Fix: incorrect API key validation (#40)

CERT-Polska · Oct 29, 2021 · 45ff531 · 45ff531
1 parent 5fda56f
commit 45ff531
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 9 deletions.
diff --git a/src/__version__.py b/src/__version__.py
@@ -1 +1 @@
-__version__ = "3.4.0"
+__version__ = "3.4.1"
diff --git a/src/cli/authenticator.py b/src/cli/authenticator.py
@@ -24,10 +24,11 @@ def __init__(self):
         self.config = configparser.ConfigParser()
         self.config.read(['mwdb.cfg', self.CONFIG_PATH])
 
-    def get_authenticated_mwdb(self, api_url=None):
+    def get_authenticated_mwdb(self, api_url=None, try_login=True):
         """
         Gets pre-authenticated MWDB object based on local configuration
         :param api_url: Alternative API url provided explicitly by user
+        :param try_login: Ask for credentials if they're not saved
         :rtype: MWDB
         """
         api_url = api_url or self.config.get("mwdb", "api_url", fallback=API_URL)
@@ -44,8 +45,8 @@ def get_authenticated_mwdb(self, api_url=None):
                 password = keyring.get_password("mwdb", username)
                 api.login(username, password, warn=False)
         mwdb = MWDB(api=api)
-        # If not authenticated: ask for credentials
-        if mwdb.api.api_key is None:
+        # If credentials are not stored and try_login=True: ask for credentials
+        if try_login and mwdb.api.api_key is None:
             mwdb.login(warn=False)
         return mwdb
 

diff --git a/src/cli/login.py b/src/cli/login.py
@@ -2,7 +2,7 @@
 
 from . import main
 from .authenticator import MwdbAuthenticator
-from ..exc import InvalidCredentialsError
+from ..exc import InvalidCredentialsError, NotAuthenticatedError
 
 
 @main.command("login")
@@ -28,11 +28,13 @@ def login_command(ctx, username, password, via_api_key, api_key):
     authenticator = MwdbAuthenticator()
     authenticator.store_login(username, password, api_key, api_url)
     try:
+        # Try to use credentials
         mwdb = authenticator.get_authenticated_mwdb(api_url)
-        # todo: Find more appropriate way to check successful authentication
-        mwdb.query("", raise_not_found=False)
-    except InvalidCredentialsError:
-        click.echo("Error: Login failed - invalid credentials.", err=True)
+        if api_key:
+            # Check if API key is correct
+            mwdb.api.get("auth/validate")
+    except (InvalidCredentialsError, NotAuthenticatedError) as e:
+        click.echo("Error: Login failed - {}".format(str(e)), err=True)
         authenticator.reset_login()
         ctx.abort()