diff options
| author | Kali Kaneko (leap communications) <kali@leap.se> | 2017-02-23 00:35:33 +0100 |
|---|---|---|
| committer | Kali Kaneko (leap communications) <kali@leap.se> | 2017-02-24 16:20:52 +0100 |
| commit | e3999c4906348dadcc85eec1df9a48e776deccd5 (patch) | |
| tree | 7f8156ba80f367df22c4e823c301360706e06e8d /src/leap/bitmask/core/web/_auth.py | |
| parent | 6b3ea883a62d40f8e2d68ce95bbefa2ac64b95de (diff) | |
[feature] require authentication token for api
implements a global auth token for the app.
this token is written to .config/leap/authtoken, and passed to the
anchor part of the landing URI when opening the index resource by the
browser.
- Resolves: #8765
Diffstat (limited to 'src/leap/bitmask/core/web/_auth.py')
| -rw-r--r-- | src/leap/bitmask/core/web/_auth.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/leap/bitmask/core/web/_auth.py b/src/leap/bitmask/core/web/_auth.py index 2747fae8..aa6aeb9b 100644 --- a/src/leap/bitmask/core/web/_auth.py +++ b/src/leap/bitmask/core/web/_auth.py @@ -6,6 +6,7 @@ from twisted.web.guard import HTTPAuthSessionWrapper, BasicCredentialFactory from twisted.web.resource import IResource +# Deprecate if the user-session tokens are finally not used. class TokenCredentialFactory(BasicCredentialFactory): scheme = 'token' @@ -37,11 +38,11 @@ class WhitelistHTTPAuthSessionWrapper(HTTPAuthSessionWrapper): return HTTPAuthSessionWrapper.render(self, request) -def protectedResourceFactory(resource, session_tokens, whitelist): +def protectedResourceFactory(resource, tokens, whitelist): realm = HttpPasswordRealm(resource) - checker = TokenDictChecker(session_tokens) - resource_portal = portal.Portal(realm, [checker]) + checker = TokenDictChecker(tokens) credentialFactory = TokenCredentialFactory('localhost') + resource_portal = portal.Portal(realm, [checker]) protected_resource = WhitelistHTTPAuthSessionWrapper( resource_portal, [credentialFactory], whitelist=whitelist) |