mirror of
				https://opendev.org/x/pyghmi
				synced 2025-10-25 16:35:20 +00:00 
			
		
		
		
	Recognize and use CSRF token
Newer versions of IMM firmware implement a mechanism to guard against CSRF. Use the provided token via custom header to prove that our requests are not CSRF. Change-Id: I6cc030302ecacdfedc8e2fcf6e7588a82db957e7
This commit is contained in:
		| @@ -55,6 +55,8 @@ def get_imm_webclient(imm, certverify, uid, password): | ||||
|     if rsp.status == 200: | ||||
|         rspdata = json.loads(rsp.read()) | ||||
|         if rspdata['authResult'] == '0' and rspdata['status'] == 'ok': | ||||
|             if 'token2_name' in rspdata and 'token2_value' in rspdata: | ||||
|                 wc.set_header(rspdata['token2_name'], rspdata['token2_value']) | ||||
|             return wc | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -39,6 +39,10 @@ class SecureHTTPConnection(httplib.HTTPConnection, object): | ||||
|         self.cert_reqs = ssl.CERT_NONE  # verification will be done ssh style.. | ||||
|         self._certverify = verifycallback | ||||
|         self.cookies = {} | ||||
|         self.stdheaders = {} | ||||
|  | ||||
|     def set_header(self, key, value): | ||||
|         self.stdheaders[key] = value | ||||
|  | ||||
|     def connect(self): | ||||
|         plainsock = socket.create_connection((self.host, self.port)) | ||||
| @@ -68,7 +72,7 @@ class SecureHTTPConnection(httplib.HTTPConnection, object): | ||||
|  | ||||
|     def request(self, method, url, body=None, headers=None): | ||||
|         if headers is None: | ||||
|             headers = {} | ||||
|             headers = self.stdheaders | ||||
|         if self.cookies: | ||||
|             cookies = [] | ||||
|             for ckey in self.cookies: | ||||
|   | ||||
		Reference in New Issue
	
	Block a user