Merge pull request #1084 from tahoe-lafs/3736.frontends-auth-python-3

Port allmydata.frontend.auth to Python 3 Fixes ticket:3736
2025-02-20 17:52:50 +00:00 · 2021-06-23 09:04:48 -04:00 · 2021-06-23 09:04:48 -04:00 · 7deec790a6
commit 7deec790a6
parent 83b4fb88f4 2447d09fc0
4 changed files with 45 additions and 3 deletions
--- a/newsfragments/3736.minor
+++ b/newsfragments/3736.minor
--- a/src/allmydata/frontends/auth.py
+++ b/src/allmydata/frontends/auth.py
@ -1,3 +1,15 @@
+"""
+Authentication for frontends.
+"""
+from __future__ import unicode_literals
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
+from future.utils import PY2
+if PY2:
+    from future.builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, str, max, min  # noqa: F401
+
 from zope.interface import implementer
 from twisted.internet import defer
 from twisted.cred import error, checkers, credentials
--- a/src/allmydata/test/test_auth.py
+++ b/src/allmydata/test/test_auth.py
@ -39,8 +39,10 @@ dBSD8940XU3YW+oeq8e+p3yQ2GinHfeJ3BYQyNQLuMAJ
 """)

 DUMMY_ACCOUNTS = u"""\
-alice password URI:DIR2:aaaaaaaaaaaaaaaaaaaaaaaaaa:1111111111111111111111111111111111111111111111111111
+alice herpassword URI:DIR2:aaaaaaaaaaaaaaaaaaaaaaaaaa:1111111111111111111111111111111111111111111111111111
 bob sekrit URI:DIR2:bbbbbbbbbbbbbbbbbbbbbbbbbb:2222222222222222222222222222222222222222222222222222
+
+# dennis password URI:DIR2:aaaaaaaaaaaaaaaaaaaaaaaaaa:1111111111111111111111111111111111111111111111111111
 carol {key} URI:DIR2:cccccccccccccccccccccccccc:3333333333333333333333333333333333333333333333333333
 """.format(key=str(DUMMY_KEY.public().toString("openssh"), "ascii")).encode("ascii")

@ -54,7 +56,7 @@ class AccountFileCheckerKeyTests(unittest.TestCase):
        abspath = abspath_expanduser_unicode(str(self.account_file.path))
        self.checker = auth.AccountFileChecker(None, abspath)

-    def test_unknown_user(self):
+    def test_unknown_user_ssh(self):
        """
        AccountFileChecker.requestAvatarId returns a Deferred that fires with
        UnauthorizedLogin if called with an SSHPrivateKey object with a
@ -65,6 +67,19 @@ class AccountFileCheckerKeyTests(unittest.TestCase):
        avatarId = self.checker.requestAvatarId(key_credentials)
        return self.assertFailure(avatarId, error.UnauthorizedLogin)

+    def test_unknown_user_password(self):
+        """
+        AccountFileChecker.requestAvatarId returns a Deferred that fires with
+        UnauthorizedLogin if called with an SSHPrivateKey object with a
+        username not present in the account file.
+
+        We use a commented out user, so we're also checking that comments are
+        skipped.
+        """
+        key_credentials = credentials.UsernamePassword(b"dennis", b"password")
+        d = self.checker.requestAvatarId(key_credentials)
+        return self.assertFailure(d, error.UnauthorizedLogin)
+
    def test_password_auth_user_with_ssh_key(self):
        """
        AccountFileChecker.requestAvatarId returns a Deferred that fires with
@ -81,7 +96,21 @@ class AccountFileCheckerKeyTests(unittest.TestCase):
        AccountFileChecker.requestAvatarId returns a Deferred that fires with
        the user if the correct password is given.
        """
-        key_credentials = credentials.UsernamePassword(b"alice", b"password")
+        key_credentials = credentials.UsernamePassword(b"alice", b"herpassword")
+        d = self.checker.requestAvatarId(key_credentials)
+        def authenticated(avatarId):
+            self.assertEqual(
+                (b"alice",
+                 b"URI:DIR2:aaaaaaaaaaaaaaaaaaaaaaaaaa:1111111111111111111111111111111111111111111111111111"),
+                (avatarId.username, avatarId.rootcap))
+        return d
+
+    def test_password_auth_user_with_correct_hashed_password(self):
+        """
+        AccountFileChecker.requestAvatarId returns a Deferred that fires with
+        the user if the correct password is given in hashed form.
+        """
+        key_credentials = credentials.UsernameHashedPassword(b"alice", b"herpassword")
        d = self.checker.requestAvatarId(key_credentials)
        def authenticated(avatarId):
            self.assertEqual(
--- a/src/allmydata/util/_python3.py
+++ b/src/allmydata/util/_python3.py
@ -52,6 +52,7 @@ PORTED_MODULES = [
    "allmydata.deep_stats",
    "allmydata.dirnode",
    "allmydata.frontends",
+    "allmydata.frontends.auth",
    "allmydata.frontends.sftpd",
    "allmydata.hashtree",
    "allmydata.history",