From 6d73e628d47c65792a89c2cf2d4b9bf9b34901e0 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Fri, 4 Sep 2015 02:18:51 -0400
Subject: smtp certs [WIP]

---
 src/leap/bonafide/_decorators.py |  2 +-
 src/leap/bonafide/_http.py       |  6 +++++-
 src/leap/bonafide/provider.py    |  5 +++++
 src/leap/bonafide/session.py     | 30 +++++++++++++++++++++++-------
 4 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/src/leap/bonafide/_decorators.py b/src/leap/bonafide/_decorators.py
index cfd6ec0..6b43715 100644
--- a/src/leap/bonafide/_decorators.py
+++ b/src/leap/bonafide/_decorators.py
@@ -19,7 +19,7 @@ Decorators used in bonafide.
 """
 
 
-def needs_authentication(func):
+def auth_required(func):
     """
     Decorate a method so that it will not be called if the instance
     attribute `is_authenticated` does not evaluate to True.
diff --git a/src/leap/bonafide/_http.py b/src/leap/bonafide/_http.py
index 6510e84..39aabab 100644
--- a/src/leap/bonafide/_http.py
+++ b/src/leap/bonafide/_http.py
@@ -18,6 +18,7 @@
 """
 twisted.web utils for bonafide.
 """
+import base64
 import cookielib
 import urllib
 
@@ -39,12 +40,15 @@ def cookieAgentFactory(verify_path, connectTimeout=30):
     return CookieAgent(agent, cookiejar)
 
 
-def httpRequest(agent, url, values={}, headers={}, method='POST'):
+def httpRequest(agent, url, values={}, headers={}, method='POST', token=None):
     data = ''
     if values:
         data = urllib.urlencode(values)
         headers['Content-Type'] = ['application/x-www-form-urlencoded']
 
+    if token:
+        headers['Authorization'] = ['Token token="%s"' % (bytes(token))]
+
     def handle_response(response):
         if response.code == 204:
             d = defer.succeed('')
diff --git a/src/leap/bonafide/provider.py b/src/leap/bonafide/provider.py
index ca2ea1d..5b13d73 100644
--- a/src/leap/bonafide/provider.py
+++ b/src/leap/bonafide/provider.py
@@ -21,8 +21,13 @@ LEAP Provider API.
 
 class LeapProviderApi(object):
     # TODO when should the provider-api object be created?
+    # TODO relate to a Provider object, with autoconf flag.
 
     # XXX separate in auth-needing actions?
+    # doing that in LeapSession right now (with a decorator)
+    # but probably it would be better if we can just gather that info in just
+    # one place and decorate the methods programatically.
+
     # XXX version this mapping !!!
 
     actions = {
diff --git a/src/leap/bonafide/session.py b/src/leap/bonafide/session.py
index 85e49e0..198b250 100644
--- a/src/leap/bonafide/session.py
+++ b/src/leap/bonafide/session.py
@@ -21,7 +21,7 @@ from twisted.internet import defer, reactor
 from twisted.python import log
 
 from leap.bonafide import srp_auth
-from leap.bonafide._decorators import needs_authentication
+from leap.bonafide._decorators import auth_required
 from leap.bonafide._http import httpRequest, cookieAgentFactory
 
 
@@ -57,8 +57,8 @@ class LeapSession(object):
         log.msg("%s to %s" % (method, uri))
         params = self._srp_auth.get_handshake_params(self.username, A)
 
-        handshake = yield httpRequest(self._agent, uri, values=params,
-                                      method=method)
+        handshake = yield self._request(self._agent, uri, values=params,
+                                        method=method)
 
         M = self._srp_auth.process_handshake(srpuser, handshake)
         uri, method = self._api.get_uri_and_method(
@@ -66,26 +66,38 @@ class LeapSession(object):
         log.msg("%s to %s" % (method, uri))
         params = self._srp_auth.get_authentication_params(M, A)
 
-        auth = yield httpRequest(self._agent, uri, values=params,
-                                 method=method)
+        auth = yield self._request(self._agent, uri, values=params,
+                                   method=method)
 
         uuid, token, M2 = self._srp_auth.process_authentication(auth)
         self._srp_auth.verify_authentication(srpuser, M2)
 
         self._uuid = uuid
         self._token = token
-        defer.returnValue('[OK] Credentias Authenticated through SRP')
+        defer.returnValue('[OK] Credentials Authenticated through SRP')
 
-    @needs_authentication
+    @auth_required
     def logout(self):
         print "Should logout..."
 
+    @auth_required
+    def get_smtp_cert(self):
+        # TODO pass it to the provider object so that it can save it in the
+        # right path.
+        uri, method = self._api.get_uri_and_method('get_smtp_cert')
+        print method, "to", uri
+        return self._request(self._agent, uri, method=method)
+
     @property
     def is_authenticated(self):
         if not self._srp_user:
             return False
         return self._srp_user.authenticated()
 
+    def _request(self, *args, **kw):
+        kw['token'] = self._token
+        return httpRequest(*args, **kw)
+
 
 if __name__ == "__main__":
     from leap.bonafide import provider
@@ -106,10 +118,14 @@ if __name__ == "__main__":
 
     def auth_eb(failure):
         print "[ERROR!]", failure.getErrorMessage()
+        log.err(failure)
 
     d = session.authenticate()
     d.addCallback(print_result)
     d.addErrback(auth_eb)
+    d.addCallback(lambda _: session.get_smtp_cert())
+    d.addCallback(print_result)
+    d.addErrback(auth_eb)
     d.addCallback(lambda _: session.logout())
     d.addBoth(cbShutDown)
     reactor.run()
-- 
cgit v1.2.3