summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2016-09-27 15:48:29 -0500
committerRuben Pollan <meskio@sindominio.net>2016-09-27 21:40:28 -0500
commit0a0bdc9abbca1d07c1af781567e3a51c529c0447 (patch)
tree883b70f8ebc5825fe1cad7a865d5ab0f0845149d
parent125c711cd5b6faa4e6d62d18dde61dac90471f39 (diff)
[feat] Fetch smtp cert automatically if missing
It's missing dealing with expired certs. I remove get_smtp_certificate core command. - Closes: #8486
-rw-r--r--docs/next-changelog.rst1
-rw-r--r--src/leap/bitmask/cli/mail.py4
-rw-r--r--src/leap/bitmask/core/dispatcher.py25
-rw-r--r--src/leap/bitmask/core/mail_services.py25
-rw-r--r--src/leap/bitmask/core/service.py1
5 files changed, 24 insertions, 32 deletions
diff --git a/docs/next-changelog.rst b/docs/next-changelog.rst
index bac463b6..e9df07f5 100644
--- a/docs/next-changelog.rst
+++ b/docs/next-changelog.rst
@@ -14,6 +14,7 @@ Features
- `#8265 <https://leap.se/code/issues/8265>`_: Add a REST API and bitmask.js library for it.
- `#8400 <https://leap.se/code/issues/8400>`_: Add manual provider registration.
- `#8435 <https://leap.se/code/issues/8435>`_: Write service tokens to a file for email clients to read.
+- `#8486 <https://leap.se/code/issues/8486>`_: Fetch smtp cert automatically if missing.
- Use mail_auth token in the core instead of imap/smtp tokens.
- `#1234 <https://leap.se/code/issues/1234>`_: Description of the new feature corresponding with issue #1234.
diff --git a/src/leap/bitmask/cli/mail.py b/src/leap/bitmask/cli/mail.py
index f0fa9722..46251313 100644
--- a/src/leap/bitmask/cli/mail.py
+++ b/src/leap/bitmask/cli/mail.py
@@ -32,9 +32,7 @@ SUBCOMMANDS:
disable Stop service
status Display status about service
get_token Returns token for the mail service
- get_smtp_certificate Downloads a new smtp certificate
'''.format(name=command.appname)
- commands = ['enable', 'disable', 'status', 'get_token',
- 'get_smtp_certificate']
+ commands = ['enable', 'disable', 'status', 'get_token']
diff --git a/src/leap/bitmask/core/dispatcher.py b/src/leap/bitmask/core/dispatcher.py
index 2950896a..4c885ce7 100644
--- a/src/leap/bitmask/core/dispatcher.py
+++ b/src/leap/bitmask/core/dispatcher.py
@@ -182,31 +182,6 @@ class MailCmd(SubCommand):
d = mail.get_token()
return d
- @register_method('dict')
- def do_GET_SMTP_CERTIFICATE(self, mail, *parts, **kw):
- # TODO move to mail service
- # TODO should ask for confirmation? like --force or something,
- # if we already have a valid one. or better just refuse if cert
- # exists.
- # TODO how should we pass the userid??
- # - Keep an 'active' user in bonafide (last authenticated)
- # (doing it now)
- # - Get active user from Mail Service (maybe preferred?)
- # - Have a command/method to set 'active' user.
-
- @defer.inlineCallbacks
- def save_cert(cert_data):
- userid, cert_str = cert_data
- cert_path = yield mail.do_get_smtp_cert_path(userid)
- with open(cert_path, 'w') as outf:
- outf.write(cert_str)
- defer.returnValue('certificate saved to %s' % cert_path)
-
- bonafide = kw['bonafide']
- d = bonafide.do_get_smtp_cert()
- d.addCallback(save_cert)
- return d
-
class WebUICmd(SubCommand):
diff --git a/src/leap/bitmask/core/mail_services.py b/src/leap/bitmask/core/mail_services.py
index a3cf692e..91d8fcaa 100644
--- a/src/leap/bitmask/core/mail_services.py
+++ b/src/leap/bitmask/core/mail_services.py
@@ -35,6 +35,7 @@ from twisted.python import log
# TODO move to bitmask.common
from leap.common.service_hooks import HookableService
+from leap.common.files import check_and_fix_urw_only
from leap.bitmask.bonafide import config
from leap.bitmask.keymanager import KeyManager
from leap.bitmask.keymanager.errors import KeyNotFound
@@ -488,6 +489,26 @@ class StandardMailService(service.MultiService, HookableService):
# TODO --- only start instance if "autostart" is True.
self.startInstance(userid, soledad, keymanager)
+ @defer.inlineCallbacks
+ def hook_on_bonafide_auth(self, **kw):
+ # TODO: if it's expired we should renew it
+ userid = kw['username']
+ username, provider = userid.split('@')
+ cert_path = _get_smtp_client_cert_path(self._basedir, provider,
+ username)
+ if os.path.exists(cert_path):
+ return
+
+ bonafide = self.parent.getServiceNamed("bonafide")
+ _, cert_str = yield bonafide.do_get_smtp_cert(userid)
+
+ cert_dir = os.path.dirname(cert_path)
+ if not os.path.exists(cert_dir):
+ os.makedirs(cert_dir, mode=0700)
+ with open(cert_path, 'w') as outf:
+ outf.write(cert_str)
+ check_and_fix_urw_only(cert_path)
+
# commands
def do_status(self):
@@ -501,10 +522,6 @@ class StandardMailService(service.MultiService, HookableService):
token = self._service_tokens.get(active_user)
return defer.succeed({'user': active_user, 'token': token})
- def do_get_smtp_cert_path(self, userid):
- username, provider = userid.split('@')
- return _get_smtp_client_cert_path(self._basedir, provider, username)
-
# access to containers
def get_soledad_session(self, userid):
diff --git a/src/leap/bitmask/core/service.py b/src/leap/bitmask/core/service.py
index bfcf0f2d..27853c09 100644
--- a/src/leap/bitmask/core/service.py
+++ b/src/leap/bitmask/core/service.py
@@ -90,6 +90,7 @@ class BitmaskBackend(configurable.ConfigurableService):
bf.register_hook('on_passphrase_entry', listener='soledad')
bf.register_hook('on_bonafide_auth', listener='soledad')
bf.register_hook('on_bonafide_auth', listener='keymanager')
+ bf.register_hook('on_bonafide_auth', listener='mail')
def init_soledad(self):
service = mail_services.SoledadService