diff options
| -rw-r--r-- | changes/VERSION_COMPAT | 1 | ||||
| -rw-r--r-- | changes/feature_use_token | 1 | ||||
| -rw-r--r-- | pkg/requirements.pip | 1 | ||||
| -rw-r--r-- | src/leap/bitmask/crypto/srpauth.py | 8 | ||||
| -rw-r--r-- | src/leap/bitmask/services/__init__.py | 7 |
5 files changed, 15 insertions, 3 deletions
diff --git a/changes/VERSION_COMPAT b/changes/VERSION_COMPAT index 425478c8..ac2d2e73 100644 --- a/changes/VERSION_COMPAT +++ b/changes/VERSION_COMPAT @@ -9,3 +9,4 @@ # BEGIN DEPENDENCY LIST ------------------------- # leap.foo.bar>=x.y.z leap.common >= 0.3.4 # because the ca_bundle +leap.keymanager >= 0.3.3 # because the gnupg dep diff --git a/changes/feature_use_token b/changes/feature_use_token new file mode 100644 index 00000000..b412cc2d --- /dev/null +++ b/changes/feature_use_token @@ -0,0 +1 @@ + o Use token header for authenticated requests. Closes #3910.
\ No newline at end of file diff --git a/pkg/requirements.pip b/pkg/requirements.pip index 154e51b4..269a4646 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -14,7 +14,6 @@ psutil ipaddr twisted qt4reactor -python-gnupg python-daemon # this should not be needed for Windows. keyring diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py index 9c08d353..90d9ea0a 100644 --- a/src/leap/bitmask/crypto/srpauth.py +++ b/src/leap/bitmask/crypto/srpauth.py @@ -129,6 +129,7 @@ class SRPAuth(QtCore.QObject): SESSION_ID_KEY = "_session_id" USER_VERIFIER_KEY = 'user[password_verifier]' USER_SALT_KEY = 'user[password_salt]' + AUTHORIZATION_KEY = "Authorization" def __init__(self, provider_config): """ @@ -466,6 +467,10 @@ class SRPAuth(QtCore.QObject): self._username, new_password, self._hashfun, self._ng) cookies = {self.SESSION_ID_KEY: self.get_session_id()} + headers = { + self.AUTHORIZATION_KEY: + "Token token={0}".format(self.get_token()) + } user_data = { self.USER_VERIFIER_KEY: binascii.hexlify(verifier), self.USER_SALT_KEY: binascii.hexlify(salt) @@ -475,7 +480,8 @@ class SRPAuth(QtCore.QObject): url, data=user_data, verify=self._provider_config.get_ca_cert_path(), cookies=cookies, - timeout=REQUEST_TIMEOUT) + timeout=REQUEST_TIMEOUT, + headers=headers) # In case of non 2xx it raises HTTPError change_password.raise_for_status() diff --git a/src/leap/bitmask/services/__init__.py b/src/leap/bitmask/services/__init__.py index 9b32c5ad..f9456159 100644 --- a/src/leap/bitmask/services/__init__.py +++ b/src/leap/bitmask/services/__init__.py @@ -126,10 +126,15 @@ def download_service_config(provider_config, service_config, # XXX make and use @with_srp_auth decorator srp_auth = SRPAuth(provider_config) session_id = srp_auth.get_session_id() + token = srp_auth.get_token() cookies = None - if session_id: + if session_id is not None: cookies = {"_session_id": session_id} + # API v2 will only support token auth, but in v1 we can send both + if token is not None: + headers["Authorization"] = 'Token token="{0}"'.format(token) + res = session.get(config_uri, verify=provider_config.get_ca_cert_path(), headers=headers, |