From 6d73e628d47c65792a89c2cf2d4b9bf9b34901e0 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Fri, 4 Sep 2015 02:18:51 -0400 Subject: smtp certs [WIP] --- src/leap/bonafide/_decorators.py | 2 +- src/leap/bonafide/_http.py | 6 +++++- src/leap/bonafide/provider.py | 5 +++++ src/leap/bonafide/session.py | 30 +++++++++++++++++++++++------- 4 files changed, 34 insertions(+), 9 deletions(-) diff --git a/src/leap/bonafide/_decorators.py b/src/leap/bonafide/_decorators.py index cfd6ec0..6b43715 100644 --- a/src/leap/bonafide/_decorators.py +++ b/src/leap/bonafide/_decorators.py @@ -19,7 +19,7 @@ Decorators used in bonafide. """ -def needs_authentication(func): +def auth_required(func): """ Decorate a method so that it will not be called if the instance attribute `is_authenticated` does not evaluate to True. diff --git a/src/leap/bonafide/_http.py b/src/leap/bonafide/_http.py index 6510e84..39aabab 100644 --- a/src/leap/bonafide/_http.py +++ b/src/leap/bonafide/_http.py @@ -18,6 +18,7 @@ """ twisted.web utils for bonafide. """ +import base64 import cookielib import urllib @@ -39,12 +40,15 @@ def cookieAgentFactory(verify_path, connectTimeout=30): return CookieAgent(agent, cookiejar) -def httpRequest(agent, url, values={}, headers={}, method='POST'): +def httpRequest(agent, url, values={}, headers={}, method='POST', token=None): data = '' if values: data = urllib.urlencode(values) headers['Content-Type'] = ['application/x-www-form-urlencoded'] + if token: + headers['Authorization'] = ['Token token="%s"' % (bytes(token))] + def handle_response(response): if response.code == 204: d = defer.succeed('') diff --git a/src/leap/bonafide/provider.py b/src/leap/bonafide/provider.py index ca2ea1d..5b13d73 100644 --- a/src/leap/bonafide/provider.py +++ b/src/leap/bonafide/provider.py @@ -21,8 +21,13 @@ LEAP Provider API. class LeapProviderApi(object): # TODO when should the provider-api object be created? + # TODO relate to a Provider object, with autoconf flag. # XXX separate in auth-needing actions? + # doing that in LeapSession right now (with a decorator) + # but probably it would be better if we can just gather that info in just + # one place and decorate the methods programatically. + # XXX version this mapping !!! actions = { diff --git a/src/leap/bonafide/session.py b/src/leap/bonafide/session.py index 85e49e0..198b250 100644 --- a/src/leap/bonafide/session.py +++ b/src/leap/bonafide/session.py @@ -21,7 +21,7 @@ from twisted.internet import defer, reactor from twisted.python import log from leap.bonafide import srp_auth -from leap.bonafide._decorators import needs_authentication +from leap.bonafide._decorators import auth_required from leap.bonafide._http import httpRequest, cookieAgentFactory @@ -57,8 +57,8 @@ class LeapSession(object): log.msg("%s to %s" % (method, uri)) params = self._srp_auth.get_handshake_params(self.username, A) - handshake = yield httpRequest(self._agent, uri, values=params, - method=method) + handshake = yield self._request(self._agent, uri, values=params, + method=method) M = self._srp_auth.process_handshake(srpuser, handshake) uri, method = self._api.get_uri_and_method( @@ -66,26 +66,38 @@ class LeapSession(object): log.msg("%s to %s" % (method, uri)) params = self._srp_auth.get_authentication_params(M, A) - auth = yield httpRequest(self._agent, uri, values=params, - method=method) + auth = yield self._request(self._agent, uri, values=params, + method=method) uuid, token, M2 = self._srp_auth.process_authentication(auth) self._srp_auth.verify_authentication(srpuser, M2) self._uuid = uuid self._token = token - defer.returnValue('[OK] Credentias Authenticated through SRP') + defer.returnValue('[OK] Credentials Authenticated through SRP') - @needs_authentication + @auth_required def logout(self): print "Should logout..." + @auth_required + def get_smtp_cert(self): + # TODO pass it to the provider object so that it can save it in the + # right path. + uri, method = self._api.get_uri_and_method('get_smtp_cert') + print method, "to", uri + return self._request(self._agent, uri, method=method) + @property def is_authenticated(self): if not self._srp_user: return False return self._srp_user.authenticated() + def _request(self, *args, **kw): + kw['token'] = self._token + return httpRequest(*args, **kw) + if __name__ == "__main__": from leap.bonafide import provider @@ -106,10 +118,14 @@ if __name__ == "__main__": def auth_eb(failure): print "[ERROR!]", failure.getErrorMessage() + log.err(failure) d = session.authenticate() d.addCallback(print_result) d.addErrback(auth_eb) + d.addCallback(lambda _: session.get_smtp_cert()) + d.addCallback(print_result) + d.addErrback(auth_eb) d.addCallback(lambda _: session.logout()) d.addBoth(cbShutDown) reactor.run() -- cgit v1.2.3