From dff4c53be63e5412fe4a8e69d26bf45bd949ec71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= Date: Fri, 5 Sep 2014 15:37:07 -0300 Subject: Send the token when querying the EIP cert --- changes/bug_use_token_for_eip | 1 + src/leap/bitmask/crypto/certs.py | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 changes/bug_use_token_for_eip diff --git a/changes/bug_use_token_for_eip b/changes/bug_use_token_for_eip new file mode 100644 index 00000000..b10368ad --- /dev/null +++ b/changes/bug_use_token_for_eip @@ -0,0 +1 @@ +- Properly send the token for querying the EIP certificate. Fixes #6060. \ No newline at end of file diff --git a/src/leap/bitmask/crypto/certs.py b/src/leap/bitmask/crypto/certs.py index 244decfd..c3ca4efb 100644 --- a/src/leap/bitmask/crypto/certs.py +++ b/src/leap/bitmask/crypto/certs.py @@ -46,19 +46,27 @@ def download_client_cert(provider_config, path, session): # again. srp_auth = SRPAuth(provider_config) session_id = srp_auth.get_session_id() + token = srp_auth.get_token() cookies = None - if session_id: + if session_id is not None: cookies = {"_session_id": session_id} cert_uri = "%s/%s/cert" % ( provider_config.get_api_uri(), provider_config.get_api_version()) logger.debug('getting cert from uri: %s' % cert_uri) + headers = {} + + # API v2 will only support token auth, but in v1 we can send both + if token is not None: + headers["Authorization"] = 'Token token="{0}"'.format(token) + res = session.get(cert_uri, verify=provider_config .get_ca_cert_path(), cookies=cookies, - timeout=REQUEST_TIMEOUT) + timeout=REQUEST_TIMEOUT, + headers=headers) res.raise_for_status() client_cert = res.content -- cgit v1.2.3