From d74a4c3840c95e5879c89ec9d1f6d48ab54b0f55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= <chiiph@leap.se>
Date: Tue, 1 Oct 2013 14:46:53 -0300
Subject: Use the same exception for all the auth user facing errors

---
 src/leap/bitmask/crypto/srpauth.py | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

(limited to 'src/leap/bitmask/crypto/srpauth.py')

diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index bf85f75c..9c08d353 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -52,13 +52,6 @@ class SRPAuthConnectionError(SRPAuthenticationError):
     pass
 
 
-class SRPAuthUnknownUser(SRPAuthenticationError):
-    """
-    Exception raised when trying to authenticate an unknown user
-    """
-    pass
-
-
 class SRPAuthBadStatusCode(SRPAuthenticationError):
     """
     Exception raised when we received an unknown bad status code
@@ -97,7 +90,7 @@ class SRPAuthJSONDecodeError(SRPAuthenticationError):
     pass
 
 
-class SRPAuthBadPassword(SRPAuthenticationError):
+class SRPAuthBadUserOrPassword(SRPAuthenticationError):
     """
     Exception raised when the user provided a bad password to auth.
     """
@@ -219,7 +212,6 @@ class SRPAuth(QtCore.QObject):
             Might raise all SRPAuthenticationError based:
               SRPAuthenticationError
               SRPAuthConnectionError
-              SRPAuthUnknownUser
               SRPAuthBadStatusCode
               SRPAuthNoSalt
               SRPAuthNoB
@@ -266,7 +258,7 @@ class SRPAuth(QtCore.QObject):
                              "Status code = %r. Content: %r" %
                              (init_session.status_code, content))
                 if init_session.status_code == 422:
-                    raise SRPAuthUnknownUser(self._WRONG_USER_PASS)
+                    raise SRPAuthBadUserOrPassword(self._WRONG_USER_PASS)
 
                 raise SRPAuthBadStatusCode(self.tr("There was a problem with"
                                                    " authentication"))
@@ -296,7 +288,7 @@ class SRPAuth(QtCore.QObject):
               SRPAuthBadDataFromServer
               SRPAuthConnectionError
               SRPAuthJSONDecodeError
-              SRPAuthBadPassword
+              SRPAuthBadUserOrPassword
 
             :param salt_B: salt and B parameters for the username
             :type salt_B: tuple
@@ -355,7 +347,7 @@ class SRPAuth(QtCore.QObject):
                                  "received: %s", (content,))
                 logger.error("[%s] Wrong password (HAMK): [%s]" %
                              (auth_result.status_code, error))
-                raise SRPAuthBadPassword(self._WRONG_USER_PASS)
+                raise SRPAuthBadUserOrPassword(self._WRONG_USER_PASS)
 
             if auth_result.status_code not in (200,):
                 logger.error("No valid response (HAMK): "
@@ -452,7 +444,7 @@ class SRPAuth(QtCore.QObject):
             It requires to be authenticated.
 
             Might raise:
-                SRPAuthBadPassword
+                SRPAuthBadUserOrPassword
                 requests.exceptions.HTTPError
 
             :param current_password: the current password for the logged user.
@@ -463,7 +455,7 @@ class SRPAuth(QtCore.QObject):
             leap_assert(self.get_uid() is not None)
 
             if current_password != self._password:
-                raise SRPAuthBadPassword
+                raise SRPAuthBadUserOrPassword
 
             url = "%s/%s/users/%s.json" % (
                 self._provider_config.get_api_uri(),
-- 
cgit v1.2.3


From 5b2220bc0177f12c81a3dbb1ebffd3cdae8b350d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= <chiiph@leap.se>
Date: Wed, 2 Oct 2013 11:57:57 -0300
Subject: Use token header also for authenticated requests

---
 src/leap/bitmask/crypto/srpauth.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/leap/bitmask/crypto/srpauth.py')

diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index 9c08d353..90d9ea0a 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -129,6 +129,7 @@ class SRPAuth(QtCore.QObject):
         SESSION_ID_KEY = "_session_id"
         USER_VERIFIER_KEY = 'user[password_verifier]'
         USER_SALT_KEY = 'user[password_salt]'
+        AUTHORIZATION_KEY = "Authorization"
 
         def __init__(self, provider_config):
             """
@@ -466,6 +467,10 @@ class SRPAuth(QtCore.QObject):
                 self._username, new_password, self._hashfun, self._ng)
 
             cookies = {self.SESSION_ID_KEY: self.get_session_id()}
+            headers = {
+                self.AUTHORIZATION_KEY:
+                "Token token={0}".format(self.get_token())
+            }
             user_data = {
                 self.USER_VERIFIER_KEY: binascii.hexlify(verifier),
                 self.USER_SALT_KEY: binascii.hexlify(salt)
@@ -475,7 +480,8 @@ class SRPAuth(QtCore.QObject):
                 url, data=user_data,
                 verify=self._provider_config.get_ca_cert_path(),
                 cookies=cookies,
-                timeout=REQUEST_TIMEOUT)
+                timeout=REQUEST_TIMEOUT,
+                headers=headers)
 
             # In case of non 2xx it raises HTTPError
             change_password.raise_for_status()
-- 
cgit v1.2.3


From 5e418935bdc5c64bc1cef8d5f440dc79cc6e2892 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= <chiiph@leap.se>
Date: Thu, 3 Oct 2013 13:45:11 -0300
Subject: Update provider_config in SRPAuth initialization

---
 src/leap/bitmask/crypto/srpauth.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/leap/bitmask/crypto/srpauth.py')

diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index 90d9ea0a..42262610 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -603,6 +603,13 @@ class SRPAuth(QtCore.QObject):
         # Store instance reference as the only member in the handle
         self.__dict__['_SRPAuth__instance'] = SRPAuth.__instance
 
+        # Generally, we initialize this with a provider_config once,
+        # and after that initialize it without one and use the one
+        # that was assigned before. But we need to update it if we
+        # want to be able to logout and login into another provider.
+        if provider_config is not None:
+            SRPAuth.__instance._provider_config = provider_config
+
     def authenticate(self, username, password):
         """
         Executes the whole authentication process for a user
-- 
cgit v1.2.3


From b6d7ffdb354ad4727f6a4dd158d439a2e768d68c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= <chiiph@leap.se>
Date: Thu, 3 Oct 2013 14:32:47 -0300
Subject: Reset the session on every login attempt

---
 src/leap/bitmask/crypto/srpauth.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/leap/bitmask/crypto/srpauth.py')

diff --git a/src/leap/bitmask/crypto/srpauth.py b/src/leap/bitmask/crypto/srpauth.py
index 42262610..cbff4b49 100644
--- a/src/leap/bitmask/crypto/srpauth.py
+++ b/src/leap/bitmask/crypto/srpauth.py
@@ -508,6 +508,8 @@ class SRPAuth(QtCore.QObject):
             self._username = username
             self._password = password
 
+            self._session = self._fetcher.session()
+
             d = threads.deferToThread(self._authentication_preprocessing,
                                       username=username,
                                       password=password)
-- 
cgit v1.2.3