From 6c756ba3e9f32804802ce1a0c0835db5483f3ad2 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Tue, 6 Jan 2015 18:10:41 +0000
Subject: [PATCH] Simplify key checking code by inlining _allowedKey and
 _correctSignature. refs #1141

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 src/allmydata/frontends/auth.py | 31 ++++++++++---------------------
 1 file changed, 10 insertions(+), 21 deletions(-)

diff --git a/src/allmydata/frontends/auth.py b/src/allmydata/frontends/auth.py
index bba6d64b..4a874d8d 100644
--- a/src/allmydata/frontends/auth.py
+++ b/src/allmydata/frontends/auth.py
@@ -82,25 +82,6 @@ class AccountFileChecker:
         d.addCallback(self._cbPasswordMatch, str(creds.username))
         return d
 
-    def _allowedKey(self, creds):
-        """
-        Determine whether the public key indicated by the given credentials is
-        one allowed to authenticate the username in those credentials.
-
-        Returns True if so, False otherwise.
-        """
-        return creds.blob == self.pubkeys.get(creds.username)
-
-    def _correctSignature(self, creds):
-        """
-        Determine whether the signature in the given credentials is the correct
-        signature for the data in those credentials.
-
-        Returns True if so, False otherwise.
-        """
-        key = keys.Key.fromString(creds.blob)
-        return key.verify(creds.signature, creds.sigData)
-
     def _checkKey(self, creds):
         """
         Determine whether some key-based credentials correctly authenticates a
@@ -109,11 +90,19 @@ class AccountFileChecker:
         Returns a Deferred that fires with the username if so or with an
         UnauthorizedLogin failure otherwise.
         """
-        if self._allowedKey(creds):
+
+        # Is the public key indicated by the given credentials allowed to
+        # authenticate the username in those credentials?
+        if creds.blob == self.pubkeys.get(creds.username):
             if creds.signature is None:
                 return defer.fail(conch_error.ValidPublicKey())
-            if self._correctSignature(creds):
+
+            # Is the signature in the given credentials the correct
+            # signature for the data in those credentials?
+            key = keys.Key.fromString(creds.blob)
+            if key.verify(creds.signature, creds.sigData):
                 return defer.succeed(self._avatarId(creds.username))
+
         return defer.fail(error.UnauthorizedLogin())
 
 class AccountURLChecker:
-- 
2.45.2