From 2bc0560aeb66ceb85269423b1f98fac27da88d6a Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Mon, 5 Aug 2019 18:57:06 +0200 Subject: [PATCH] requests_wrapper: sign URL of prepared requests (#35225) --- combo/utils/requests_wrapper.py | 14 ++++++++++++-- tests/test_requests.py | 28 ++++++++++++++-------------- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/combo/utils/requests_wrapper.py b/combo/utils/requests_wrapper.py index 38827c2..aecdec1 100644 --- a/combo/utils/requests_wrapper.py +++ b/combo/utils/requests_wrapper.py @@ -18,6 +18,7 @@ import hashlib import logging from requests import Response, Session as RequestsSession +from requests.auth import AuthBase from django.conf import settings from django.core.cache import cache @@ -32,6 +33,15 @@ class NothingInCacheException(Exception): pass +class PublikSignature(AuthBase): + def __init__(self, secret): + self.secret = secret + + def __call__(self, request): + request.url = sign_url(request.url, self.secret) + return request + + class Requests(RequestsSession): def request(self, method, url, **kwargs): @@ -117,8 +127,8 @@ class Requests(RequestsSession): elif raise_if_not_cached: raise NothingInCacheException() - if remote_service: # sign - url = sign_url(url, remote_service.get('secret')) + if remote_service: # sign + kwargs['auth'] = PublikSignature(remote_service.get('secret')) kwargs['timeout'] = kwargs.get('timeout') or settings.REQUESTS_TIMEOUT diff --git a/tests/test_requests.py b/tests/test_requests.py index 4d3b3a0..a116cd0 100644 --- a/tests/test_requests.py +++ b/tests/test_requests.py @@ -23,15 +23,15 @@ class MockUser(object): def test_nosign(): - with mock.patch('combo.utils.requests_wrapper.RequestsSession.request') as request: + with mock.patch('combo.utils.requests_wrapper.RequestsSession.send') as send: requests.get('http://example.org/foo/bar/') - assert request.call_args[0][1] == 'http://example.org/foo/bar/' + assert send.call_args[0][0].url == 'http://example.org/foo/bar/' def test_sign(): remote_service = {'url': 'http://example.org', 'secret': 'secret', 'orig': 'myself'} - with mock.patch('combo.utils.requests_wrapper.RequestsSession.request') as request: + with mock.patch('combo.utils.requests_wrapper.RequestsSession.send') as send: requests.get('/foo/bar/', remote_service=remote_service) - url = request.call_args[0][1] + url = send.call_args[0][0].url assert url.startswith('http://example.org/foo/bar/?') scheme, netloc, path, params, querystring, fragment = urlparse.urlparse(url) query = urlparse.parse_qs(querystring, keep_blank_values=True) @@ -41,7 +41,7 @@ def test_sign(): assert check_query(querystring, 'secret') == True requests.get('/foo/bar/', remote_service=remote_service, without_user=True) - url = request.call_args[0][1] + url = send.call_args[0][0].url assert url.startswith('http://example.org/foo/bar/?') scheme, netloc, path, params, querystring, fragment = urlparse.urlparse(url) query = urlparse.parse_qs(querystring, keep_blank_values=True) @@ -52,9 +52,9 @@ def test_sign(): def test_auto_sign(): - with mock.patch('combo.utils.requests_wrapper.RequestsSession.request') as request: + with mock.patch('combo.utils.requests_wrapper.RequestsSession.send') as send: requests.get('http://example.org/foo/bar/', remote_service='auto') - url = request.call_args[0][1] + url = send.call_args[0][0].url assert url.startswith('http://example.org/foo/bar/?') scheme, netloc, path, params, querystring, fragment = urlparse.urlparse(url) query = urlparse.parse_qs(querystring, keep_blank_values=True) @@ -62,17 +62,17 @@ def test_auto_sign(): assert check_query(querystring, 'combo') == True requests.get('http://doesnotexist/foo/bar/', remote_service='auto') - assert request.call_args[0][1] == 'http://doesnotexist/foo/bar/' + assert send.call_args[0][0].url == 'http://doesnotexist/foo/bar/' def test_sign_user(): remote_service = {'url': 'http://example.org', 'secret': 'secret', 'orig': 'myself'} - with mock.patch('combo.utils.requests_wrapper.RequestsSession.request') as request: + with mock.patch('combo.utils.requests_wrapper.RequestsSession.send') as send: user = MockUser(samlized=True) requests.get('/foo/bar/', remote_service=remote_service, user=user) - url = request.call_args[0][1] + url = send.call_args[0][0].url assert url.startswith('http://example.org/foo/bar/?') scheme, netloc, path, params, querystring, fragment = urlparse.urlparse(url) query = urlparse.parse_qs(querystring, keep_blank_values=True) @@ -83,7 +83,7 @@ def test_sign_user(): requests.get('/foo/bar/', remote_service=remote_service, user=user, federation_key='email') - url = request.call_args[0][1] + url = send.call_args[0][0].url assert url.startswith('http://example.org/foo/bar/?') scheme, netloc, path, params, querystring, fragment = urlparse.urlparse(url) query = urlparse.parse_qs(querystring, keep_blank_values=True) @@ -96,7 +96,7 @@ def test_sign_user(): user = MockUser(samlized=False) requests.get('/foo/bar/', remote_service=remote_service, user=user) - url = request.call_args[0][1] + url = send.call_args[0][0].url assert url.startswith('http://example.org/foo/bar/?') scheme, netloc, path, params, querystring, fragment = urlparse.urlparse(url) query = urlparse.parse_qs(querystring, keep_blank_values=True) @@ -108,12 +108,12 @@ def test_sign_user(): def test_sign_anonymous_user(): remote_service = {'url': 'http://example.org', 'secret': 'secret', 'orig': 'myself'} - with mock.patch('combo.utils.requests_wrapper.RequestsSession.request') as request: + with mock.patch('combo.utils.requests_wrapper.RequestsSession.send') as send: user = AnonymousUser() requests.get('/foo/bar/', remote_service=remote_service, user=user) - url = request.call_args[0][1] + url = send.call_args[0][0].url assert url.startswith('http://example.org/foo/bar/?') scheme, netloc, path, params, querystring, fragment = urlparse.urlparse(url) query = urlparse.parse_qs(querystring, keep_blank_values=True) -- 2.22.0