Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow unverified SSL and additional HTTP headers #89

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Allow unverified SSL and additional HTTP headers #89

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
48929c6
Allow unverified SSL and additional HTTP headers
jlubawy Mar 5, 2025
ac02937
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Mar 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 26 additions & 3 deletions tcms_api/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,17 @@


class _ConnectionProxy:
def __init__(self, config):
def __init__(
self,
config,
allow_unverified_ssl: bool = False,
extra_headers: list[tuple[str, str]] = [],
):
self.__connected_since = datetime(2024, 1, 1, 0, 0)
self.__connection = None
self.__config = config
self.__allow_unverified_ssl = allow_unverified_ssl
self.__extra_headers = extra_headers

@staticmethod
def server_url(config):
Expand Down Expand Up @@ -169,6 +176,8 @@ def create_connection(self):
config["tcms"]["username"],
config["tcms"]["password"],
server_url,
allow_unverified_ssl=self.__allow_unverified_ssl,
extra_headers=self.__extra_headers,
)
except KeyError as err:
raise RuntimeError(f"username/password required in '{path}'") from err
Expand Down Expand Up @@ -206,7 +215,14 @@ class TCMS: # pylint: disable=too-few-public-methods
parses user configuration using a utilities class!
"""

def __init__(self, url=None, username=None, password=None):
def __init__(
self,
url=None,
username=None,
password=None,
allow_unverified_ssl: bool = False,
extra_headers: list[tuple[str, str]] = [],
):
self.config = {
"tcms": {
"url": url,
Expand All @@ -215,6 +231,9 @@ def __init__(self, url=None, username=None, password=None):
}
}

self.allow_unverified_ssl = allow_unverified_ssl
self.extra_headers = extra_headers

@property
def exec(self):
"""
Expand All @@ -230,4 +249,8 @@ def exec(self):
Starting with tcms-api v12.9.1 this property is automatically refreshed
every 4 minutes to avoid SSL connection timeout errors!
"""
return _ConnectionProxy(self.config)
return _ConnectionProxy(
config=self.config,
allow_unverified_ssl=self.allow_unverified_ssl,
extra_headers=self.extra_headers,
)
17 changes: 16 additions & 1 deletion tcms_api/xmlrpc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# pylint: disable=protected-access,too-few-public-methods

import ssl
import sys
from typing import Optional
import urllib.parse

from base64 import b64encode
Expand Down Expand Up @@ -114,7 +116,14 @@ class TCMSXmlrpc:
session_cookie_name = "sessionid"
transport = None

def __init__(self, username, password, url):
def __init__(
self,
username,
password,
url,
allow_unverified_ssl: bool = False,
extra_headers: list[tuple[str, str]] = [],
):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will have to define these for the inherited class TCMSKerbXmlrpc, and take care to pass them down appropriately otherwise we have broken method signatures in the inheritance chain.

if self.transport is None:
if url.startswith("https://"):
self.transport = SafeCookieTransport()
Expand All @@ -123,6 +132,12 @@ def __init__(self, username, password, url):
else:
raise RuntimeError("Unrecognized URL scheme")

if allow_unverified_ssl:
ssl._create_default_https_context = ssl._create_unverified_context
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is modifying the global state of the ssl module which potentially can lead to side effects depending on how that module and the tcms_api module are used by the developer. This could lead to very difficult to debug issues.

This also affects the SSL module even if for whatever reason the user is connecting to a plain-text endpoint (e.g. reusing the same code base).

Instead of doing it like this, see the context argument of SafeTransport.__init__().


if len(extra_headers) > 0:
self.transport._headers += extra_headers
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This possibly overrides an existing value set for this attribute.

You can pass headers in Transport.__init__() so better add this in lines 128 & 130.


self.server = TCMSProxy(
url, transport=self.transport, verbose=VERBOSE, allow_none=1
)
Expand Down