diff options
author | Kali Kaneko <kali@leap.se> | 2015-09-04 02:18:51 -0400 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2015-09-04 02:18:51 -0400 |
commit | 7576725b8992b621614e725c7a5a1c3b6991303a (patch) | |
tree | af00a7c0a1c24c31fed6e555df8d88d75d198ea3 /bonafide | |
parent | 47a1c704321f30c09007f7c60162c6c12c146b93 (diff) |
smtp certs [WIP]
Diffstat (limited to 'bonafide')
-rw-r--r-- | bonafide/src/leap/bonafide/_decorators.py | 2 | ||||
-rw-r--r-- | bonafide/src/leap/bonafide/_http.py | 6 | ||||
-rw-r--r-- | bonafide/src/leap/bonafide/provider.py | 5 | ||||
-rw-r--r-- | bonafide/src/leap/bonafide/session.py | 30 |
4 files changed, 34 insertions, 9 deletions
diff --git a/bonafide/src/leap/bonafide/_decorators.py b/bonafide/src/leap/bonafide/_decorators.py index cfd6ec07..6b437150 100644 --- a/bonafide/src/leap/bonafide/_decorators.py +++ b/bonafide/src/leap/bonafide/_decorators.py @@ -19,7 +19,7 @@ Decorators used in bonafide. """ -def needs_authentication(func): +def auth_required(func): """ Decorate a method so that it will not be called if the instance attribute `is_authenticated` does not evaluate to True. diff --git a/bonafide/src/leap/bonafide/_http.py b/bonafide/src/leap/bonafide/_http.py index 6510e84c..39aababd 100644 --- a/bonafide/src/leap/bonafide/_http.py +++ b/bonafide/src/leap/bonafide/_http.py @@ -18,6 +18,7 @@ """ twisted.web utils for bonafide. """ +import base64 import cookielib import urllib @@ -39,12 +40,15 @@ def cookieAgentFactory(verify_path, connectTimeout=30): return CookieAgent(agent, cookiejar) -def httpRequest(agent, url, values={}, headers={}, method='POST'): +def httpRequest(agent, url, values={}, headers={}, method='POST', token=None): data = '' if values: data = urllib.urlencode(values) headers['Content-Type'] = ['application/x-www-form-urlencoded'] + if token: + headers['Authorization'] = ['Token token="%s"' % (bytes(token))] + def handle_response(response): if response.code == 204: d = defer.succeed('') diff --git a/bonafide/src/leap/bonafide/provider.py b/bonafide/src/leap/bonafide/provider.py index ca2ea1d6..5b13d73b 100644 --- a/bonafide/src/leap/bonafide/provider.py +++ b/bonafide/src/leap/bonafide/provider.py @@ -21,8 +21,13 @@ LEAP Provider API. class LeapProviderApi(object): # TODO when should the provider-api object be created? + # TODO relate to a Provider object, with autoconf flag. # XXX separate in auth-needing actions? + # doing that in LeapSession right now (with a decorator) + # but probably it would be better if we can just gather that info in just + # one place and decorate the methods programatically. + # XXX version this mapping !!! actions = { diff --git a/bonafide/src/leap/bonafide/session.py b/bonafide/src/leap/bonafide/session.py index 85e49e06..198b250c 100644 --- a/bonafide/src/leap/bonafide/session.py +++ b/bonafide/src/leap/bonafide/session.py @@ -21,7 +21,7 @@ from twisted.internet import defer, reactor from twisted.python import log from leap.bonafide import srp_auth -from leap.bonafide._decorators import needs_authentication +from leap.bonafide._decorators import auth_required from leap.bonafide._http import httpRequest, cookieAgentFactory @@ -57,8 +57,8 @@ class LeapSession(object): log.msg("%s to %s" % (method, uri)) params = self._srp_auth.get_handshake_params(self.username, A) - handshake = yield httpRequest(self._agent, uri, values=params, - method=method) + handshake = yield self._request(self._agent, uri, values=params, + method=method) M = self._srp_auth.process_handshake(srpuser, handshake) uri, method = self._api.get_uri_and_method( @@ -66,26 +66,38 @@ class LeapSession(object): log.msg("%s to %s" % (method, uri)) params = self._srp_auth.get_authentication_params(M, A) - auth = yield httpRequest(self._agent, uri, values=params, - method=method) + auth = yield self._request(self._agent, uri, values=params, + method=method) uuid, token, M2 = self._srp_auth.process_authentication(auth) self._srp_auth.verify_authentication(srpuser, M2) self._uuid = uuid self._token = token - defer.returnValue('[OK] Credentias Authenticated through SRP') + defer.returnValue('[OK] Credentials Authenticated through SRP') - @needs_authentication + @auth_required def logout(self): print "Should logout..." + @auth_required + def get_smtp_cert(self): + # TODO pass it to the provider object so that it can save it in the + # right path. + uri, method = self._api.get_uri_and_method('get_smtp_cert') + print method, "to", uri + return self._request(self._agent, uri, method=method) + @property def is_authenticated(self): if not self._srp_user: return False return self._srp_user.authenticated() + def _request(self, *args, **kw): + kw['token'] = self._token + return httpRequest(*args, **kw) + if __name__ == "__main__": from leap.bonafide import provider @@ -106,10 +118,14 @@ if __name__ == "__main__": def auth_eb(failure): print "[ERROR!]", failure.getErrorMessage() + log.err(failure) d = session.authenticate() d.addCallback(print_result) d.addErrback(auth_eb) + d.addCallback(lambda _: session.get_smtp_cert()) + d.addCallback(print_result) + d.addErrback(auth_eb) d.addCallback(lambda _: session.logout()) d.addBoth(cbShutDown) reactor.run() |