error out when user tries --http-auth

This commit is contained in:
Lex Berezhny 2019-01-17 18:33:28 -05:00
parent 974d3c83e3
commit 31586bf588
6 changed files with 7 additions and 108 deletions

View file

@ -17,9 +17,6 @@ dht_node_port: 4444
peer_port: 3333 peer_port: 3333
use_upnp: True use_upnp: True
use_auth_http: True
use_https: True
#components_to_skip: #components_to_skip:
# - peer_protocol_server # - peer_protocol_server
# - hash_announcer # - hash_announcer

View file

@ -250,8 +250,6 @@ ADJUSTABLE_SETTINGS = {
'sd_download_timeout': (int, 3), 'sd_download_timeout': (int, 3),
'share_usage_data': (bool, True), # whether to share usage stats and diagnostic info with LBRY 'share_usage_data': (bool, True), # whether to share usage stats and diagnostic info with LBRY
'peer_search_timeout': (int, 60), 'peer_search_timeout': (int, 60),
'use_auth_http': (bool, False),
'use_https': (bool, False),
'use_upnp': (bool, True), 'use_upnp': (bool, True),
'use_keyring': (bool, False), 'use_keyring': (bool, False),
'wallet': (str, LBRYUM_WALLET), 'wallet': (str, LBRYUM_WALLET),
@ -606,8 +604,7 @@ class Config:
return os.path.join(self.ensure_data_dir(), self['LOG_FILE_NAME']) return os.path.join(self.ensure_data_dir(), self['LOG_FILE_NAME'])
def get_api_connection_string(self, user: str = None, password: str = None) -> str: def get_api_connection_string(self, user: str = None, password: str = None) -> str:
return 'http%s://%s%s:%i/%s' % ( return 'http://%s%s:%i/%s' % (
"" if not self['use_https'] else "s",
"" if not (user and password) else f"{user}:{password}@", "" if not (user and password) else f"{user}:{password}@",
self['api_host'], self['api_host'],
self['api_port'], self['api_port'],

View file

@ -86,7 +86,8 @@ def start_daemon_with_cli_args(argv=None, data_dir: typing.Optional[str] = None,
args = parser.parse_args(argv) args = parser.parse_args(argv)
settings = {} settings = {}
if args.useauth: if args.useauth:
settings['use_auth_http'] = True print('--http-auth is no longer supported; an alternative solution using IPC is forthcoming.')
return
verbose = None verbose = None
if args.verbose: if args.verbose:

View file

@ -362,8 +362,6 @@ class Daemon(metaclass=JSONRPCServerType):
Checker.INTERNET_CONNECTION[0]: (LoopingCall(CheckInternetConnection(self)), Checker.INTERNET_CONNECTION[0]: (LoopingCall(CheckInternetConnection(self)),
Checker.INTERNET_CONNECTION[1]) Checker.INTERNET_CONNECTION[1])
} }
use_authentication = conf.settings['use_auth_http']
use_https = conf.settings['use_https']
self.analytics_manager = analytics_manager or analytics.Manager.new_instance() self.analytics_manager = analytics_manager or analytics.Manager.new_instance()
self.component_manager = component_manager or ComponentManager( self.component_manager = component_manager or ComponentManager(
analytics_manager=self.analytics_manager, analytics_manager=self.analytics_manager,
@ -371,8 +369,6 @@ class Daemon(metaclass=JSONRPCServerType):
) )
self.looping_call_manager = LoopingCallManager({n: lc for n, (lc, t) in (looping_calls or {}).items()}) self.looping_call_manager = LoopingCallManager({n: lc for n, (lc, t) in (looping_calls or {}).items()})
self._looping_call_times = {n: t for n, (lc, t) in (looping_calls or {}).items()} self._looping_call_times = {n: t for n, (lc, t) in (looping_calls or {}).items()}
self._use_authentication = use_authentication or conf.settings['use_auth_http']
self._use_https = use_https or conf.settings['use_https']
self.listening_port = None self.listening_port = None
self._component_setup_task = None self._component_setup_task = None
self.announced_startup = False self.announced_startup = False

