desktopcouch

Merge lp://qastaging/~sil/desktopcouch/get-oauth-tokens-function into lp://qastaging/desktopcouch

get-oauth-tokens-function
Merge into trunk

Proposed by Stuart Langridge on 2009-08-25

Status:	Rejected
Rejected by:	Elliot Murphy on 2009-08-25
Proposed branch:	lp://qastaging/~sil/desktopcouch/get-oauth-tokens-function
Merge into:	lp://qastaging/desktopcouch
Diff against target:	None lines
To merge this branch:	bzr merge lp://qastaging/~sil/desktopcouch/get-oauth-tokens-function
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Tim Cole (community)		2009-08-25	Needs Fixing on 2009-08-25
Review via email: mp+10653@code.qastaging.launchpad.net

Revision history for this message

Stuart Langridge (sil) wrote on 2009-08-25:

Add a function to retrieve the OAuth token details for this desktop couch server from the ini file, which will be required by the pairing process (so they can be handed to a paired server over the network).

Revision history for this message

Tim Cole (tcole) wrote on 2009-08-25:

***PLEASE*** use a random.SystemRandom instance and call .choice() on that rather than using random/random.Random to generate anything related to credentials.

review: Needs Fixing

Revision history for this message

Stuart Langridge (sil) wrote on 2009-08-25:

> ***PLEASE*** use a random.SystemRandom instance and call .choice() on that
> rather than using random/random.Random to generate anything related to
> credentials.

Fixed in a new branch, lp:~sil/desktopcouch/not-so-random (because this branch didn't actually add that code, this is a branch of another unmerged branch that added it).

lp://qastaging/~sil/desktopcouch/get-oauth-tokens-function updated on 2009-08-25

39. By Stuart Langridge on 2009-08-25: typo

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Elliot Murphy

Stuart Langridge

Ubuntu One hackers

desktopcouch

Merge lp://qastaging/~sil/desktopcouch/get-oauth-tokens-function into lp://qastaging/desktopcouch

