def print_info():
"""
"""
return details.__str__()
...
try:
yield self.register(print_info, settings.APP_BASE_URI+'info')
except: ...
2016-01-26T17:30:49+0100 [Router 23283] called info RPC
2016-01-26T17:30:49+0100 [Router 23283] SessionDetails(realm = realm1, session = 4075389642691519, authid = None, authrole = authenticator, authmethod = None) # <---- first client
2016-01-26T17:30:49+0100 [Router 23283] called info RPC
2016-01-26T17:30:49+0100 [Router 23283] SessionDetails(realm = realm1, session = 4075389642691519, authid = None, authrole = authenticator, authmethod = None) # <---- second client
2016-01-26T17:30:49+0100 Client session connected. Starting WAMP-Ticket authentication on realm 'realm1' as principal 'kronos-auth' ..
2016-01-26T17:30:49+0100 session ready
2016-01-26T17:30:49+0100 session details: SessionDetails(realm = realm1, session = 7464678238511771, authid = kronos-auth, authrole = kronos-auth, authmethod = ticket) # <-- session issued when joining
2016-01-26T17:30:49+0100 calling info
2016-01-26T17:30:49+0100 TX WAMP CALL Message (request = 1, procedure = com.myapp.info, args = (), kwargs = {}, timeout = None, receive_progress = None, disclose_me = True)
2016-01-26T17:30:49+0100 RX WAMP RESULT Message (request = 1, args = ['SessionDetails(realm = realm1, session = 4075389642691519, authid = None, authrole = authenticator, authmethod = None)'], kwargs = None, progress = None)
2016-01-26T17:30:49+0100 call result: SessionDetails(realm = realm1, session = 4075389642691519, authid = None, authrole = authenticator, authmethod = None) # <-- getting back a different session id
2016-01-26T17:30:49+0100 TX WAMP REGISTER Message (request = 3, procedure = com.myapp.login, match = exact, invoke = single)
2016-01-26T17:30:49+0100 RX WAMP REGISTERED Message (request = 3, registration = 7876412218466890)
2016-01-26T17:30:49+0100 procedure 'login' registered
2016-01-26T17:30:49+0100 TX WAMP REGISTER Message (request = 4, procedure = com.myapp.kronos-auth.authenticate_peer, match = exact, invoke = single)
2016-01-26T17:38:41+0100 RX WAMP INVOCATION Message (request = 7, registration = 7876412218466890, args = [], kwargs = {'password': '123secret', 'user': 'peter'}, timeout = None, receive_progress = None, caller = 7053397799995983, procedure = None)
2016-01-26T17:38:41+0100 login RPC invoked
2016-01-26T17:38:41+0100 details: SessionDetails(realm = realm1, session = 7464678238511771, authid = kronos-auth, authrole = kronos-auth, authmethod = ticket) # <--- should be session id of client2 (7053397799995983)
2016-01-26T17:38:41+0100 Client session connected. Starting WAMP-Ticket authentication on realm 'realm1' as principal 'anonymous' ..
2016-01-26T17:38:41+0100 session ready
2016-01-26T17:38:41+0100 session details: SessionDetails(realm = realm1, session = 7053397799995983, authid = T2ePzBr/NtvE6uyn1JV7VrfM, authrole = anonymous, authmethod = anonymous) # <-- session issued when joining
2016-01-26T17:38:41+0100 calling info
2016-01-26T17:38:41+0100 TX WAMP CALL Message (request = 1, procedure = com.myapp.info, args = (), kwargs = {}, timeout = None, receive_progress = None, disclose_me = True)
2016-01-26T17:38:41+0100 RX WAMP RESULT Message (request = 1, args = ['SessionDetails(realm = realm1, session = 4075389642691519, authid = None, authrole = authenticator, authmethod = None)'], kwargs = None, progress = None)
2016-01-26T17:38:41+0100 call result: SessionDetails(realm = realm1, session = 4075389642691519, authid = None, authrole = authenticator, authmethod = None) # <-- again getting back a different session id
2016-01-26T17:38:41+0100 calling login
2016-01-26T17:38:41+0100 TX WAMP CALL Message (request = 2, procedure = com.myapp.login, args = (), kwargs = {'user': 'peter', 'password': '123secret'}, timeout = None, receive_progress = None, disclose_me = True)
2016-01-26T17:38:41+0100 RX WAMP RESULT Message (request = 2, args = [None], kwargs = None, progress = None)
2016-01-26T17:38:41+0100 call result: None
...
def _init__(self): self.mongo = MongoClient()
@inlineCallbacks
def session_join_event(self,event):
""" login has been successful """
log.msg("{}> Join ({}) as ({})".format(event['session'],event['authid'],event['authrole']))
session = event.get('session',None)
authid = event.get('authid',None)
if not (session and authid):
log.msg('% ERROR - missing session or authid')
return
record = yield self.mongo.ionman.users.find_one({'authid':authid})
if not record:
log.msg("% ERROR - missing user record")
return
update = {
'authid' : authid,
'session' : session,
'when' : datetime.now()
}
yield self.mongo.ionman.sessions.update({'session':session},{'$set':update},upsert=True)
@inlineCallbacks
def session_leave_event(self,session_id):
""" come here when the session terminates """
log.msg("{}> Leave".format(session_id))
yield self.mongo.ionman.sessions.remove({'session':session_id})
@wamp.register(u'ionman.security.authorize')
def security_authorize(self,session, uri, action):
""" we need to add checks here to validate the caller is allowed """
log.msg('{}> Authorize - {}({})'.format(session['session'],action,uri))
# --- all your user control ACL code can go here ---
return True
wsgi py3: yes, fixed https://twistedmatrix.com/trac/ticket/7993
not in release I think .. ping hawkie .. she has done the porting and is Twisted release mgr
wamp-cra: no security issues known.
wamp-cryptosign is brings a whole different level of security though. beginning with: no secrets on the server side at all! it's a public-private key method. safeguards against credential forwarding. elliptic curves .. but NO nist/nsa tuned ones;) etcetc
but 0.12 will bring alpha of sth even more awesome: wamp-cryptobox.
this is end-to-end encryption for app payload. you can make it that even CB is unable to read your call args/kwargs payload at all!
means: even if someone breaks into your router (or the nsa asks for a backdoor or the data), your app payload is safe!
and the best: 2 lines code at one place in your app to activate .. fully transparent otherwise.
I will write more about that when doing the release. personally, I think this is one of the coolest new features ..
Sent from Mobile (Google Nexus 5)
--
You received this message because you are subscribed to the Google Groups "Crossbar" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+...@googlegroups.com.
To post to this group, send email to cross...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/02b2abce-7f7b-4997-99fe-32d331764289%40googlegroups.com.
authenticate: function() {
ionman.debug('authenticate','Attempting to log in');
ionman.new_credentials = ionman.credentials;
ionman.new_credentials.authid = $('[name=login-username]','#login-form').val();
ionman.new_credentials.password = $.md5($('[name=login-password]','#login-form').val());
ionman.new_connection = new autobahn.Connection(ionman.new_credentials);
ionman.new_connection.onopen = ionman.connection_open_replace;
ionman.new_connection.onclose = ionman.connection_close;
ionman.new_connection.open();
},
connection_open_replace: function(session,details) {
ionman.debug('open','Session opened (replace)');
ionman.connection.close();
ionman.connection = ionman.new_connection;
ionman.credentials = ionman.new_credentials;
ionman.session = session;
},