IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow Dogtag RestClient to perform requests without logging in

Browse Source 
Currently the Dogtag RestClient '_ssldo' method requires a session
cookie unconditionally, however, not all REST methods require a
session: some do not require authentication at all, and some will
authenticate the agent on the fly.

To avoid unnecessary login/logout requests via the context manager,
add the 'use_session' keyword argument to '_ssldo'.  It defaults to
'True' to preserve existing behaviour (session required) but a
caller can set to 'False' to avoid the requirement.

Part of: https://fedorahosted.org/freeipa/ticket/6260
Part of: https://fedorahosted.org/freeipa/ticket/3473

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-08-26 08:59:10 +10:00 committed by Martin Babinsky
parent b7b6faf14a
commit 2a42a7e90e
1 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
ipaserver/plugins/dogtag.py
View File

@ -2071,26 +2071,38 @@ class RestClient(Backend):
) )
self.cookie = None self.cookie = None
def _ssldo(self, method, path, headers=None, body=None): def _ssldo(self, method, path, headers=None, body=None, use_session=True):
""" """
:param url: The URL to post to. Perform an HTTPS request.
:param kw: Keyword arguments to encode into POST body.
:param method: HTTP method to use
:param path: Path component. This will *extend* the path defined for
the class (if any).
:param headers: Additional headers to include in the request.
:param body: Request body.
:param use_session: If ``True``, session cookie is added to request
(client must be logged in).
:return: (http_status, http_headers, http_body) :return: (http_status, http_headers, http_body)
as (integer, dict, str) as (integer, dict, str)
Perform an HTTPS request :raises: ``RemoteRetrieveError`` if ``use_session`` is not ``False``
and client is not logged in.
""" """
headers = headers or {}
if use_session:
if self.cookie is None: if self.cookie is None:
raise errors.RemoteRetrieveError( raise errors.RemoteRetrieveError(
reason=_("REST API is not logged in.")) reason=_("REST API is not logged in."))
headers = headers or {}
headers['Cookie'] = self.cookie headers['Cookie'] = self.cookie
resource = '/ca/rest'
if self.path is not None:
resource = os.path.join(resource, self.path)
if path is not None: if path is not None:
resource = os.path.join('/ca/rest', self.path, path) resource = os.path.join(resource, path)
else:
resource = os.path.join('/ca/rest', self.path)
# perform main request # perform main request
status, resp_headers, resp_body = dogtag.https_request( status, resp_headers, resp_body = dogtag.https_request(