feat: add possibility to authenticate by username/password

CHANGELOG.md

@@ -1,5 +1,8 @@
 ## 1.29.0 [unreleased]
 
+### Features
+1. [#435](https://github.com/influxdata/influxdb-client-python/pull/435): Add possibility to authenticate by `username/password`
+
 ### Breaking Changes
 1. [#433](https://github.com/influxdata/influxdb-client-python/pull/433): Rename `InvocableScripts` to `InvokableScripts`
 

README.rst

@@ -1089,6 +1089,64 @@ Gzip support
 
 .. marker-gzip-end
 
+Authenticate to the InfluxDB
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. marker-authenticate-start
+
+``InfluxDBClient`` supports three options how to authorize a connection:
+
+- `Token`
+- `Username & Password`
+- `HTTP Basic`
+
+Token
+"""""
+
+Use the ``token`` to authenticate to the InfluxDB API. In your API requests, an `Authorization` header will be send.
+The header value, provide the word `Token` followed by a space and an InfluxDB API token. The word `token`` is case-sensitive.
+
+.. code-block:: python
+
+   from influxdb_client import InfluxDBClient
+
+   with InfluxDBClient(url="http://localhost:8086", token="my-token") as client
+
+.. note:: Note that this is a preferred way how to authenticate to InfluxDB API.
+
+Username & Password
+"""""""""""""""""""
+
+Authenticates via username and password credentials. If successful, creates a new session for the user.
+
+.. code-block:: python
+
+   from influxdb_client import InfluxDBClient
+
+   with InfluxDBClient(url="http://localhost:8086", username="my-user", password="my-password") as client
+
+.. warning::
+
+    The ``username/password`` auth is based on the HTTP "Basic" authentication.
+    The authorization expires when the `time-to-live (TTL) <https://docs.influxdata.com/influxdb/latest/reference/config-options/#session-length>`__
+    (default 60 minutes) is reached and client produces ``unauthorized exception``.
+
+HTTP Basic
+""""""""""
+
+Use this to enable basic authentication when talking to a InfluxDB 1.8.x that does not use auth-enabled
+but is protected by a reverse proxy with basic authentication.
+
+.. code-block:: python
+
+   from influxdb_client import InfluxDBClient
+
+   with InfluxDBClient(url="http://localhost:8086", auth_basic=True, token="my-proxy-secret") as client
+
+
+.. warning:: Don't use this when directly talking to InfluxDB 2.
+
+.. marker-authenticate-end
+
 Proxy configuration
 ^^^^^^^^^^^^^^^^^^^
 .. marker-proxy-start

docs/usage.rst

@@ -16,17 +16,23 @@ Write
   :start-after: marker-writes-start
   :end-before: marker-writes-end
 
+Delete data
+^^^^^^^^^^^
+.. include:: ../README.rst
+  :start-after: marker-delete-start
+  :end-before: marker-delete-end
+
 Pandas DataFrame
 ^^^^^^^^^^^^^^^^
 .. include:: ../README.rst
   :start-after: marker-pandas-start
   :end-before: marker-pandas-end
 
-Delete data
-^^^^^^^^^^^
+How to use Asyncio
+^^^^^^^^^^^^^^^^^^
 .. include:: ../README.rst
-  :start-after: marker-delete-start
-  :end-before: marker-delete-end
+  :start-after: marker-asyncio-start
+  :end-before: marker-asyncio-end
 
 Gzip support
 ^^^^^^^^^^^^
@@ -40,6 +46,12 @@ Proxy configuration
   :start-after: marker-proxy-start
   :end-before: marker-proxy-end
 
+Authentication
+^^^^^^^^^^^^^^
+.. include:: ../README.rst
+  :start-after: marker-authenticate-start
+  :end-before: marker-authenticate-end
+
 Nanosecond precision
 ^^^^^^^^^^^^^^^^^^^^
 .. include:: ../README.rst
@@ -52,12 +64,6 @@ Handling Errors
   :start-after: marker-handling-errors-start
   :end-before: marker-handling-errors-end
 
-How to use Asyncio
-^^^^^^^^^^^^^^^^^^
-.. include:: ../README.rst
-  :start-after: marker-asyncio-start
-  :end-before: marker-asyncio-end
-
 Logging
 ^^^^^^^
 

influxdb_client/_async/api_client.py

@@ -25,6 +25,9 @@
 from influxdb_client.configuration import Configuration
 import influxdb_client.domain
 from influxdb_client._async import rest
+from influxdb_client import SigninService
+from influxdb_client import SignoutService
+from influxdb_client.rest import _requires_create_user_session, _requires_expire_user_session
 
 
 class ApiClientAsync(object):
@@ -81,6 +84,7 @@ def __init__(self, configuration=None, header_name=None, header_value=None,
 
     async def close(self):
         """Dispose api client."""
+        await self._signout()
         await self.rest_client.close()
         """Dispose pools."""
         if self._pool:
@@ -117,6 +121,7 @@ async def __call_api(
             _preload_content=True, _request_timeout=None, urlopen_kw=None):
 
         config = self.configuration
+        await self._signin(resource_path=resource_path)
 
