[preview] Add option to disable https verification

2017-12-05 18:08:20 +01:00
parent 42cc17269b
commit 9c91679a63
3 changed files with 34 additions and 12 deletions
--- a/url_image_preview/config_dialog.py
+++ b/url_image_preview/config_dialog.py
@@ -21,7 +21,7 @@ from gi.repository import GObject
 from gi.repository import Gtk

 from gajim.options_dialog import OptionsDialog, GenericOption, SpinOption
-from gajim.common.const import Option, OptionType
+from gajim.common.const import Option, OptionType, OptionKind


 class UrlImagePreviewConfigDialog(OptionsDialog):
@@ -57,6 +57,10 @@ class UrlImagePreviewConfigDialog(OptionsDialog):
                   callback=self.on_option, data='LEFTCLICK_ACTION',
                   props={'items': actions,
                          'plugin': self.plugin}),
+
+            Option(OptionKind.SWITCH, _('Enable HTTPS Verification'),
+                   OptionType.VALUE, self.plugin.config['VERIFY'],
+                   callback=self.on_option, data='VERIFY'),
            ]

        OptionsDialog.__init__(self, parent, _('UrlImagePreview Options'),
--- a/url_image_preview/http_functions.py
+++ b/url_image_preview/http_functions.py
@@ -18,6 +18,7 @@
 import urllib.request as urllib2
 import socket
 import re
+import ssl

 from gajim.common import app
 from gajim.common import helpers
@@ -34,12 +35,12 @@ if app.HAVE_PYCURL:

 log = logging.getLogger('gajim.plugin_system.url_image_preview.http_functions')

-def get_http_head(account, url):
+def get_http_head(account, url, verify):
    # Check if proxy is used
    proxy = helpers.get_proxy_info(account)
    if proxy and proxy['type'] in ('http', 'socks5'):
        return _get_http_head_proxy(url, proxy)
-    return _get_http_head_direct(url)
+    return _get_http_head_direct(url, verify)

 def get_http_file(account, attrs):
    # Check if proxy is used
@@ -49,16 +50,23 @@ def get_http_file(account, attrs):
    else:
        return _get_http_direct(attrs)

-def _get_http_head_direct(url):
+def _get_http_head_direct(url, verify):
    log.debug('Head request direct for URL: %s' % url)
    try:
        req = urllib2.Request(url)
        req.get_method = lambda: 'HEAD'
        req.add_header('User-Agent', 'Gajim %s' % app.version)
-        if os.name == 'nt':
-            f = urllib2.urlopen(req, cafile=certifi.where())
+        if not verify:
+            context = ssl.create_default_context()
+            context.check_hostname = False
+            context.verify_mode = ssl.CERT_NONE
+            log.warning('CERT Verification disabled')
+            f = urllib2.urlopen(req, timeout=30, context=context)
        else:
-            f = urllib2.urlopen(req)
+            if os.name == 'nt':
+                f = urllib2.urlopen(req, cafile=certifi.where())
+            else:
+                f = urllib2.urlopen(req)
    except Exception as ex:
        log.debug('Could not get head response for URL: %s' % url)
        log.debug("%s" % str(ex))
@@ -136,10 +144,17 @@ def _get_http_direct(attrs):
    try:
        req = urllib2.Request(attrs['src'])
        req.add_header('User-Agent', 'Gajim ' + app.version)
-        if os.name == 'nt':
-            f = urllib2.urlopen(req, cafile=certifi.where())
+        if not attrs['verify']:
+            context = ssl.create_default_context()
+            context.check_hostname = False
+            context.verify_mode = ssl.CERT_NONE
+            log.warning('CERT Verification disabled')
+            f = urllib2.urlopen(req, timeout=30, context=context)
        else:
-            f = urllib2.urlopen(req)
+            if os.name == 'nt':
+                f = urllib2.urlopen(req, cafile=certifi.where())
+            else:
+                f = urllib2.urlopen(req)
    except Exception as ex:
        log.debug('Error loading file %s '
                    % attrs['src'] + str(ex))
--- a/url_image_preview/url_image_preview.py
+++ b/url_image_preview/url_image_preview.py
@@ -81,7 +81,8 @@ class UrlImagePreviewPlugin(GajimPlugin):
            'PREVIEW_SIZE': (150, 'Preview size(10-512)'),
            'MAX_FILE_SIZE': (524288, 'Max file size for image preview'),
            'LEFTCLICK_ACTION': ('open_menuitem', 'Open'),
-            'ANONYMOUS_MUC': False,}
+            'ANONYMOUS_MUC': (False, ''),
+            'VERIFY': (True, ''),}
        self.controls = {}
        self.history_window_control = None

@@ -246,8 +247,9 @@ class Base(object):
                # then check the mime type and filesize
                if urlparts.scheme == 'aesgcm':
                    real_text = 'https://' + real_text[9:]
+                verify = self.plugin.config['VERIFY']
                app.thread_interface(
-                    get_http_head, [self.textview.account, real_text],
+                    get_http_head, [self.textview.account, real_text, verify],
                    self._check_mime_size, [real_text, repl_start, repl_end,
                                            filepaths, key, iv, encrypted])

@@ -403,6 +405,7 @@ class Base(object):
            return

        attributes = {'src': url,
+                      'verify': self.plugin.config['VERIFY'],
                      'max_size': max_size,
                      'filepaths': filepaths,
                      'key': key,