summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/VERSION_COMPAT1
-rw-r--r--changes/feature_use_token1
-rw-r--r--pkg/requirements.pip1
-rw-r--r--src/leap/bitmask/crypto/srpauth.py8
-rw-r--r--src/leap/bitmask/services/__init__.py7
5 files changed, 15 insertions, 3 deletions
diff --git a/changes/VERSION_COMPAT b/changes/VERSION_COMPAT
index 425478c8..ac2d2e73 100644
--- a/changes/VERSION_COMPAT
+++ b/changes/VERSION_COMPAT
@@ -9,3 +9,4 @@
# BEGIN DEPENDENCY LIST -------------------------
# leap.foo.bar>=x.y.z
leap.common >= 0.3.4 # because the ca_bundle
+leap.keymanager >= 0.3.3 # because the gnupg dep
diff --git a/changes/feature_use_token b/changes/feature_use_token
new file mode 100644
index 00000000..b412cc2d
--- /dev/null
+++ b/changes/feature_use_token
@@ -0,0 +1 @@
+ o Use token header for authenticated requests. Closes #3910. \ No newline at end of file
diff --git a/pkg/requirements.pip b/pkg/requirements.pip
index 154e51b4..269a4646 100644
--- a/pkg/requirements.pip
+++ b/pkg/requirements.pip
@@ -14,7 +14,6 @@ psutil
ipaddr
twisted
qt4reactor
-python-gnupg
python-daemon # this should not be needed for Windows.
keyring
diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index 9c08d353..90d9ea0a 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -129,6 +129,7 @@ class SRPAuth(QtCore.QObject):
SESSION_ID_KEY = "_session_id"
USER_VERIFIER_KEY = 'user[password_verifier]'
USER_SALT_KEY = 'user[password_salt]'
+ AUTHORIZATION_KEY = "Authorization"
def __init__(self, provider_config):
"""
@@ -466,6 +467,10 @@ class SRPAuth(QtCore.QObject):
self._username, new_password, self._hashfun, self._ng)
cookies = {self.SESSION_ID_KEY: self.get_session_id()}
+ headers = {
+ self.AUTHORIZATION_KEY:
+ "Token token={0}".format(self.get_token())
+ }
user_data = {
self.USER_VERIFIER_KEY: binascii.hexlify(verifier),
self.USER_SALT_KEY: binascii.hexlify(salt)
@@ -475,7 +480,8 @@ class SRPAuth(QtCore.QObject):
url, data=user_data,
verify=self._provider_config.get_ca_cert_path(),
cookies=cookies,
- timeout=REQUEST_TIMEOUT)
+ timeout=REQUEST_TIMEOUT,
+ headers=headers)
# In case of non 2xx it raises HTTPError
change_password.raise_for_status()
diff --git a/src/leap/bitmask/services/__init__.py b/src/leap/bitmask/services/__init__.py
index 9b32c5ad..f9456159 100644
--- a/src/leap/bitmask/services/__init__.py
+++ b/src/leap/bitmask/services/__init__.py
@@ -126,10 +126,15 @@ def download_service_config(provider_config, service_config,
# XXX make and use @with_srp_auth decorator
srp_auth = SRPAuth(provider_config)
session_id = srp_auth.get_session_id()
+ token = srp_auth.get_token()
cookies = None
- if session_id:
+ if session_id is not None:
cookies = {"_session_id": session_id}
+ # API v2 will only support token auth, but in v1 we can send both
+ if token is not None:
+ headers["Authorization"] = 'Token token="{0}"'.format(token)
+
res = session.get(config_uri,
verify=provider_config.get_ca_cert_path(),
headers=headers,