diff options
-rw-r--r-- | docs/core/index.rst | 4 | ||||
-rw-r--r-- | src/leap/bitmask/core/web/_auth.py | 3 |
2 files changed, 3 insertions, 4 deletions
diff --git a/docs/core/index.rst b/docs/core/index.rst index 84ac8fb4..d03dd727 100644 --- a/docs/core/index.rst +++ b/docs/core/index.rst @@ -48,7 +48,7 @@ provider fails (or with no network connectivity), the backend **should** signal the error but equally return a local authentication token (this is not implemented yet, but needs to be done to support an offline mode of operation). -To authenticate any request to the API, the ``Authentication`` header has to be +To authenticate any request to the API, the ``Authorization`` header has to be added to it. You need to pass a ``Token`` field, with a value equal to the concatenation of the username and the local session token , base64-encoded:: @@ -60,7 +60,7 @@ concatenation of the username and the local session token , base64-encoded:: >>> base64.b64encode('user@provider.org:52dac27fcf633b1dba58') 'dXNlckBwcm92aWRlci5vcmc6NTJkYWMyN2ZjZjYzM2IxZGJhNTg=' - $ curl -X POST localhost:7070/API/core/stop -H 'Authentication: Token dXNlckBwcm92aWRlci5vcmc6NTJkYWMyN2ZjZjYzM2IxZGJhNTg=' + $ curl -X POST localhost:7070/API/core/stop -H 'Authorization: Token dXNlckBwcm92aWRlci5vcmc6NTJkYWMyN2ZjZjYzM2IxZGJhNTg=' $ {'shutdown': 'ok'} diff --git a/src/leap/bitmask/core/web/_auth.py b/src/leap/bitmask/core/web/_auth.py index 3eb4fa13..2747fae8 100644 --- a/src/leap/bitmask/core/web/_auth.py +++ b/src/leap/bitmask/core/web/_auth.py @@ -51,8 +51,7 @@ def protectedResourceFactory(resource, session_tokens, whitelist): @implementer(checkers.ICredentialsChecker) class TokenDictChecker: - credentialInterfaces = (credentials.IUsernamePassword, - credentials.IUsernameHashedPassword) + credentialInterfaces = (credentials.IUsernamePassword,) def __init__(self, tokens): self.tokens = tokens |