From f87815fc88df2f95850ac32ddaf847d06b64c7ec Mon Sep 17 00:00:00 2001
From: Matt Phillips <mphillips81@bloomberg.net>
Date: Tue, 12 Mar 2019 09:35:16 -0400
Subject: [PATCH] Revert "improve /run handling, token handling with /run"

This reverts commit 59c013ab792f1abf3a76d1d0a224db7bbe1e8864.

this fixes tornado but breaks cherrypy - I mistakenly assumed the
payload token returned on login was the real eauth token not the
session.id. I'll add a route to /token in tornado that is equivalent to
/login on tornado to mimick backcompat behavior even though they are
equivalent there due to not having a proxy session store.
---
 pepper/cli.py       |  6 ++++--
 pepper/libpepper.py | 10 +++++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/pepper/cli.py b/pepper/cli.py
index c10d220..f831661 100644
--- a/pepper/cli.py
+++ b/pepper/cli.py
@@ -603,6 +603,8 @@ def poll_for_returns(self, api, load):
             yield exit_code, {'Failed': failed}
 
     def login(self, api):
+        login = api.token if self.options.userun else api.login
+
         if self.options.mktoken:
             token_file = self.options.cache
             try:
@@ -616,7 +618,7 @@ def login(self, api):
                     logger.error('Unable to load login token from {0} {1}'.format(token_file, str(e)))
                     if os.path.isfile(token_file):
                         os.remove(token_file)
-                auth = api.login(**self.parse_login())
+                auth = login(**self.parse_login())
                 try:
                     oldumask = os.umask(0)
                     fdsc = os.open(token_file, os.O_WRONLY | os.O_CREAT, 0o600)
@@ -627,7 +629,7 @@ def login(self, api):
                 finally:
                     os.umask(oldumask)
         else:
-            auth = api.login(**self.parse_login())
+            auth = login(**self.parse_login())
 
         api.auth = auth
         self.auth = auth
diff --git a/pepper/libpepper.py b/pepper/libpepper.py
index bef0bb8..9dfe05c 100644
--- a/pepper/libpepper.py
+++ b/pepper/libpepper.py
@@ -219,7 +219,7 @@ def req(self, path, data=None):
             req.add_header('Content-Length', clen)
 
         # Add auth header to request
-        if path != '/run' and self.auth and 'token' in self.auth and self.auth['token']:
+        if self.auth and 'token' in self.auth and self.auth['token']:
             req.add_header('X-Auth-Token', self.auth['token'])
 
         # Send request
@@ -467,6 +467,14 @@ def login(self, username=None, password=None, eauth=None, **kwargs):
         self.auth = self._send_auth('/login', **kwargs).get('return', [{}])[0]
         return self.auth
 
+    def token(self, **kwargs):
+        '''
+        Get an eauth token from Salt for use with the /run URL
+
+        '''
+        self.auth = self._send_auth('/token', **kwargs)[0]
+        return self.auth
+
     def _construct_url(self, path):
         '''
         Construct the url to salt-api for the given path