View file

@ -56,88 +56,13 @@ class UnAuthAPIClient:
return await resp.json() return await resp.json()
class AuthAPIClient:
def __init__(self, key, session, cookies, url, login_url):
self.session = session
self.__api_key = key
self.__login_url = login_url
self.__id_count = 0
self.__url = url
self.__cookies = cookies
def __getattr__(self, name):
if name.startswith('__') and name.endswith('__'):
raise AttributeError(name)
def f(*args, **kwargs):
return self.call(name, [args, kwargs])
return f
async def call(self, method, params=None):
params = params or {}
self.__id_count += 1
pre_auth_post_data = {
'version': '2',
'method': method,
'params': params,
'id': self.__id_count
}
to_auth = json.dumps(pre_auth_post_data, sort_keys=True)
auth_msg = self.__api_key.get_hmac(to_auth).decode()
pre_auth_post_data.update({'hmac': auth_msg})
post_data = json.dumps(pre_auth_post_data)
headers = {
'Host': self.__url.hostname,
'User-Agent': USER_AGENT,
'Content-type': 'application/json'
}
async with self.session.post(self.__login_url, data=post_data, headers=headers) as resp:
if resp is None:
raise JSONRPCException({'code': -342, 'message': 'missing HTTP response from server'})
resp.raise_for_status()
next_secret = resp.headers.get(LBRY_SECRET, False)
if next_secret:
self.__api_key.secret = next_secret
return await resp.json()
@classmethod
async def get_client(cls, key_name=None):
api_key_name = key_name or "api"
keyring = Keyring.load_from_disk() # pylint: disable=E0602
api_key = keyring.api_key
login_url = conf.settings.get_api_connection_string(api_key_name, api_key.secret)
url = urlparse(login_url)
headers = {
'Host': url.hostname,
'User-Agent': USER_AGENT,
'Content-type': 'application/json'
}
connector = aiohttp.TCPConnector(ssl=None if not conf.settings['use_https'] else keyring.ssl_context)
session = aiohttp.ClientSession(connector=connector)
async with session.post(login_url, headers=headers) as r:
cookies = r.cookies
uid = cookies.get(TWISTED_SECURE_SESSION if conf.settings['use_https'] else TWISTED_SESSION).value
api_key = APIKey.create(seed=uid.encode()) # pylint: disable=E0602
return cls(api_key, session, cookies, url, login_url)
class LBRYAPIClient: class LBRYAPIClient:
@staticmethod @staticmethod
def get_client(conf_path=None): def get_client(conf_path=None):
conf.conf_file = conf_path conf.conf_file = conf_path
if not conf.settings: if not conf.settings:
conf.initialize_settings() conf.initialize_settings()
return AuthAPIClient.get_client() if conf.settings['use_auth_http'] else \ return UnAuthAPIClient.from_url(conf.settings.get_api_connection_string())
UnAuthAPIClient.from_url(conf.settings.get_api_connection_string())
if sys.platform.startswith('darwin') or sys.platform.startswith('linux'): if sys.platform.startswith('darwin') or sys.platform.startswith('linux'):
@ -348,6 +273,9 @@ def main():
"--http-auth", dest="useauth", action="store_true", default=conf.settings['use_auth_http'] "--http-auth", dest="useauth", action="store_true", default=conf.settings['use_auth_http']
) )
args = parser.parse_args() args = parser.parse_args()
if args.useauth:
print('--http-auth is no longer supported; an alternative solution using IPC is forthcoming.')
return
loop = asyncio.get_event_loop() loop = asyncio.get_event_loop()
loop.run_until_complete(start_lbrynet_console(args.quiet, args.use_existing_daemon, args.useauth)) loop.run_until_complete(start_lbrynet_console(args.quiet, args.use_existing_daemon, args.useauth))
reactor.run() reactor.run()

View file

@ -29,7 +29,6 @@ class FakeAnalytics:
class CLIIntegrationTest(AsyncioTestCase): class CLIIntegrationTest(AsyncioTestCase):
USE_AUTH = False
async def asyncSetUp(self): async def asyncSetUp(self):
skip = [ skip = [
@ -40,7 +39,6 @@ class CLIIntegrationTest(AsyncioTestCase):
] ]
conf.initialize_settings(load_conf_file=False) conf.initialize_settings(load_conf_file=False)
conf.settings['api_port'] = 5299 conf.settings['api_port'] = 5299
conf.settings['use_auth_http'] = self.USE_AUTH
conf.settings['components_to_skip'] = skip conf.settings['components_to_skip'] = skip
conf.settings.initialize_post_conf_load() conf.settings.initialize_post_conf_load()
Daemon.component_attributes = {} Daemon.component_attributes = {}
@ -50,25 +48,7 @@ class CLIIntegrationTest(AsyncioTestCase):
async def asyncTearDown(self): async def asyncTearDown(self):
await self.daemon.shutdown() await self.daemon.shutdown()
@skip
class AuthenticatedCLITest(CLIIntegrationTest):
USE_AUTH = True
def test_cli_status_command_with_auth(self): def test_cli_status_command_with_auth(self):
self.assertTrue(self.daemon._use_authentication)
actual_output = StringIO()
with contextlib.redirect_stdout(actual_output):
cli.main(["status"])
actual_output = actual_output.getvalue()
self.assertIn("connection_status", actual_output)
class UnauthenticatedCLITest(CLIIntegrationTest):
USE_AUTH = False
def test_cli_status_command_with_auth(self):
self.assertFalse(self.daemon._use_authentication)
actual_output = StringIO() actual_output = StringIO()
with contextlib.redirect_stdout(actual_output): with contextlib.redirect_stdout(actual_output):
cli.main(["status"]) cli.main(["status"])