diff options
| -rw-r--r-- | changes/feature_use_token | 1 | ||||
| -rw-r--r-- | src/leap/bitmask/crypto/srpauth.py | 8 | ||||
| -rw-r--r-- | src/leap/bitmask/services/__init__.py | 7 | 
3 files changed, 14 insertions, 2 deletions
| diff --git a/changes/feature_use_token b/changes/feature_use_token new file mode 100644 index 00000000..b412cc2d --- /dev/null +++ b/changes/feature_use_token @@ -0,0 +1 @@ +  o Use token header for authenticated requests. Closes #3910.
\ No newline at end of file diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py index 9c08d353..90d9ea0a 100644 --- a/src/leap/bitmask/crypto/srpauth.py +++ b/src/leap/bitmask/crypto/srpauth.py @@ -129,6 +129,7 @@ class SRPAuth(QtCore.QObject):          SESSION_ID_KEY = "_session_id"          USER_VERIFIER_KEY = 'user[password_verifier]'          USER_SALT_KEY = 'user[password_salt]' +        AUTHORIZATION_KEY = "Authorization"          def __init__(self, provider_config):              """ @@ -466,6 +467,10 @@ class SRPAuth(QtCore.QObject):                  self._username, new_password, self._hashfun, self._ng)              cookies = {self.SESSION_ID_KEY: self.get_session_id()} +            headers = { +                self.AUTHORIZATION_KEY: +                "Token token={0}".format(self.get_token()) +            }              user_data = {                  self.USER_VERIFIER_KEY: binascii.hexlify(verifier),                  self.USER_SALT_KEY: binascii.hexlify(salt) @@ -475,7 +480,8 @@ class SRPAuth(QtCore.QObject):                  url, data=user_data,                  verify=self._provider_config.get_ca_cert_path(),                  cookies=cookies, -                timeout=REQUEST_TIMEOUT) +                timeout=REQUEST_TIMEOUT, +                headers=headers)              # In case of non 2xx it raises HTTPError              change_password.raise_for_status() diff --git a/src/leap/bitmask/services/__init__.py b/src/leap/bitmask/services/__init__.py index 0d74e0e2..e19b82b9 100644 --- a/src/leap/bitmask/services/__init__.py +++ b/src/leap/bitmask/services/__init__.py @@ -127,10 +127,15 @@ def download_service_config(provider_config, service_config,      # XXX make and use @with_srp_auth decorator      srp_auth = SRPAuth(provider_config)      session_id = srp_auth.get_session_id() +    token = srp_auth.get_token()      cookies = None -    if session_id: +    if session_id is not None:          cookies = {"_session_id": session_id} +    # API v2 will only support token auth, but in v1 we can send both +    if token is not None: +        headers["Authorization"] = 'Token token="{0}"'.format(token) +      res = session.get(config_uri,                        verify=provider_config.get_ca_cert_path(),                        headers=headers, | 