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers

 === modified file 'data/couchdb.tmpl'
 --- data/couchdb.tmpl	2009-07-14 13:53:21 +0000
 +++ data/couchdb.tmpl	2009-08-20 12:55:54 +0000
@@ -31,7 +31,7 @@
  come back to browse your CouchDB again.</p>
  <p>Don't bookmark the CouchDB page itself, because its location may change!</p>
  <p>Taking you to your Desktop CouchDB in <span>30</span> seconds...
--<a id="there" href="http://localhost:[[COUCHDB_PORT]]/_utils">take me
++<a id="there" href="http://[[COUCHDB_USERNAME]]:[[COUCHDB_PASSWORD]]@localhost:[[COUCHDB_PORT]]/_utils">take me
  there straight away from now on</a> (remember to bookmark this page first!)</p>
  </body>
  </html>
 === modified file 'desktopcouch/local_files.py'
 --- desktopcouch/local_files.py	2009-08-05 11:18:46 +0000
 +++ desktopcouch/local_files.py	2009-08-25 12:58:26 +0000
@@ -92,6 +92,42 @@
      return chain
++class NoOAuthTokenException(Exception):
++    def __str__(self):
++        return "OAuth details were not found in the ini file (%s)" % FILE_INI
++
++def get_oauth_tokens():
++    """Return the OAuth tokens from the desktop Couch ini file.
++       CouchDB OAuth is two-legged OAuth (not three-legged like most OAuth).
++       We have one "consumer", defined by a consumer_key and a secret,
++       and an "access token", defined by a token and a secret.
++       The OAuth signature is created with reference to these and the requested
++       URL.
++       (More traditional 3-legged OAuth starts with a "request token" which is
++       then used to procure an "access token". We do not require this.)
++    """
++    import ConfigParser
++    c = ConfigParser.ConfigParser()
++    # monkeypatch ConfigParser to stop it lower-casing option names
++    c.optionxform = lambda s: s
++    c.read(FILE_INI)
++    try:
++        oauth_token_secrets = c.items("oauth_token_secretsx")
++        oauth_consumer_secrets = c.items("oauth_consumer_secrets")
++    except ConfigParser.NoSectionError:
++        raise NoOAuthTokenException
++    if not oauth_token_secrets or not oauth_consumer_secrets:
++        raise NoOAuthTokenException
++    try:
++        out = {
++            "token": oauth_token_secrets[0][0],
++            "token_secret": oauth_token_secrets[0][1],
++            "consumer_key": oauth_consumer_secrets[0][0],
++            "consumer_secret": oauth_consumer_secrets[0][1]
++        }
++    except IndexError:
++        raise NoOAuthTokenException
++    return out
  # You will need to add -b or -k on the end of this
  COUCH_EXEC_COMMAND = [COUCH_EXE, couch_chain_flag(), FILE_INI, '-p', FILE_PID,
 === modified file 'desktopcouch/start_local_couchdb.py'
 --- desktopcouch/start_local_couchdb.py	2009-08-19 16:00:01 +0000
 +++ desktopcouch/start_local_couchdb.py	2009-08-20 12:55:54 +0000
@@ -32,14 +32,16 @@
  """
  from __future__ import with_statement
--import os, subprocess, sys, glob
++import os, subprocess, sys, glob, random, string
  import desktopcouch
  from desktopcouch import local_files
  import xdg.BaseDirectory
  import errno
--import time
++import time, gtk, gnomekeyring
  from desktopcouch.records.server import CouchDatabase
++ACCEPTABLE_USERNAME_PASSWORD_CHARS = string.lowercase + string.uppercase
++
  def dump_ini(data, filename):
      """Dump INI data with sorted sections and keywords"""
      fd = open(filename, 'w')
@@ -56,18 +58,31 @@
  def create_ini_file():
      """Write CouchDB ini file if not already present"""
--    # FIXME add update trigger folder
--    #update_trigger_dir = [
--    #    'lib', 'canonical', 'ubuntuone', 'cloud_server', 'update_triggers']
--    #
--    #timestamp_trigger = os.path.join(
--    #    *update_trigger_dir + ['timestamp_trigger.py'])
--    #update_trigger =  os.path.join(
--    #    *update_trigger_dir + ['update_trigger.py'])
--
      if os.path.exists(local_files.FILE_INI):
--        return
--
++        # load the username and password from the keyring
++        try:
++            data = gnomekeyring.find_items_sync(gnomekeyring.ITEM_GENERIC_SECRET,
++                                            {'desktopcouch': 'basic'})
++        except gnomekeyring.NoMatchError:
++            data = None
++        if data:
++            username, password = data[0].secret.split(":")
++            return username, password
++        # otherwise fall through; for some reason the access details aren't
++        # in the keyring, so re-create the ini file and do it all again
++
++    # randomly generate tokens and usernames
++    def make_random_string(count):
++        return ''.join([random.choice(ACCEPTABLE_USERNAME_PASSWORD_CHARS)
++                        for x in range(count)])
++
++    ADMIN_ACCOUNT_USERNAME = make_random_string(10)
++    ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD = make_random_string(10)
++    CONSUMER_KEY = make_random_string(10)
++    CONSUMER_SECRET = make_random_string(10)
++    TOKEN = make_random_string(10)
++    TOKEN_SECRET = make_random_string(10)
++
      local = {
          'couchdb': {
              'database_dir': local_files.DIR_DB,
@@ -81,9 +96,43 @@
              'file': local_files.FILE_LOG,
              'level': 'info',
          },
++        'admins': {
++            ADMIN_ACCOUNT_USERNAME: ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD
++        },
++        'oauth_consumer_secrets': {
++            CONSUMER_KEY: CONSUMER_SECRET
++        },
++        'oauth_token_secrets': {
++            TOKEN: TOKEN_SECRET
++        },
++        'oauth_token_users': {
++            TOKEN: ADMIN_ACCOUNT_USERNAME
++        },
++        'couch_httpd_auth': {
++            'require_valid_user': 'true'
++        }
+     }
      dump_ini(local, local_files.FILE_INI)
++    # save admin account details in keyring
++    item_id = gnomekeyring.item_create_sync(
++            None,
++            gnomekeyring.ITEM_GENERIC_SECRET,
++            'Desktop Couch user authentication',
++            {'desktopcouch': 'basic'},
++            "%s:%s" % (ADMIN_ACCOUNT_USERNAME, ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD),
++            True)
++    # and oauth tokens
++    item_id = gnomekeyring.item_create_sync(
++            None,
++            gnomekeyring.ITEM_GENERIC_SECRET,
++            'Desktop Couch user authentication',
++            {'desktopcouch': 'oauth'},
++            "%s:%s:%s:%s" % (CONSUMER_KEY, CONSUMER_SECRET, TOKEN, TOKEN_SECRET),
++            True)
++
++
++    return (ADMIN_ACCOUNT_USERNAME, ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD)
  def run_couchdb():
      """Actually start the CouchDB process"""
@@ -146,7 +195,7 @@
                  # than inefficiently just overwriting it regardless
                  db.add_view(view_name, mapjs, reducejs, dd_name)
--def write_bookmark_file():
++def write_bookmark_file(username, password):
      """Write out an HTML document that the user can bookmark to find their DB"""
      bookmark_file = os.path.join(local_files.DIR_DB, "couchdb.html")
@@ -182,21 +231,24 @@
              pass
      else:
          fp = open(bookmark_file, "w")
--        fp.write(html.replace("[[COUCHDB_PORT]]", port))
++        out = html.replace("[[COUCHDB_PORT]]", port)
++        out = out.replace("[[COUCHDB_USERNAME]]", username)
++        out = out.replace("[[COUCHDB_PASSWORD]]", password)
++        fp.write(out)
          fp.close()
          print "Browse your desktop CouchDB at file://%s" % \
            os.path.realpath(bookmark_file)
  def start_couchdb():
      """Execute each step to start a desktop CouchDB"""
--    create_ini_file()
++    username, password = create_ini_file()
      run_couchdb()
      # Note that we do not call update_design_documents here. This is because
      # Couch won't actually have started yet, so when update_design_documents
      # calls the Records API, that will call back into get_pid and we end up
      # starting Couch again. Instead, get_pid calls update_design_documents
      # *after* Couch startup has occurred.
--    write_bookmark_file()
++    write_bookmark_file(username, password)
  if __name__ == "__main__":