Skip to content

Commit bd44eed

Browse files
#2219 Improved employee auth to work better on dev servers and fixed REST api auth
1 parent 78a18ef commit bd44eed

File tree

6 files changed

+35
-22
lines changed

6 files changed

+35
-22
lines changed

SoftLayer/API.py

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@
4646
'raw_headers',
4747
'limit',
4848
'offset',
49-
'verify',
49+
'verify'
5050
))
5151

5252

@@ -182,7 +182,7 @@ def employee_client(username=None,
182182
verify=None,
183183
config_file=config_file)
184184

185-
url = settings.get('endpoint_url')
185+
url = settings.get('endpoint_url', '')
186186
verify = settings.get('verify', True)
187187

188188
if 'internal' not in url:
@@ -374,7 +374,6 @@ def call(self, service, method, *args, **kwargs):
374374
request.url = self.settings['softlayer'].get('endpoint_url')
375375
if kwargs.get('verify') is not None:
376376
request.verify = kwargs.get('verify')
377-
378377
if self.auth:
379378
request = self.auth.get_request(request)
380379

@@ -495,7 +494,7 @@ def __setAuth(self, auth=None):
495494
"""Prepares the authentication property"""
496495
if auth is None:
497496
auth_cert = self.settings['softlayer'].get('auth_cert')
498-
serv_cert = self.settings['softlayer'].get('server_cert', None)
497+
serv_cert = self.settings['softlayer'].get('verify', True)
499498
auth = slauth.X509Authentication(auth_cert, serv_cert)
500499
self.auth = auth
501500

@@ -712,8 +711,8 @@ def authenticate_with_internal(self, username, password, security_token=None):
712711
if len(security_token) != 6:
713712
raise exceptions.SoftLayerAPIError("Invalid security token: {}".format(security_token))
714713

715-
auth_result = self.call('SoftLayer_User_Employee', 'performExternalAuthentication',
716-
username, password, security_token)
714+
self.auth = slauth.BasicHTTPAuthentication(username, password)
715+
auth_result = self.call('SoftLayer_User_Employee', 'getEncryptedSessionToken', security_token)
717716

718717
self.settings['softlayer']['access_token'] = auth_result['hash']
719718
self.settings['softlayer']['userid'] = str(auth_result['userId'])

SoftLayer/CLI/login.py

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -30,16 +30,15 @@ def cli(env):
3030
username = settings.get('username') or os.environ.get('SLCLI_USER', None)
3131
password = os.environ.get('SLCLI_PASSWORD', '')
3232
yubi = None
33-
client = employee_client(config_file=env.config_file)
3433

3534
# Might already be logged in, try and refresh token
3635
if settings.get('access_token') and settings.get('userid'):
37-
client.authenticate_with_hash(settings.get('userid'), settings.get('access_token'))
36+
env.client.authenticate_with_hash(settings.get('userid'), settings.get('access_token'))
3837
try:
3938
emp_id = settings.get('userid')
40-
client.call('SoftLayer_User_Employee', 'getObject', id=emp_id, mask="mask[id,username]")
41-
client.refresh_token(emp_id, settings.get('access_token'))
42-
client.call('SoftLayer_User_Employee', 'refreshEncryptedToken', settings.get('access_token'), id=emp_id)
39+
env.client.call('SoftLayer_User_Employee', 'getObject', id=emp_id, mask="mask[id,username]")
40+
env.client.refresh_token(emp_id, settings.get('access_token'))
41+
env.client.call('SoftLayer_User_Employee', 'refreshEncryptedToken', settings.get('access_token'), id=emp_id)
4342

4443
config_settings['softlayer'] = settings
4544
config.write_config(config_settings, env.config_file)
@@ -52,13 +51,12 @@ def cli(env):
5251
click.echo("URL: {}".format(url))
5352
if username is None:
5453
username = input("Username: ")
55-
click.echo("Username: {}".format(username))
5654
if not password:
57-
password = env.getpass("Password: ")
58-
click.echo("Password: {}".format(censor_password(password)))
55+
password = env.getpass("Password: ", default="")
5956
yubi = input("Yubi: ")
57+
6058
try:
61-
result = client.authenticate_with_internal(username, password, str(yubi))
59+
result = env.client.authenticate_with_internal(username, password, str(yubi))
6260
print(result)
6361
# pylint: disable=broad-exception-caught
6462
except Exception as e:

SoftLayer/auth.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
66
:license: MIT, see LICENSE for more details.
77
"""
8-
8+
import os
99

1010
__all__ = [
1111
'BasicAuthentication',
@@ -89,7 +89,7 @@ def get_request(self, request):
8989
return request
9090

9191
def __repr__(self):
92-
return "BasicAuthentication(username=%r)" % self.username
92+
return f"BasicAuthentication(username={self.username})"
9393

9494

9595
class BasicHTTPAuthentication(AuthenticationBase):
@@ -110,7 +110,7 @@ def get_request(self, request):
110110
return request
111111

112112
def __repr__(self):
113-
return "BasicHTTPAuthentication(username=%r)" % self.username
113+
return f"BasicHTTPAuthentication(username={self.username}"
114114

115115

116116
class BearerAuthentication(AuthenticationBase):
@@ -149,7 +149,7 @@ class X509Authentication(AuthenticationBase):
149149
"""
150150

151151
def __init__(self, cert, ca_cert):
152-
self.cert = cert
152+
self.cert = os.path.expanduser(cert)
153153
self.ca_cert = ca_cert
154154

155155
def get_request(self, request):

SoftLayer/transports/rest.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,9 @@ def __call__(self, request):
7676

7777
request.params = params
7878

79+
# This handles any edge cases on the REST api.
80+
request.special_rest_params()
81+
7982
auth = None
8083
if request.transport_user:
8184
auth = requests.auth.HTTPBasicAuth(
@@ -110,7 +113,6 @@ def __call__(self, request):
110113
# Prefer the request setting, if it's not None
111114
if request.verify is None:
112115
request.verify = self.verify
113-
114116
try:
115117
resp = self.client.request(method, request.url,
116118
auth=auth,
@@ -163,6 +165,8 @@ def print_reproduceable(request):
163165
164166
:param request request: Request object
165167
"""
168+
# This handles any edge cases on the REST api.
169+
request.special_rest_params()
166170
command = "curl -u $SL_USER:$SL_APIKEY -X {method} -H {headers} {data} '{uri}'"
167171

168172
method = REST_SPECIAL_METHODS.get(request.method)

SoftLayer/transports/transport.py

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,13 +103,25 @@ def __repr__(self):
103103
pretty_filter = self.filter
104104
clean_args = self.args
105105
# Passwords can show up here, so censor them before logging.
106-
if self.method in ["performExternalAuthentication", "refreshEncryptedToken", "getPortalLoginToken"]:
106+
if self.method in ["performExternalAuthentication", "refreshEncryptedToken",
107+
"getPortalLoginToken", "getEncryptedSessionToken"]:
107108
clean_args = "*************"
108109
param_string = (f"id={self.identifier}, mask='{pretty_mask}', filter='{pretty_filter}', args={clean_args}, "
109110
f"limit={self.limit}, offset={self.offset}")
110111
return "{service}::{method}({params})".format(
111112
service=self.service, method=self.method, params=param_string)
112113

114+
def special_rest_params(self):
115+
"""This method is to handle the edge case of SoftLayer_User_Employee::getEncryptedSessionToken
116+
117+
Added this method here since it was a little easier to change the data as needed this way.
118+
"""
119+
if len(self.args) == 0 or self.params:
120+
return None
121+
if self.method == "getEncryptedSessionToken" and self.service == "SoftLayer_User_Employee":
122+
self.params = {"remoteToken": self.args[0]}
123+
self.args = []
124+
113125

114126
class SoftLayerListResult(list):
115127
"""A SoftLayer API list result."""

docs/requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
sphinx_rtd_theme==3.0.2
2-
sphinx==8.2.1
2+
sphinx==8.2.3
33
sphinx-click==6.0.0
44
click
55
prettytable

0 commit comments

Comments
 (0)