diff options
author | drebs <drebs@leap.se> | 2017-03-19 09:43:29 +0100 |
---|---|---|
committer | drebs <drebs@leap.se> | 2017-04-04 18:27:35 +0200 |
commit | d81690e48b5a91592c55c12d4aa1a5c4e4b2aad9 (patch) | |
tree | f0df461856c6b5f057f891ae33ae1c34deb7f1ea /client/src/leap/soledad | |
parent | 382371e9080a558df6141623d032b8339f41010d (diff) |
[feat] add token auth to blobs client
Diffstat (limited to 'client/src/leap/soledad')
-rw-r--r-- | client/src/leap/soledad/client/_blobs.py | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py index f76f3e53..97d352bf 100644 --- a/client/src/leap/soledad/client/_blobs.py +++ b/client/src/leap/soledad/client/_blobs.py @@ -28,7 +28,6 @@ import base64 from io import BytesIO from functools import partial - from twisted.logger import Logger from twisted.enterprise import adbapi from twisted.internet import defer @@ -150,12 +149,20 @@ class BlobManager(object): """ - def __init__(self, local_path, remote, key, secret, user): + def __init__(self, local_path, remote, key, secret, user, token): if local_path: self.local = SQLiteBlobBackend(local_path, key) self.remote = remote self.secret = secret self.user = user + self.token = token + + def _auth_header(self): + if not self.token: + return {} + auth = '%s:%s' % (self.user, self.token) + b64_token = base64.b64encode(auth) + return {'Authorization': ['Token %s' % b64_token]} @defer.inlineCallbacks def put(self, doc): @@ -208,7 +215,7 @@ class BlobManager(object): crypter = BlobEncryptor(doc_info, fd, secret=self.secret, armor=False) fd = yield crypter.encrypt() - yield treq.put(uri, data=fd) + yield treq.put(uri, data=fd, headers=self._auth_header()) logger.info("Finished upload: %s" % (blob_id,)) @defer.inlineCallbacks @@ -216,7 +223,7 @@ class BlobManager(object): logger.info("Staring download of blob: %s" % blob_id) # TODO this needs to be connected in a tube uri = self.remote + self.user + '/' + blob_id - data = yield treq.get(uri) + data = yield treq.get(uri, headers=self._auth_header()) if data.code == 404: logger.warn("Blob not found in server: %s" % blob_id) @@ -313,6 +320,12 @@ class BlobDoc(object): # testing facilities # +def auth_header(args): + if args.uuid and args.token: + return + return + + @defer.inlineCallbacks def testit(reactor): # configure logging to stdout @@ -326,6 +339,9 @@ def testit(reactor): parser = argparse.ArgumentParser() parser.add_argument('--url', default='http://localhost:9000/') parser.add_argument('--path', default='/tmp/blobs') + parser.add_argument('--secret', default='secret') + parser.add_argument('--uuid', default='user') + parser.add_argument('--token', default=None) subparsers = parser.add_subparsers(help='sub-command help', dest='action') @@ -362,7 +378,8 @@ def testit(reactor): os.makedirs(args.path) manager = BlobManager( args.path, args.url, - 'A' * 32, 'secret', 'user') + 'A' * 32, args.secret, + args.uuid, args.token) return manager @defer.inlineCallbacks |