From b3e9efc82a04cd0f896b38dbe155a4191db393e5 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 23 Jan 2018 01:18:46 +0100 Subject: [bug] do not fail if the provider does not allow anonymous vpn Since bonafide was not catching the error 401, an attempt to bootstrap a provider that does not support anonvpn with the new setup was resulting in a json that was containing only an error message. this was producing an error when trying to access the configuration for that provider's EIP section. we now avoid writing a json config file if an error 401 is found, and also catch the exception for a ValueError when the EIP section is not found in the provider's configuration. --- src/leap/bitmask/bonafide/_http.py | 8 +++++++- src/leap/bitmask/vpn/autostart.py | 2 +- src/leap/bitmask/vpn/service.py | 10 ++++++++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/leap/bitmask/bonafide/_http.py b/src/leap/bitmask/bonafide/_http.py index a1120ab7..8121a336 100644 --- a/src/leap/bitmask/bonafide/_http.py +++ b/src/leap/bitmask/bonafide/_http.py @@ -51,6 +51,10 @@ class Unchanged(Exception): pass +class Forbidden(Exception): + pass + + # TODO this should be ported to use treq client. def httpRequest(agent, url, values=None, headers=None, @@ -83,6 +87,8 @@ def httpRequest(agent, url, values=None, headers=None, log.debug("RESPONSE %s %s %s" % (method, response.code, url)) if response.code == 204: d = defer.succeed('') + elif response.code == 401: + raise Forbidden() if saveto and mtime and response.code == 304: log.debug('304 (Not modified): %s' % url) raise Unchanged() @@ -104,7 +110,7 @@ def httpRequest(agent, url, values=None, headers=None, return d def passthru(failure): - failure.trap(Unchanged) + failure.trap(Unchanged, Forbidden) d = agent.request(method, url, Headers(headers), StringProducer(data) if data else None) diff --git a/src/leap/bitmask/vpn/autostart.py b/src/leap/bitmask/vpn/autostart.py index 858ea4ab..0572e9d5 100644 --- a/src/leap/bitmask/vpn/autostart.py +++ b/src/leap/bitmask/vpn/autostart.py @@ -20,7 +20,7 @@ Terminal=false Leave an autostart file in the user's autostart path. The bundle could in principle find its own path and add - the path to the bitmaskd binary in the Exec entry. + the path to the bitmaskd binary in the Exec entry. But for now it's simpler to do autostart only for the debian packages or any other method that puts bitmask in the path. On the other hand, we want to reduce the modifications that the bundle diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py index 6d273e23..9faedd95 100644 --- a/src/leap/bitmask/vpn/service.py +++ b/src/leap/bitmask/vpn/service.py @@ -315,7 +315,13 @@ class VPNService(HookableService): yield bonafide.do_provider_create(provider_id) provider = yield bonafide.do_provider_read(provider_id) - config = yield bonafide.do_provider_read(provider_id, 'eip') + try: + config = yield bonafide.do_provider_read(provider_id, 'eip') + except ValueError: + exc = Exception('Cannot find EIP section for provider %s. ' + 'Is it fully bootstrapped?' % provider_id) + exc.expected = True + raise exc sorted_gateways = self._get_gateways(config) extra_flags = config.openvpn_configuration @@ -324,7 +330,7 @@ class VPNService(HookableService): anonvpn = self._has_anonvpn(provider) ready = self.do_check(provider_id).get('vpn_ready', False) - if not ready: + if not ready and anonvpn: yield self._maybe_get_anon_cert(anonvpn, provider_id) if not os.path.isfile(ca_path): -- cgit v1.2.3