From d5e4d1b90a01e4fca256c202cad4fa3eb1dffdf0 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 12 Nov 2021 11:27:58 -0500
Subject: [PATCH] Add navigating nonce login for xcc discovery

The nonce login from newer firmware is now required.
---
 .../confluent/discovery/handlers/xcc.py       | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/confluent_server/confluent/discovery/handlers/xcc.py b/confluent_server/confluent/discovery/handlers/xcc.py
index f99df402..2ecb9d9f 100644
--- a/confluent_server/confluent/discovery/handlers/xcc.py
+++ b/confluent_server/confluent/discovery/handlers/xcc.py
@@ -148,6 +148,14 @@ class NodeHandler(immhandler.NodeHandler):
                             })
         headers = {'Connection': 'keep-alive',
                    'Content-Type': 'application/json'}
+        nonce = None
+        wc.request('POST', '/api/providers/get_nonce', '{}')
+        rsp = wc.getresponse()
+        tokbody = rsp.read()
+        if rsp.status == 200:
+             rsp = json.loads(tokbody)
+             nonce = rsp.get('nonce', None)
+             headers['Content-Security-Policy'] = 'nonce={0}'.format(nonce)
         wc.request('POST', '/api/login', adata, headers)
         rsp = wc.getresponse()
         try:
@@ -164,6 +172,14 @@ class NodeHandler(immhandler.NodeHandler):
                 })
             headers = {'Connection': 'keep-alive',
                        'Content-Type': 'application/json'}
+            if nonce:
+                wc.request('POST', '/api/providers/get_nonce', '{}')
+                rsp = wc.getresponse()
+                tokbody = rsp.read()
+                if rsp.status == 200:
+                    rsp = json.loads(tokbody)
+                    nonce = rsp.get('nonce', None)
+                    headers['Content-Security-Policy'] = 'nonce={0}'.format(nonce)
             wc.request('POST', '/api/login', adata, headers)
             rsp = wc.getresponse()
             try:
@@ -375,6 +391,13 @@ class NodeHandler(immhandler.NodeHandler):
                     'password': tpass,
                 })
                 headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'}
+                wc.request('POST', '/api/providers/get_nonce', '{}')
+                rsp = wc.getresponse()
+                tokbody = rsp.read()
+                if rsp.status == 200:
+                    rsp = json.loads(tokbody)
+                    nonce = rsp.get('nonce', None)
+                    headers['Content-Security-Policy'] = 'nonce={0}'.format(nonce)
                 nwc.request('POST', '/api/login', adata, headers)
                 rsp = nwc.getresponse()
                 if rsp.status == 200: