summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug_use_token_for_eip1
-rw-r--r--src/leap/bitmask/crypto/certs.py12
2 files changed, 11 insertions, 2 deletions
diff --git a/changes/bug_use_token_for_eip b/changes/bug_use_token_for_eip
new file mode 100644
index 00000000..b10368ad
--- /dev/null
+++ b/changes/bug_use_token_for_eip
@@ -0,0 +1 @@
+- Properly send the token for querying the EIP certificate. Fixes #6060. \ No newline at end of file
diff --git a/src/leap/bitmask/crypto/certs.py b/src/leap/bitmask/crypto/certs.py
index 244decfd..c3ca4efb 100644
--- a/src/leap/bitmask/crypto/certs.py
+++ b/src/leap/bitmask/crypto/certs.py
@@ -46,19 +46,27 @@ def download_client_cert(provider_config, path, session):
# again.
srp_auth = SRPAuth(provider_config)
session_id = srp_auth.get_session_id()
+ token = srp_auth.get_token()
cookies = None
- if session_id:
+ if session_id is not None:
cookies = {"_session_id": session_id}
cert_uri = "%s/%s/cert" % (
provider_config.get_api_uri(),
provider_config.get_api_version())
logger.debug('getting cert from uri: %s' % cert_uri)
+ headers = {}
+
+ # API v2 will only support token auth, but in v1 we can send both
+ if token is not None:
+ headers["Authorization"] = 'Token token="{0}"'.format(token)
+
res = session.get(cert_uri,
verify=provider_config
.get_ca_cert_path(),
cookies=cookies,
- timeout=REQUEST_TIMEOUT)
+ timeout=REQUEST_TIMEOUT,
+ headers=headers)
res.raise_for_status()
client_cert = res.content