarId.rootcap))
+        avatarId.addCallback(authenticated)
          return avatarId
author	Jean-Paul Calderone <exarkun@twistedmatrix.com>
	Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)
committer	Jean-Paul Calderone <exarkun@twistedmatrix.com>
	Sun, 4 Jan 2015 14:48:38 +0000 (09:48 -0500)
src/allmydata/frontends/auth.py		patch \| blob \| history
src/allmydata/test/test_auth.py		patch \| blob \| history