diff options
| author | Tomás Touceda <chiiph@leap.se> | 2014-09-05 15:37:07 -0300 | 
|---|---|---|
| committer | Tomás Touceda <chiiph@leap.se> | 2014-09-08 14:53:23 -0300 | 
| commit | dff4c53be63e5412fe4a8e69d26bf45bd949ec71 (patch) | |
| tree | 7324622548cbc47ab29c205020dc828c0044a2c4 | |
| parent | a96c163b3ef6281eae1cf9c04fcbeb46b9fc43f4 (diff) | |
Send the token when querying the EIP cert
| -rw-r--r-- | changes/bug_use_token_for_eip | 1 | ||||
| -rw-r--r-- | src/leap/bitmask/crypto/certs.py | 12 | 
2 files changed, 11 insertions, 2 deletions
| diff --git a/changes/bug_use_token_for_eip b/changes/bug_use_token_for_eip new file mode 100644 index 00000000..b10368ad --- /dev/null +++ b/changes/bug_use_token_for_eip @@ -0,0 +1 @@ +- Properly send the token for querying the EIP certificate. Fixes #6060.
\ No newline at end of file diff --git a/src/leap/bitmask/crypto/certs.py b/src/leap/bitmask/crypto/certs.py index 244decfd..c3ca4efb 100644 --- a/src/leap/bitmask/crypto/certs.py +++ b/src/leap/bitmask/crypto/certs.py @@ -46,19 +46,27 @@ def download_client_cert(provider_config, path, session):      # again.      srp_auth = SRPAuth(provider_config)      session_id = srp_auth.get_session_id() +    token = srp_auth.get_token()      cookies = None -    if session_id: +    if session_id is not None:          cookies = {"_session_id": session_id}      cert_uri = "%s/%s/cert" % (          provider_config.get_api_uri(),          provider_config.get_api_version())      logger.debug('getting cert from uri: %s' % cert_uri) +    headers = {} + +    # API v2 will only support token auth, but in v1 we can send both +    if token is not None: +        headers["Authorization"] = 'Token token="{0}"'.format(token) +      res = session.get(cert_uri,                        verify=provider_config                        .get_ca_cert_path(),                        cookies=cookies, -                      timeout=REQUEST_TIMEOUT) +                      timeout=REQUEST_TIMEOUT, +                      headers=headers)      res.raise_for_status()      client_cert = res.content | 
