2
0
mirror of https://opendev.org/x/pyghmi synced 2025-10-25 16:35:20 +00:00

Recognize and use CSRF token

Newer versions of IMM firmware implement a mechanism to guard
against CSRF.  Use the provided token via custom header to prove
that our requests are not CSRF.

Change-Id: I6cc030302ecacdfedc8e2fcf6e7588a82db957e7
This commit is contained in:
Jarrod Johnson
2016-10-25 14:22:29 -04:00
parent 87be4c8a41
commit a27d28fb0a
2 changed files with 7 additions and 1 deletions

View File

@@ -55,6 +55,8 @@ def get_imm_webclient(imm, certverify, uid, password):
if rsp.status == 200:
rspdata = json.loads(rsp.read())
if rspdata['authResult'] == '0' and rspdata['status'] == 'ok':
if 'token2_name' in rspdata and 'token2_value' in rspdata:
wc.set_header(rspdata['token2_name'], rspdata['token2_value'])
return wc

View File

@@ -39,6 +39,10 @@ class SecureHTTPConnection(httplib.HTTPConnection, object):
self.cert_reqs = ssl.CERT_NONE # verification will be done ssh style..
self._certverify = verifycallback
self.cookies = {}
self.stdheaders = {}
def set_header(self, key, value):
self.stdheaders[key] = value
def connect(self):
plainsock = socket.create_connection((self.host, self.port))
@@ -68,7 +72,7 @@ class SecureHTTPConnection(httplib.HTTPConnection, object):
def request(self, method, url, body=None, headers=None):
if headers is None:
headers = {}
headers = self.stdheaders
if self.cookies:
cookies = []
for ckey in self.cookies: