From 7a6b44b368b654edd59a1fa2213ea8b66e825582 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Tue, 21 Jun 2016 08:18:49 +0200
Subject: [PATCH 2/2] general: add autodiscovery of webservice signature key
 (#11426)

---
 tests/test_wscall.py | 28 ++++++++++++++++++++++++++++
 wcs/wscalls.py       | 12 +++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/tests/test_wscall.py b/tests/test_wscall.py
index f6ac17d..052747a 100644
--- a/tests/test_wscall.py
+++ b/tests/test_wscall.py
@@ -60,3 +60,31 @@ def test_webservice_substitution_variable(pub):
     pub.substitutions.feed(NamedWsCall)
     variables = pub.substitutions.get_context_variables()
     assert variables['webservice'].hello_world == {'foo': 'bar'}
+
+def test_webservice_auto_sign(pub):
+    NamedWsCall.wipe()
+
+    wscall = NamedWsCall()
+    wscall.name = 'Hello world'
+    wscall.request = {'url': 'http://blah.example.net'}
+    try:
+        wscall.call()
+    except:
+        pass
+    assert not 'signature=' in http_requests.get_last('url')
+
+    wscall.request = {'url': 'http://idp.example.net'}
+    try:
+        wscall.call()
+    except:
+        pass
+    assert 'orig=example.net' in http_requests.get_last('url')
+    assert 'signature=' in http_requests.get_last('url')
+
+    wscall.request['request_signature_key'] = 'blah'
+    try:
+        wscall.call()
+    except:
+        pass
+    assert not 'orig=example.net' in http_requests.get_last('url')
+    assert 'signature=' in http_requests.get_last('url')
diff --git a/wcs/wscalls.py b/wcs/wscalls.py
index ddfc5c5..2294796 100644
--- a/wcs/wscalls.py
+++ b/wcs/wscalls.py
@@ -29,7 +29,7 @@ from qommon.xml_storage import XmlStorableObject
 from qommon.form import (CompositeWidget, StringWidget, WidgetDict,
         ComputedExpressionWidget, RadiobuttonsWidget, CheckboxWidget)
 
-from wcs.api_utils import sign_url
+from wcs.api_utils import sign_url, get_secret_and_orig, MissingSecret
 from wcs.workflows import WorkflowStatusItem
 
 TIMEOUT = 30
@@ -42,6 +42,16 @@ def call_webservice(url, qs_data=None, request_signature_key=None,
         variables = get_publisher().substitutions.get_context_variables()
         url = get_variadic_url(url, variables)
 
+    if not request_signature_key:
+        try:
+            request_signature_key, orig = get_secret_and_orig(url)
+        except MissingSecret:
+            pass
+        else:
+            if not qs_data:
+                qs_data = {}
+            qs_data['orig'] = orig
+
     if qs_data:  # merge qs_data into url
         publisher = get_publisher()
         parsed = urlparse.urlparse(url)
-- 
2.8.1