From 1713da61e79e36248cd8b9f9fdbb6e26a1baa3ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Tue, 23 Feb 2021 20:20:47 +0100 Subject: [PATCH] Fix password change This fixes a regression introduced in e476d9b7 which caused the token to be incorrectly used when authenticating with mod_rest for sending the password change IQ stanza. --- snikket_web/prosodyclient.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/snikket_web/prosodyclient.py b/snikket_web/prosodyclient.py index 3239303..4fb9ba5 100644 --- a/snikket_web/prosodyclient.py +++ b/snikket_web/prosodyclient.py @@ -332,15 +332,18 @@ class ProsodyClient: ) ) + def _store_token_in_session(self, token_info: TokenInfo): + http_session[self.SESSION_TOKEN] = token_info.token + http_session[self.SESSION_CACHED_SCOPE] = " ".join(token_info.scopes) + async def login(self, jid: str, password: str) -> bool: async with self._plain_session as session: token_info = await self._oauth2_bearer_token( session, jid, password, ) - http_session[self.SESSION_TOKEN] = token_info.token + self._store_token_in_session(token_info) http_session[self.SESSION_ADDRESS] = jid - http_session[self.SESSION_CACHED_SCOPE] = " ".join(token_info.scopes) return True @property @@ -767,7 +770,7 @@ class ProsodyClient: # got there, replacing the current session token on the way. async with self._plain_session as session: - token = await self._oauth2_bearer_token( + token_info = await self._oauth2_bearer_token( session, self.session_address, current_password, @@ -779,14 +782,14 @@ class ProsodyClient: new_password ), headers={ - "Authorization": "Bearer {}".format(token), + "Authorization": "Bearer {}".format(token_info.token), }, sensitive=True, ) # TODO: error handling # TODO: obtain a new token using the new password to allow the # server to expire/revoke all tokens on password change. - http_session[self.SESSION_TOKEN] = token + self._store_token_in_session(token_info) def _raise_error_from_response( self,