summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/bitmask/crypto')
-rw-r--r--src/leap/bitmask/crypto/srpauth.py37
-rw-r--r--src/leap/bitmask/crypto/tests/test_srpauth.py11
2 files changed, 26 insertions, 22 deletions
diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index bf85f75c..cbff4b49 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -52,13 +52,6 @@ class SRPAuthConnectionError(SRPAuthenticationError):
pass
-class SRPAuthUnknownUser(SRPAuthenticationError):
- """
- Exception raised when trying to authenticate an unknown user
- """
- pass
-
-
class SRPAuthBadStatusCode(SRPAuthenticationError):
"""
Exception raised when we received an unknown bad status code
@@ -97,7 +90,7 @@ class SRPAuthJSONDecodeError(SRPAuthenticationError):
pass
-class SRPAuthBadPassword(SRPAuthenticationError):
+class SRPAuthBadUserOrPassword(SRPAuthenticationError):
"""
Exception raised when the user provided a bad password to auth.
"""
@@ -136,6 +129,7 @@ class SRPAuth(QtCore.QObject):
SESSION_ID_KEY = "_session_id"
USER_VERIFIER_KEY = 'user[password_verifier]'
USER_SALT_KEY = 'user[password_salt]'
+ AUTHORIZATION_KEY = "Authorization"
def __init__(self, provider_config):
"""
@@ -219,7 +213,6 @@ class SRPAuth(QtCore.QObject):
Might raise all SRPAuthenticationError based:
SRPAuthenticationError
SRPAuthConnectionError
- SRPAuthUnknownUser
SRPAuthBadStatusCode
SRPAuthNoSalt
SRPAuthNoB
@@ -266,7 +259,7 @@ class SRPAuth(QtCore.QObject):
"Status code = %r. Content: %r" %
(init_session.status_code, content))
if init_session.status_code == 422:
- raise SRPAuthUnknownUser(self._WRONG_USER_PASS)
+ raise SRPAuthBadUserOrPassword(self._WRONG_USER_PASS)
raise SRPAuthBadStatusCode(self.tr("There was a problem with"
" authentication"))
@@ -296,7 +289,7 @@ class SRPAuth(QtCore.QObject):
SRPAuthBadDataFromServer
SRPAuthConnectionError
SRPAuthJSONDecodeError
- SRPAuthBadPassword
+ SRPAuthBadUserOrPassword
:param salt_B: salt and B parameters for the username
:type salt_B: tuple
@@ -355,7 +348,7 @@ class SRPAuth(QtCore.QObject):
"received: %s", (content,))
logger.error("[%s] Wrong password (HAMK): [%s]" %
(auth_result.status_code, error))
- raise SRPAuthBadPassword(self._WRONG_USER_PASS)
+ raise SRPAuthBadUserOrPassword(self._WRONG_USER_PASS)
if auth_result.status_code not in (200,):
logger.error("No valid response (HAMK): "
@@ -452,7 +445,7 @@ class SRPAuth(QtCore.QObject):
It requires to be authenticated.
Might raise:
- SRPAuthBadPassword
+ SRPAuthBadUserOrPassword
requests.exceptions.HTTPError
:param current_password: the current password for the logged user.
@@ -463,7 +456,7 @@ class SRPAuth(QtCore.QObject):
leap_assert(self.get_uid() is not None)
if current_password != self._password:
- raise SRPAuthBadPassword
+ raise SRPAuthBadUserOrPassword
url = "%s/%s/users/%s.json" % (
self._provider_config.get_api_uri(),
@@ -474,6 +467,10 @@ class SRPAuth(QtCore.QObject):
self._username, new_password, self._hashfun, self._ng)
cookies = {self.SESSION_ID_KEY: self.get_session_id()}
+ headers = {
+ self.AUTHORIZATION_KEY:
+ "Token token={0}".format(self.get_token())
+ }
user_data = {
self.USER_VERIFIER_KEY: binascii.hexlify(verifier),
self.USER_SALT_KEY: binascii.hexlify(salt)
@@ -483,7 +480,8 @@ class SRPAuth(QtCore.QObject):
url, data=user_data,
verify=self._provider_config.get_ca_cert_path(),
cookies=cookies,
- timeout=REQUEST_TIMEOUT)
+ timeout=REQUEST_TIMEOUT,
+ headers=headers)
# In case of non 2xx it raises HTTPError
change_password.raise_for_status()
@@ -510,6 +508,8 @@ class SRPAuth(QtCore.QObject):
self._username = username
self._password = password
+ self._session = self._fetcher.session()
+
d = threads.deferToThread(self._authentication_preprocessing,
username=username,
password=password)
@@ -605,6 +605,13 @@ class SRPAuth(QtCore.QObject):
# Store instance reference as the only member in the handle
self.__dict__['_SRPAuth__instance'] = SRPAuth.__instance
+ # Generally, we initialize this with a provider_config once,
+ # and after that initialize it without one and use the one
+ # that was assigned before. But we need to update it if we
+ # want to be able to logout and login into another provider.
+ if provider_config is not None:
+ SRPAuth.__instance._provider_config = provider_config
+
def authenticate(self, username, password):
"""
Executes the whole authentication process for a user
diff --git a/src/leap/bitmask/crypto/tests/test_srpauth.py b/src/leap/bitmask/crypto/tests/test_srpauth.py
index 6fb2b739..e63c1385 100644
--- a/src/leap/bitmask/crypto/tests/test_srpauth.py
+++ b/src/leap/bitmask/crypto/tests/test_srpauth.py
@@ -246,7 +246,7 @@ class SRPAuthTestCase(unittest.TestCase):
d = self._prepare_auth_test(422)
def wrapper(_):
- with self.assertRaises(srpauth.SRPAuthUnknownUser):
+ with self.assertRaises(srpauth.SRPAuthBadUserOrPassword):
with mock.patch(
'leap.bitmask.util.request_helpers.get_content',
new=mock.create_autospec(get_content)) as content:
@@ -425,7 +425,7 @@ class SRPAuthTestCase(unittest.TestCase):
new=mock.create_autospec(get_content)) as \
content:
content.return_value = ("", 0)
- with self.assertRaises(srpauth.SRPAuthBadPassword):
+ with self.assertRaises(srpauth.SRPAuthBadUserOrPassword):
self.auth_backend._process_challenge(
salt_B,
username=self.TEST_USER)
@@ -449,7 +449,7 @@ class SRPAuthTestCase(unittest.TestCase):
new=mock.create_autospec(get_content)) as \
content:
content.return_value = ("[]", 0)
- with self.assertRaises(srpauth.SRPAuthBadPassword):
+ with self.assertRaises(srpauth.SRPAuthBadUserOrPassword):
self.auth_backend._process_challenge(
salt_B,
username=self.TEST_USER)
@@ -680,10 +680,7 @@ class SRPAuthTestCase(unittest.TestCase):
self.auth_backend._session.delete,
side_effect=Exception())
- def wrapper(*args):
- self.auth_backend.logout()
-
- d = threads.deferToThread(wrapper)
+ d = threads.deferToThread(self.auth.logout)
return d
@deferred()