The new woob repository is here: This gitlab will be removed soon.

Commit 84967f4d authored by Florent Fourcot's avatar Florent Fourcot

browser: detect HTTPS downgrade

parent 940b9034
......@@ -43,6 +43,8 @@
except ImportError:
raise ImportError('Please install python-requests >= 2.0')
from weboob.exceptions import BrowserHTTPSDowngrade
from import getLogger
from import OrderedDict
from import json
......@@ -659,6 +661,16 @@ def internal_callback(response):
if is None:
regexp = r'^(?P<proto>\w+)://.*'
proto_base = re.match(regexp, response.url)
if proto_base:
proto_base ='proto')
proto_resp = re.match(regexp, self.BASEURL).group('proto')
if proto_base == 'https' and proto_resp != 'https':
raise BrowserHTTPSDowngrade()
self.logger.debug('Unable to handle %s' % response.url)
return callback(response)
......@@ -55,6 +55,10 @@ class BrowserHTTPError(BrowserUnavailable):
class BrowserHTTPSDowngrade(BrowserUnavailable):
class BrowserSSLError(BrowserUnavailable):
......@@ -32,7 +32,7 @@
from weboob.core.backendscfg import BackendAlreadyExists
from weboob.core.modules import ModuleLoadError
from weboob.core.repositories import ModuleInstallError, IProgress
from weboob.exceptions import BrowserUnavailable, BrowserIncorrectPassword, BrowserForbidden, BrowserSSLError, BrowserQuestion
from weboob.exceptions import BrowserUnavailable, BrowserIncorrectPassword, BrowserForbidden, BrowserSSLError, BrowserQuestion, BrowserHTTPSDowngrade
from import Value, ValueBool, ValueFloat, ValueInt, ValueBackendPassword
from import to_unicode
from import check_output
......@@ -568,6 +568,8 @@ def bcall_error_handler(self, backend, error, backtrace):
elif isinstance(error, BrowserSSLError):
print(u'FATAL(%s): ' % + self.BOLD + '/!\ SERVER CERTIFICATE IS INVALID /!\\' + self.NC, file=self.stderr)
elif isinstance(error, BrowserHTTPSDowngrade):
print(u'FATAL(%s): ' % + 'Downgrade from HTTPS to HTTP')
elif isinstance(error, BrowserForbidden):
msg = unicode(error)
print(u'Error(%s): %s' % (, msg or 'Forbidden'), file=self.stderr)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment