[bug] authenticate logout calls to api

logout calls were not being authenticated, so we were receiving 401 return code.
author: Kali Kaneko <kali@leap.se> 2015-09-16 16:07:57 -0400
committer: Kali Kaneko <kali@leap.se> 2015-09-16 16:07:57 -0400
commit: 961d9e6a1c7a5041d5b019581dbf08f16f29ea53 (patch)
tree: 115b1a218059507513135c2b8377c352a0884e34
parent: d77fef90375711883afb16781bcae88c65944b0c (diff)
2 files changed, 17 insertions, 6 deletions
diff --git a/changes/bug-fix-logout-auth b/changes/bug-fix-logout-auth
new file mode 100644
index 00000000..0dc09c02
--- /dev/null
+++ b/changes/bug-fix-logout-auth
@@ -0,0 +1 @@
+- Authenticate properly logout calls to API.
diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index 452bfa66..97a4e958 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -552,12 +552,19 @@ class SRPAuthImpl(object):
                                     self._provider_config.
                                     get_api_version(),
                                     "logout")
+        cookies = {self.SESSION_ID_KEY: self.get_session_id()}
+        headers = {
+            self.AUTHORIZATION_KEY:
+            "Token token={0}".format(self.get_token())
+        }
         try:
-            self._session.delete(logout_url,
-                                 data=self.get_session_id(),
-                                 verify=self._provider_config.
-                                 get_ca_cert_path(),
-                                 timeout=REQUEST_TIMEOUT)
+            res = self._session.delete(
+                logout_url,
+                cookies=cookies,
+                headers=headers,
+                verify=self._provider_config.
+                get_ca_cert_path(),
+                timeout=REQUEST_TIMEOUT)
         except Exception as e:
             logger.warning("Something went wrong with the logout: %r" %
                            (e,))
@@ -568,7 +575,10 @@ class SRPAuthImpl(object):
             self.set_token(None)
             # Also reset the session
             self._session = self._fetcher.session()
-            logger.debug("Successfully logged out.")
+            if res.status_code == 204:
+                logger.debug("Successfully logged out.")
+            else:
+                logger.debug("Logout status code: %s" % res.status_code)
 
     def set_session_id(self, session_id):
         with self._session_id_lock:
author	Kali Kaneko <kali@leap.se>	2015-09-16 16:07:57 -0400
committer	Kali Kaneko <kali@leap.se>	2015-09-16 16:07:57 -0400
commit	961d9e6a1c7a5041d5b019581dbf08f16f29ea53 (patch)
tree	115b1a218059507513135c2b8377c352a0884e34
parent	d77fef90375711883afb16781bcae88c65944b0c (diff)