         # header parameters
         header_params = header_params or {}
@@ -649,3 +654,13 @@ def __deserialize_model(self, data, klass):
             if klass_name:
                 instance = self.__deserialize(data, klass_name)
         return instance
+
+    async def _signin(self, resource_path: str):
+        if _requires_create_user_session(self.configuration, self.cookie, resource_path):
+            http_info = await SigninService(self).post_signin_async()
+            self.cookie = http_info[2]['set-cookie']
+
+    async def _signout(self):
+        if _requires_expire_user_session(self.configuration, self.cookie):
+            await SignoutService(self).post_signout_async()
+            self.cookie = None

influxdb_client/_sync/api_client.py

@@ -25,6 +25,9 @@
 from influxdb_client.configuration import Configuration
 import influxdb_client.domain
 from influxdb_client._sync import rest
+from influxdb_client import SigninService
+from influxdb_client import SignoutService
+from influxdb_client.rest import _requires_create_user_session, _requires_expire_user_session
 
 
 class ApiClient(object):
@@ -81,6 +84,7 @@ def __init__(self, configuration=None, header_name=None, header_value=None,
 
     def __del__(self):
         """Dispose pools."""
+        self._signout()
         if self._pool:
             self._pool.close()
             self._pool.join()
@@ -117,6 +121,7 @@ def __call_api(
             _preload_content=True, _request_timeout=None, urlopen_kw=None):
 
         config = self.configuration
+        self._signin(resource_path=resource_path)
 
         # header parameters
         header_params = header_params or {}
@@ -649,3 +654,13 @@ def __deserialize_model(self, data, klass):
             if klass_name:
                 instance = self.__deserialize(data, klass_name)
         return instance
+
+    def _signin(self, resource_path: str):
+        if _requires_create_user_session(self.configuration, self.cookie, resource_path):
+            http_info = SigninService(self).post_signin_with_http_info()
+            self.cookie = http_info[2]['set-cookie']
+
+    def _signout(self):
+        if _requires_expire_user_session(self.configuration, self.cookie):
+            SignoutService(self).post_signout()
+            self.cookie = None

influxdb_client/client/_base.py

@@ -70,13 +70,20 @@ def __init__(self, url, token, debug=None, timeout=10_000, enable_gzip=False, or
             self.conf.loggers[client_logger] = logging.getLogger(client_logger)
         self.conf.debug = debug
 
-        auth_token = self.token
+        self.conf.username = kwargs.get('username', None)
+        self.conf.password = kwargs.get('password', None)
+        # by token
         self.auth_header_name = "Authorization"
-        self.auth_header_value = "Token " + auth_token
-
+        if self.token:
+            self.auth_header_value = "Token " + self.token
+        # by HTTP basic
         auth_basic = kwargs.get('auth_basic', False)
         if auth_basic:
             self.auth_header_value = "Basic " + base64.b64encode(token.encode()).decode()
+        # by username, password
+        if self.conf.username and self.conf.password:
+            self.auth_header_name = None
+            self.auth_header_value = None
 
         self.retries = kwargs.get('retries', False)
 
@@ -459,6 +466,8 @@ class _Configuration(Configuration):
     def __init__(self):
         Configuration.__init__(self)
         self.enable_gzip = False
+        self.username = None
+        self.password = None
 
     def update_request_header_params(self, path: str, params: dict):
         super().update_request_header_params(path, params)

influxdb_client/client/influxdb_client.py

@@ -24,13 +24,13 @@
 class InfluxDBClient(_BaseClient):
     """InfluxDBClient is client for InfluxDB v2."""
 
-    def __init__(self, url, token, debug=None, timeout=10_000, enable_gzip=False, org: str = None,
+    def __init__(self, url, token: str = None, debug=None, timeout=10_000, enable_gzip=False, org: str = None,
                  default_tags: dict = None, **kwargs) -> None:
         """
         Initialize defaults.
 
