From 6c756ba3e9f32804802ce1a0c0835db5483f3ad2 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Tue, 6 Jan 2015 18:10:41 +0000 Subject: [PATCH] Simplify key checking code by inlining _allowedKey and _correctSignature. refs #1141 Signed-off-by: Daira Hopwood --- src/allmydata/frontends/auth.py | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/src/allmydata/frontends/auth.py b/src/allmydata/frontends/auth.py index bba6d64b..4a874d8d 100644 --- a/src/allmydata/frontends/auth.py +++ b/src/allmydata/frontends/auth.py @@ -82,25 +82,6 @@ class AccountFileChecker: d.addCallback(self._cbPasswordMatch, str(creds.username)) return d - def _allowedKey(self, creds): - """ - Determine whether the public key indicated by the given credentials is - one allowed to authenticate the username in those credentials. - - Returns True if so, False otherwise. - """ - return creds.blob == self.pubkeys.get(creds.username) - - def _correctSignature(self, creds): - """ - Determine whether the signature in the given credentials is the correct - signature for the data in those credentials. - - Returns True if so, False otherwise. - """ - key = keys.Key.fromString(creds.blob) - return key.verify(creds.signature, creds.sigData) - def _checkKey(self, creds): """ Determine whether some key-based credentials correctly authenticates a @@ -109,11 +90,19 @@ class AccountFileChecker: Returns a Deferred that fires with the username if so or with an UnauthorizedLogin failure otherwise. """ - if self._allowedKey(creds): + + # Is the public key indicated by the given credentials allowed to + # authenticate the username in those credentials? + if creds.blob == self.pubkeys.get(creds.username): if creds.signature is None: return defer.fail(conch_error.ValidPublicKey()) - if self._correctSignature(creds): + + # Is the signature in the given credentials the correct + # signature for the data in those credentials? + key = keys.Key.fromString(creds.blob) + if key.verify(creds.signature, creds.sigData): return defer.succeed(self._avatarId(creds.username)) + return defer.fail(error.UnauthorizedLogin()) class AccountURLChecker: -- 2.45.2