summaryrefslogtreecommitdiff
path: root/client/src/leap
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2017-03-19 09:43:29 +0100
committerdrebs <drebs@leap.se>2017-04-04 18:27:35 +0200
commitd81690e48b5a91592c55c12d4aa1a5c4e4b2aad9 (patch)
treef0df461856c6b5f057f891ae33ae1c34deb7f1ea /client/src/leap
parent382371e9080a558df6141623d032b8339f41010d (diff)
[feat] add token auth to blobs client
Diffstat (limited to 'client/src/leap')
-rw-r--r--client/src/leap/soledad/client/_blobs.py27
1 files changed, 22 insertions, 5 deletions
diff --git a/client/src/leap/soledad/client/_blobs.py b/client/src/leap/soledad/client/_blobs.py
index f76f3e53..97d352bf 100644
--- a/client/src/leap/soledad/client/_blobs.py
+++ b/client/src/leap/soledad/client/_blobs.py
@@ -28,7 +28,6 @@ import base64
from io import BytesIO
from functools import partial
-
from twisted.logger import Logger
from twisted.enterprise import adbapi
from twisted.internet import defer
@@ -150,12 +149,20 @@ class BlobManager(object):
"""
- def __init__(self, local_path, remote, key, secret, user):
+ def __init__(self, local_path, remote, key, secret, user, token):
if local_path:
self.local = SQLiteBlobBackend(local_path, key)
self.remote = remote
self.secret = secret
self.user = user
+ self.token = token
+
+ def _auth_header(self):
+ if not self.token:
+ return {}
+ auth = '%s:%s' % (self.user, self.token)
+ b64_token = base64.b64encode(auth)
+ return {'Authorization': ['Token %s' % b64_token]}
@defer.inlineCallbacks
def put(self, doc):
@@ -208,7 +215,7 @@ class BlobManager(object):
crypter = BlobEncryptor(doc_info, fd, secret=self.secret,
armor=False)
fd = yield crypter.encrypt()
- yield treq.put(uri, data=fd)
+ yield treq.put(uri, data=fd, headers=self._auth_header())
logger.info("Finished upload: %s" % (blob_id,))
@defer.inlineCallbacks
@@ -216,7 +223,7 @@ class BlobManager(object):
logger.info("Staring download of blob: %s" % blob_id)
# TODO this needs to be connected in a tube
uri = self.remote + self.user + '/' + blob_id
- data = yield treq.get(uri)
+ data = yield treq.get(uri, headers=self._auth_header())
if data.code == 404:
logger.warn("Blob not found in server: %s" % blob_id)
@@ -313,6 +320,12 @@ class BlobDoc(object):
# testing facilities
#
+def auth_header(args):
+ if args.uuid and args.token:
+ return
+ return
+
+
@defer.inlineCallbacks
def testit(reactor):
# configure logging to stdout
@@ -326,6 +339,9 @@ def testit(reactor):
parser = argparse.ArgumentParser()
parser.add_argument('--url', default='http://localhost:9000/')
parser.add_argument('--path', default='/tmp/blobs')
+ parser.add_argument('--secret', default='secret')
+ parser.add_argument('--uuid', default='user')
+ parser.add_argument('--token', default=None)
subparsers = parser.add_subparsers(help='sub-command help', dest='action')
@@ -362,7 +378,8 @@ def testit(reactor):
os.makedirs(args.path)
manager = BlobManager(
args.path, args.url,
- 'A' * 32, 'secret', 'user')
+ 'A' * 32, args.secret,
+ args.uuid, args.token)
return manager
@defer.inlineCallbacks