def fetch_token(auth_url: str) -> Tuple[str, OAuth2Session, str, str]:
"""
Starts the full enrollment procedure.
Once completed, will store api_url, auth_url and profile in storage. Returns config, private key and certifcate,
which you should use to compose a valid VPN configuration and store in NM or in a ovpn file.
"""
# make sure our URL ends with a /
if auth_url[-1] != '/':
auth_url += '/'
_logger.info(f"starting procedure with auth_url {auth_url}")
exists = get_current_metadata(auth_url)
if exists:
_logger.info("token exists, restoring")
token, token_endpoint, auth_endpoint, api_url, display_name, support_contact, profile_id, con_type, country_id, _, _ = exists
oauth = OAuth2Session(client_id=CLIENT_ID,
token=token,
auto_refresh_url=token_endpoint)
api_url, token_endpoint, auth_endpoint = get_info(auth_url)
else:
_logger.info("fetching token")
api_url, token_endpoint, auth_endpoint = get_info(auth_url)
oauth = oauth2.run_challenge(token_endpoint, auth_endpoint)
try:
oauth.refresh_token(token_url=token_endpoint)
except InvalidGrantError as e:
_logger.warning(f"token invalid: {e}")
oauth = oauth2.run_challenge(token_endpoint, auth_endpoint)
return api_url, oauth, token_endpoint, auth_endpoint
def enroll(auth_url, display_name, support_contact, secure_internets,
interactive: bool):
api_url, oauth, token_endpoint, auth_endpoint = actions.fetch_token(
auth_url)
country_code = None
if secure_internets and interactive:
choice = menu.secure_internet_choice(secure_internets)
if choice:
base_url, country_code = choice
api_url, _, _ = get_info(base_url)
if secure_internets:
con_type = ConnectionType.SECURE
else:
con_type = ConnectionType.INSTITUTE
_logger.info(f"using {api_url} as api_url")
profile_id = actions.get_profile(oauth, api_url, interactive=interactive)
config, private_key, certificate = actions.get_config_and_keycert(
oauth, api_url, profile_id)
set_metadata(auth_url, oauth.token, token_endpoint, auth_endpoint, api_url,
display_name, support_contact, profile_id, con_type,
country_code)
set_auth_url(auth_url)
store_configuration(config,
private_key,
certificate,
interactive=interactive)
def refresh():
"""
Refreshes an active configuration. The token is refreshed if expired, and a new token is obtained if the token
is invalid.
"""
uuid, auth_url, metadata = get_storage(check=True)
token, token_endpoint, auth_endpoint, api_url, display_name, support_contact, profile_id, con_type, country_id, _, _ = metadata
oauth = OAuth2Session(client_id=CLIENT_ID,
token=token,
auto_refresh_url=token_endpoint)
try:
token = oauth.refresh_token(token_url=token_endpoint)
except InvalidGrantError as e:
_logger.warning(f"token invalid: {e}")
oauth = oauth2.run_challenge(token_endpoint, auth_endpoint)
api_base_uri, token_endpoint, auth_endpoint = get_info(auth_url)
client = get_client()
try:
cert, key = get_cert_key(client, uuid)
except IOError:
# probably the NM connection was deleted
cert = None
if not cert or not check_certificate(oauth, api_base_uri, cert):
key, cert = create_keypair(oauth, api_base_uri)
config = get_config(oauth, api_base_uri, profile_id)
save_connection_with_mainloop(config, key, cert)
update_token(token)
def main():
logging.basicConfig(level=logging.INFO)
search_term = parse_args()
verifier = make_verifier(Ed25519_PUBLIC_KEY)
if isinstance(search_term,
str) and search_term.lower().startswith('https://'):
base_url = search_term
info_url = base_url
else:
servers = list_servers(SERVER_URI, verifier=verifier)
secure_internet = [
s for s in servers if s['server_type'] == 'secure_internet'
]
institute_access = [
s for s in servers if s['server_type'] == 'institute_access'
]
orgs = list_orgs(ORGANISATION_URI, verifier=verifier)
choice = menu(institutes=institute_access,
orgs=orgs,
search_term=search_term)
if not choice:
exit(1)
type_, base_url = choice
if type_ == 'secure_internet_home':
secure_internets = [
s for s in secure_internet if s['base_url'] == base_url
]
info_url = secure_internet_choice(secure_internets)
else:
info_url = base_url
exists = get_entry(base_url)
if exists:
token, api_base_uri, token_endpoint, authorization_endpoint = exists
oauth = OAuth2Session(client_id=CLIENT_ID,
token=token,
auto_refresh_url=token_endpoint)
else:
api_base_uri, token_endpoint, auth_endpoint = get_info(
info_url, verifier)
oauth = get_oauth(token_endpoint, auth_endpoint)
set_entry(base_url, oauth.token, api_base_uri, token_endpoint,
auth_endpoint)
oauth.refresh_token(token_url=token_endpoint)
profiles = list_profiles(oauth, api_base_uri)
profile_id = profile_choice(profiles)
config = get_config(oauth, api_base_uri, profile_id)
private_key, certificate = create_keypair(oauth, api_base_uri)
if write_to_nm_choice():
save_connection(config, private_key, certificate)
else:
target = Path('eduVPN.ovpn').resolve()
print(f"Writing configuration to {target}")
write_config(config, private_key, certificate, target)
def get_server_info(self, server) -> ServerInfo:
info = remote.get_info(server.oauth_login_url)
return ServerInfo(*info)