Implement Safe Cookie in Stem
Ticket for tracking the work to implement and test Robert's new Safe Cookie authentication method in stem.
Robert has written a python script to handle the authentication so this task is to...
-
Distill his script to just what we need to perform the authentication.
-
Implement safe cookie in the connection module. This involves adding SAFE_COOKIE to the AuthMethod enum, adding a new 'authenticate_safe_cookie' function, and adding this to the 'authenticate' method.
-
Write integration tests similar to the current auth cookie tests.
The safe cookie authentication method has not been merged into tor and, until it is, we'll be keeping this feature in a separate branch.
Part of the safe cookie proposal was the deprecation and removal of the previous authentication cookie method. Stem should include this deprecation notice in its pydocs and we should add the upcoming deprecation to the tor workaround deprecation section so we remember to remove authentication support later (otherwise the vulnerability Robert is trying to fix will still exist).
At the moment gsathya has offered to help by taking the first pass at this - good luck!