diff options
-rw-r--r-- | changes/bug-fix-logout-auth | 1 | ||||
-rw-r--r-- | src/leap/bitmask/crypto/srpauth.py | 22 |
2 files changed, 17 insertions, 6 deletions
diff --git a/changes/bug-fix-logout-auth b/changes/bug-fix-logout-auth new file mode 100644 index 00000000..0dc09c02 --- /dev/null +++ b/changes/bug-fix-logout-auth @@ -0,0 +1 @@ +- Authenticate properly logout calls to API. diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py index 452bfa66..97a4e958 100644 --- a/src/leap/bitmask/crypto/srpauth.py +++ b/src/leap/bitmask/crypto/srpauth.py @@ -552,12 +552,19 @@ class SRPAuthImpl(object): self._provider_config. get_api_version(), "logout") + cookies = {self.SESSION_ID_KEY: self.get_session_id()} + headers = { + self.AUTHORIZATION_KEY: + "Token token={0}".format(self.get_token()) + } try: - self._session.delete(logout_url, - data=self.get_session_id(), - verify=self._provider_config. - get_ca_cert_path(), - timeout=REQUEST_TIMEOUT) + res = self._session.delete( + logout_url, + cookies=cookies, + headers=headers, + verify=self._provider_config. + get_ca_cert_path(), + timeout=REQUEST_TIMEOUT) except Exception as e: logger.warning("Something went wrong with the logout: %r" % (e,)) @@ -568,7 +575,10 @@ class SRPAuthImpl(object): self.set_token(None) # Also reset the session self._session = self._fetcher.session() - logger.debug("Successfully logged out.") + if res.status_code == 204: + logger.debug("Successfully logged out.") + else: + logger.debug("Logout status code: %s" % res.status_code) def set_session_id(self, session_id): with self._session_id_lock: |