Commit f3d45f8e authored by Julien Muchembled's avatar Julien Muchembled

registry: make registration by email optional

parent 9ab18393
...@@ -84,10 +84,11 @@ def main(): ...@@ -84,10 +84,11 @@ def main():
" purpose, it can also be an absolute or existing path to" " purpose, it can also be an absolute or existing path to"
" a mailbox file") " a mailbox file")
_('--prefix-length', default=16, type=int, _('--prefix-length', default=16, type=int,
help="Default length of allocated prefixes.") help="Default length of allocated prefixes."
" If 0, registration by email is disabled.")
_('--anonymous-prefix-length', type=int, _('--anonymous-prefix-length', type=int,
help="Length of allocated anonymous prefixes." help="Length of allocated anonymous prefixes."
" If 0 or unset, registration by email is required") " If 0 or unset, anonymous registration is disabled.")
_('--ipv4', nargs=2, metavar=("IP/N", "PLEN"), _('--ipv4', nargs=2, metavar=("IP/N", "PLEN"),
help="Enable ipv4. Each node is assigned a subnet of length PLEN" help="Enable ipv4. Each node is assigned a subnet of length PLEN"
" inside network IP/N.") " inside network IP/N.")
......
...@@ -41,6 +41,10 @@ def rpc(f): ...@@ -41,6 +41,10 @@ def rpc(f):
return f return f
class HTTPError(Exception):
pass
class RegistryServer(object): class RegistryServer(object):
peers = 0, () peers = 0, ()
...@@ -251,6 +255,8 @@ class RegistryServer(object): ...@@ -251,6 +255,8 @@ class RegistryServer(object):
session[:] = hashlib.sha1(key).digest(), session[:] = hashlib.sha1(key).digest(),
try: try:
result = m(**kw) result = m(**kw)
except HTTPError, e:
return request.send_error(*e.args)
except: except:
logging.warning(request.requestline, exc_info=1) logging.warning(request.requestline, exc_info=1)
return request.send_error(httplib.INTERNAL_SERVER_ERROR) return request.send_error(httplib.INTERNAL_SERVER_ERROR)
...@@ -285,11 +291,14 @@ class RegistryServer(object): ...@@ -285,11 +291,14 @@ class RegistryServer(object):
@rpc @rpc
def requestToken(self, email): def requestToken(self, email):
prefix_len = self.config.prefix_length
if not prefix_len:
raise HTTPError(httplib.FORBIDDEN)
with self.lock: with self.lock:
while True: while True:
# Generating token # Generating token
token = ''.join(random.sample(string.ascii_lowercase, 8)) token = ''.join(random.sample(string.ascii_lowercase, 8))
args = token, email, self.config.prefix_length, int(time.time()) args = token, email, prefix_len, int(time.time())
# Updating database # Updating database
try: try:
self.db.execute("INSERT INTO token VALUES (?,?,?,?)", args) self.db.execute("INSERT INTO token VALUES (?,?,?,?)", args)
...@@ -342,6 +351,8 @@ class RegistryServer(object): ...@@ -342,6 +351,8 @@ class RegistryServer(object):
with self.lock: with self.lock:
with self.db: with self.db:
if token: if token:
if not self.config.prefix_length:
raise HTTPError(httplib.FORBIDDEN)
try: try:
token, email, prefix_len, _ = self.db.execute( token, email, prefix_len, _ = self.db.execute(
"SELECT * FROM token WHERE token = ?", "SELECT * FROM token WHERE token = ?",
...@@ -353,7 +364,7 @@ class RegistryServer(object): ...@@ -353,7 +364,7 @@ class RegistryServer(object):
else: else:
prefix_len = self.config.anonymous_prefix_length prefix_len = self.config.anonymous_prefix_length
if not prefix_len: if not prefix_len:
return raise HTTPError(httplib.FORBIDDEN)
email = None email = None
prefix = self.newPrefix(prefix_len) prefix = self.newPrefix(prefix_len)
self.db.execute("UPDATE cert SET email = ? WHERE prefix = ?", self.db.execute("UPDATE cert SET email = ? WHERE prefix = ?",
...@@ -599,15 +610,23 @@ class RegistryClient(object): ...@@ -599,15 +610,23 @@ class RegistryClient(object):
self._conn.endheaders() self._conn.endheaders()
response = self._conn.getresponse() response = self._conn.getresponse()
body = response.read() body = response.read()
if response.status in (httplib.OK, httplib.NO_CONTENT) and ( if response.status in (httplib.OK, httplib.NO_CONTENT):
not client_prefix or if (not client_prefix or
hmac.HMAC(key, body, hashlib.sha1).digest() == hmac.HMAC(key, body, hashlib.sha1).digest() ==
base64.b64decode(response.msg[HMAC_HEADER])): base64.b64decode(response.msg[HMAC_HEADER])):
if self.auto_close and name != 'hello': if self.auto_close and name != 'hello':
self._conn.close() self._conn.close()
return body return body
elif response.status == httplib.FORBIDDEN:
# XXX: We should improve error handling, while making
# sure re6st nodes don't crash on temporary errors.
# This is currently good enough for re6st-conf, to
# inform the user when registration is disabled.
raise HTTPError(response.status, response.reason)
if client_prefix: if client_prefix:
self._hmac = None self._hmac = None
except HTTPError:
raise
except Exception: except Exception:
logging.info(url, exc_info=1) logging.info(url, exc_info=1)
else: else:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment