diff options
author | Kali Kaneko <kali@leap.se> | 2018-01-10 12:31:17 +0100 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2018-01-25 01:19:10 +0100 |
commit | 5ffa0c1710ce4038b94a026a58daf8f12aef2ec4 (patch) | |
tree | 61723ea8c2385b2930ed82f401f52d6239ecc221 /src/leap/bitmask/bonafide/config.py | |
parent | 5510c24e61046269e5b29df7d7ffb67a42bdc763 (diff) |
[feat] support anonymous vpn
honor the anonymous certificate for the providers that offer it.
this still needs a change in bonafide, in which if provider supports
anonymous access we still have to download eip-service.json
for testing, I assume this has been already manually downloaded.
Diffstat (limited to 'src/leap/bitmask/bonafide/config.py')
-rw-r--r-- | src/leap/bitmask/bonafide/config.py | 41 |
1 files changed, 28 insertions, 13 deletions
diff --git a/src/leap/bitmask/bonafide/config.py b/src/leap/bitmask/bonafide/config.py index 222726b7..fe40f277 100644 --- a/src/leap/bitmask/bonafide/config.py +++ b/src/leap/bitmask/bonafide/config.py @@ -31,13 +31,15 @@ from cryptography.hazmat.primitives import hashes from cryptography.x509 import load_pem_x509_certificate from urlparse import urlparse +from twisted.cred.credentials import Anonymous from twisted.internet import defer from twisted.logger import Logger from twisted.web.client import downloadPage from leap.bitmask.bonafide._http import httpRequest -from leap.bitmask.bonafide.provider import Discovery from leap.bitmask.bonafide.errors import NotConfiguredError, NetworkError +from leap.bitmask.bonafide.provider import Discovery +from leap.bitmask.bonafide.session import Session from leap.bitmask.util import here, STANDALONE from leap.common.check import leap_assert @@ -266,6 +268,10 @@ class Provider(object): self.log.debug('Bootstrapping provider %s' % domain) def first_bootstrap_done(ignored): + if self._allows_anonymous: + # we continue bootstrapping, we do not + # need to wait for authentication. + return try: self.first_bootstrap.callback('got config') except defer.AlreadyCalledError: @@ -282,6 +288,14 @@ class Provider(object): d.addCallback(self.maybe_download_services_config) self.ongoing_bootstrap = d + def _allows_anonymous(self): + try: + anon = self._provider_config.get( + 'service').get('allows_anonymous') + except ValueError: + anon = False + return anon + def callWhenMainConfigReady(self, cb, *args, **kw): d = self.first_bootstrap d.addCallback(lambda _: cb(*args, **kw)) @@ -388,17 +402,23 @@ class Provider(object): return os.path.isfile(self._get_configs_path()) def maybe_download_services_config(self, ignored): - # TODO --- currently, some providers (mail.bitmask.net) raise 401 # UNAUTHENTICATED if we try to get the services # See: # https://leap.se/code/issues/7906 + def first_bootstrap_done(ignored): + try: + self.first_bootstrap.callback('got config') + except defer.AlreadyCalledError: + pass + uri, met, path = self._get_configs_download_params() d = httpRequest( self._http._agent, uri, method=met, saveto=path) d.addCallback(lambda _: self._load_provider_json()) d.addCallback( lambda _: self._get_config_for_all_services(session=None)) + d.addCallback(first_bootstrap_done) d.addErrback(lambda _: 'ok for now') return d @@ -499,6 +519,10 @@ class Provider(object): self._disco.netloc = parsed.netloc def _get_config_for_all_services(self, session): + if session is None: + provider_cert = self._get_ca_cert_path() + session = Session(Anonymous(), self.api_uri, provider_cert) + services_dict = self._load_provider_configs() configs_path = self._get_configs_path() with open(configs_path) as jsonf: @@ -510,12 +534,8 @@ class Provider(object): for subservice in self.SERVICES_MAP[service]: uri = base + str(services_dict[subservice]) path = self._get_service_config_path(subservice) - if session: - d = session.fetch_provider_configs( - uri, path, method='GET') - else: - d = self._fetch_provider_configs_unauthenticated( - uri, path, method='GET') + d = session.fetch_provider_configs( + uri, path, method='GET') pending.append(d) return defer.gatherResults(pending) @@ -525,11 +545,6 @@ class Provider(object): services_dict = Record(**json.load(jsonf)).services return services_dict - def _fetch_provider_configs_unauthenticated(self, uri, path): - self.log.info('Downloading config for %s...' % uri) - return httpRequest( - self._http._agent, uri, saveto=path) - class Record(object): def __init__(self, **kw): |