def logout(self):
'''Logout user'''
with self.__lock:
logger.info('LOGOUT for user [%s]', self.username)
response = self.api('user/logout', {'Logout': 1})
if RouterError.hasError(response):
raise RouterError(response)
self.__is_logged_in = False
def __get_server_token(self):
""" retrieves server token """
url = "http://%s/api/webserver/token" % self.router
token_response = self.__get(url).text
if RouterError.hasError(token_response):
raise RouterError(token_response)
root = ET.fromstring(token_response)
return root.findall('./token')[0].text
def __api_challenge(self):
self.__setup_session()
token = self.__get_server_token()
url = "http://%s/api/user/challenge_login" % self.router
self.clientnonce = crypto.generate_nonce()
xml = xmlobjects.CustomXml({
'username': self.username,
'firstnonce': self.clientnonce,
'mode': 1
}).buildXML()
headers = {'Content-type': 'text/html', self.REQUEST_TOKEN: token[32:]}
response = self.__post(url=url, data=xml, headers=headers)
if RouterError.hasError(response.text):
raise RouterError(response.text)
return response
def __login(self):
""" logs in to the router using SCRAM method of authentication """
logger.info('LOGIN for user [%s]' % self.username)
response = self.__api_challenge()
verification_token = response.headers[self.REQUEST_TOKEN]
scram_data = ET.fromstring(response.text)
servernonce = scram_data.findall('./servernonce')[0].text
salt = scram_data.findall('./salt')[0].text
iterations = int(scram_data.findall('./iterations')[0].text)
client_proof = crypto.get_client_proof(self.clientnonce, servernonce,
self.__password, salt,
iterations).decode('UTF-8')
login_request = xmlobjects.CustomXml({
'clientproof': client_proof,
'finalnonce': servernonce
}).buildXML()
headers = {
'Content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
self.REQUEST_TOKEN: verification_token
}
url = "http://%s/api/user/authentication_login" % self.router
result = self.__post(url=url, data=login_request, headers=headers)
if RouterError.hasError(result.text):
raise RouterError(result.text)
verification_token = result.headers[self.REQUEST_TOKEN]
self.__last_login = datetime.now()
'''
The SCRAM protocol would normally validate the server signatures
We're assuming this is ok
e.g.
var serverProof = scram.serverProof(psd, salt, iter, authMsg);
if (ret.response.serversignature == serverProof) {
var publicKeySignature = scram.signature(CryptoJS.enc.Hex.parse(ret.response.rsan), CryptoJS.enc.Hex.parse(serverKey)).toString();
if (ret.response.rsapubkeysignature == publicKeySignature) {
'''
xml = ET.fromstring(result.text)
self.__rsae = xml.find('.//rsae').text
self.__rsan = xml.find('.//rsan').text
self.__is_logged_in = True