From 102d581a9091679eab6538887c0d60ac33d092f7 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Sun, 4 Jan 2015 09:48:38 -0500
Subject: [PATCH] Give out FTPAvatarID objects instead.

---
 src/allmydata/frontends/auth.py |  7 +++++--
 src/allmydata/test/test_auth.py | 16 +++++++++++-----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/allmydata/frontends/auth.py b/src/allmydata/frontends/auth.py
index 745adbe8..bba6d64b 100644
--- a/src/allmydata/frontends/auth.py
+++ b/src/allmydata/frontends/auth.py
@@ -43,9 +43,12 @@ class AccountFileChecker:
                 rootcap = rest
             self.rootcaps[name] = rootcap
 
+    def _avatarId(self, username):
+        return FTPAvatarID(username, self.rootcaps[username])
+
     def _cbPasswordMatch(self, matched, username):
         if matched:
-            return FTPAvatarID(username, self.rootcaps[username])
+            return self._avatarId(username)
         raise error.UnauthorizedLogin
 
     def requestAvatarId(self, creds):
@@ -110,7 +113,7 @@ class AccountFileChecker:
             if creds.signature is None:
                 return defer.fail(conch_error.ValidPublicKey())
             if self._correctSignature(creds):
-                return defer.succeed(creds.username)
+                return defer.succeed(self._avatarId(creds.username))
         return defer.fail(error.UnauthorizedLogin())
 
 class AccountURLChecker:
diff --git a/src/allmydata/test/test_auth.py b/src/allmydata/test/test_auth.py
index 46c2fbfb..b61531b1 100644
--- a/src/allmydata/test/test_auth.py
+++ b/src/allmydata/test/test_auth.py
@@ -103,10 +103,11 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDJGMWlPXh2M3pYzTiamjcBIMqctt4VvLVW2QZgEFc8
 
     def test_authenticated(self):
         """
-        AccountFileChecker.requestAvatarId returns a Deferred that fires with
-        the username portion of the account file line that matches the username
-        and key blob portion of the SSHPrivateKey object if that object also
-        has a correct signature.
+        If called with an SSHPrivateKey object with a username and public key
+        found in the account file and a signature that proves possession of the
+        corresponding private key, AccountFileChecker.requestAvatarId returns a
+        Deferred that fires with an FTPAvatarID giving the username and root
+        capability for that user.
         """
         username = b"carol"
         signed_data = b"signed data"
@@ -115,5 +116,10 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDJGMWlPXh2M3pYzTiamjcBIMqctt4VvLVW2QZgEFc8
         key_credentials = credentials.SSHPrivateKey(
             username, b"md5", right_key_blob, signed_data, signature)
         avatarId = self.checker.requestAvatarId(key_credentials)
-        avatarId.addCallback(self.assertEqual, username)
+        def authenticated(avatarId):
+            self.assertEqual(
+                (username,
+                 b"URI:DIR2:cccccccccccccccccccccccccc:3333333333333333333333333333333333333333333333333333"),
+                (avatarId.username, avatarId.rootcap))
+        avatarId.addCallback(authenticated)
         return avatarId
-- 
2.45.2