misc: use signed URL to call authentic (#12467)

welco/contacts/views.py

@@ -28,7 +28,7 @@ from django.template import RequestContext
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView, FormView
 
-from welco.utils import get_wcs_data, get_authentic_url
+from welco.utils import get_wcs_data, sign_url
 
 from .forms import ContactAddForm
 
@@ -133,11 +133,18 @@ class ContactAdd(FormView):
         msg['password'] = str(random.SystemRandom().random())
         msg['send_registration_email'] = True
 
+        authentic_site = settings.KNOWN_SERVICES.get('authentic').values()[0]
+        authentic_url = authentic_site.get('url')
+        authentic_orig = authentic_site.get('orig')
+        authentic_secret = authentic_site.get('secret')
+
+        url = authentic_url + 'api/users/?orig=%s' % authentic_orig
+        signed_url = sign_url(url, authentic_secret)
+
         authentic_response = requests.post(
-                get_authentic_url() + 'api/users/',
+                signed_url,
                 data=json.dumps(msg),
-                headers={'Content-type': 'application/json'},
-                auth=settings.AUTHENTIC_AUTH_TUPLE)
+                headers={'Content-type': 'application/json'})
 
         user_uuid = authentic_response.json().get('uuid')
         for i in range(50):

welco/settings.py

@@ -172,8 +172,6 @@ VALIDATION_STEPS = {
     'mail': ['done-qualif', 'done-dgs', 'done-dga'],
 }
 
-AUTHENTIC_AUTH_TUPLE = ('username', 'password')
-
 # mapping of channel to group/role *names*
 CHANNEL_ROLES = {
     'mail': [],

welco/utils.py

@@ -56,9 +56,6 @@ def sign_string(s, key, algo='sha256', timedelta=30):
     hash = hmac.HMAC(str(key), digestmod=digestmod, msg=s)
     return hash.digest()
 
-def get_authentic_url():
-    return settings.KNOWN_SERVICES.get('authentic').items()[0][1]['url']
-
 def get_wcs_services():
     return settings.KNOWN_SERVICES.get('wcs')