         :param url: InfluxDB server API url (ex. http://localhost:8086).
-        :param token: auth token
+        :param token: ``token`` to authenticate to the InfluxDB API
         :param debug: enable verbose logging of http requests
         :param timeout: HTTP client timeout setting for a request specified in milliseconds.
                         If one number provided, it will be total request timeout.
@@ -50,6 +50,8 @@ def __init__(self, url, token, debug=None, timeout=10_000, enable_gzip=False, or
         :key bool auth_basic: Set this to true to enable basic authentication when talking to a InfluxDB 1.8.x that
                               does not use auth-enabled but is protected by a reverse proxy with basic authentication.
                               (defaults to false, don't set to true when talking to InfluxDB 2)
+        :key str username: ``username`` to authenticate via username and password credentials to the InfluxDB 2.x
+        :key str password: ``password`` to authenticate via username and password credentials to the InfluxDB 2.x
         :key list[str] profilers: list of enabled Flux profilers
         """
         super().__init__(url=url, token=token, debug=debug, timeout=timeout, enable_gzip=enable_gzip, org=org,

influxdb_client/client/influxdb_client_async.py

@@ -16,12 +16,13 @@
 class InfluxDBClientAsync(_BaseClient):
     """InfluxDBClientAsync is client for InfluxDB v2."""
 
-    def __init__(self, url, token, org: str = None, debug=None, timeout=10_000, enable_gzip=False, **kwargs) -> None:
+    def __init__(self, url, token: str = None, org: str = None, debug=None, timeout=10_000, enable_gzip=False,
+                 **kwargs) -> None:
         """
         Initialize defaults.
 
         :param url: InfluxDB server API url (ex. http://localhost:8086).
-        :param token: auth token
+        :param token: ``token`` to authenticate to the InfluxDB 2.x
         :param org: organization name (used as a default in Query, Write and Delete API)
         :param debug: enable verbose logging of http requests
         :param timeout: The maximal number of milliseconds for the whole HTTP request including
@@ -39,6 +40,8 @@ def __init__(self, url, token, org: str = None, debug=None, timeout=10_000, enab
         :key bool auth_basic: Set this to true to enable basic authentication when talking to a InfluxDB 1.8.x that
                               does not use auth-enabled but is protected by a reverse proxy with basic authentication.
                               (defaults to false, don't set to true when talking to InfluxDB 2)
+        :key str username: ``username`` to authenticate via username and password credentials to the InfluxDB 2.x
+        :key str password: ``password`` to authenticate via username and password credentials to the InfluxDB 2.x
         :key bool allow_redirects: If set to ``False``, do not follow HTTP redirects. ``True`` by default.
         :key int max_redirects: Maximum number of HTTP redirects to follow. ``10`` by default.
         :key dict client_session_kwargs: Additional configuration arguments for :class:`~aiohttp.ClientSession`

influxdb_client/rest.py

@@ -9,10 +9,10 @@
 Generated by: https://openapi-generator.tech
 """
 
-
 from __future__ import absolute_import
 
 from influxdb_client.client.exceptions import InfluxDBError
+from influxdb_client.configuration import Configuration
 
 _UTF_8_encoding = 'utf-8'
 
@@ -40,7 +40,7 @@ def __init__(self, status=None, reason=None, http_resp=None):
 
     def __str__(self):
         """Get custom error messages for exception."""
-        error_message = "({0})\n"\
+        error_message = "({0})\n" \
                         "Reason: {1}\n".format(self.status, self.reason)
         if self.headers:
             error_message += "HTTP response headers: {0}\n".format(
@@ -50,3 +50,12 @@ def __str__(self):
             error_message += "HTTP response body: {0}\n".format(self.body)
 
         return error_message
+
+
+def _requires_create_user_session(configuration: Configuration, cookie: str, resource_path: str):
+    _unauthorized = ['/api/v2/signin', '/api/v2/signout']
+    return configuration.username and configuration.password and not cookie and resource_path not in _unauthorized
+
+
+def _requires_expire_user_session(configuration: Configuration, cookie: str):
+    return configuration.username and configuration.password and cookie

tests/test_InfluxDBClient.py

@@ -216,11 +216,16 @@ def test_version(self):
 
     def test_version_not_running_instance(self):
         client_not_running = InfluxDBClient("http://localhost:8099", token="my-token", debug=True)
-        with self.assertRaises(NewConnectionError) as cm:
+        with self.assertRaises(NewConnectionError):
             client_not_running.version()
 
         client_not_running.close()
 
+    def test_username_password_authorization(self):
+        self.client.close()
+        self.client = InfluxDBClient(url=self.host, username="my-user", password="my-password", debug=True)
+        self.client.query_api().query("buckets()", "my-org")
+
     def _start_proxy_server(self):
         import http.server
         import urllib.request

tests/test_InfluxDBClientAsync.py

@@ -232,6 +232,11 @@ def test_initialize_out_side_async_context(self):
         self.assertEqual("The async client should be initialised inside async coroutine "
                          "otherwise there can be unexpected behaviour.", e.value.message)
 
+    @async_test
+    async def test_username_password_authorization(self):
+        await self.client.close()
+        self.client = InfluxDBClientAsync(url="http://localhost:8086", username="my-user", password="my-password", debug=True)
+        await self.client.query_api().query("buckets()", "my-org")
 
     async def _prepare_data(self, measurement: str):
         _point1 = Point(measurement).tag("location", "Prague").field("temperature", 25.3)