summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/core/index.rst4
-rw-r--r--src/leap/bitmask/core/web/_auth.py3
2 files changed, 3 insertions, 4 deletions
diff --git a/docs/core/index.rst b/docs/core/index.rst
index 84ac8fb4..d03dd727 100644
--- a/docs/core/index.rst
+++ b/docs/core/index.rst
@@ -48,7 +48,7 @@ provider fails (or with no network connectivity), the backend **should** signal
the error but equally return a local authentication token (this is not
implemented yet, but needs to be done to support an offline mode of operation).
-To authenticate any request to the API, the ``Authentication`` header has to be
+To authenticate any request to the API, the ``Authorization`` header has to be
added to it. You need to pass a ``Token`` field, with a value equal to the
concatenation of the username and the local session token , base64-encoded::
@@ -60,7 +60,7 @@ concatenation of the username and the local session token , base64-encoded::
>>> base64.b64encode('user@provider.org:52dac27fcf633b1dba58')
'dXNlckBwcm92aWRlci5vcmc6NTJkYWMyN2ZjZjYzM2IxZGJhNTg='
- $ curl -X POST localhost:7070/API/core/stop -H 'Authentication: Token dXNlckBwcm92aWRlci5vcmc6NTJkYWMyN2ZjZjYzM2IxZGJhNTg='
+ $ curl -X POST localhost:7070/API/core/stop -H 'Authorization: Token dXNlckBwcm92aWRlci5vcmc6NTJkYWMyN2ZjZjYzM2IxZGJhNTg='
$ {'shutdown': 'ok'}
diff --git a/src/leap/bitmask/core/web/_auth.py b/src/leap/bitmask/core/web/_auth.py
index 3eb4fa13..2747fae8 100644
--- a/src/leap/bitmask/core/web/_auth.py
+++ b/src/leap/bitmask/core/web/_auth.py
@@ -51,8 +51,7 @@ def protectedResourceFactory(resource, session_tokens, whitelist):
@implementer(checkers.ICredentialsChecker)
class TokenDictChecker:
- credentialInterfaces = (credentials.IUsernamePassword,
- credentials.IUsernameHashedPassword)
+ credentialInterfaces = (credentials.IUsernamePassword,)
def __init__(self, tokens):
self.tokens = tokens