Allow Dogtag RestClient to perform requests without logging in

Currently the Dogtag RestClient '_ssldo' method requires a session cookie unconditionally, however, not all REST methods require a session: some do not require authentication at all, and some will authenticate the agent on the fly. To avoid unnecessary login/logout requests via the context manager, add the 'use_session' keyword argument to '_ssldo'. It defaults to 'True' to preserve existing behaviour (session required) but a caller can set to 'False' to avoid the requirement. Part of: https://fedorahosted.org/freeipa/ticket/6260 Part of: https://fedorahosted.org/freeipa/ticket/3473 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-08-26 08:59:10 +10:00 · 2016-08-26 08:59:10 +10:00 · 2a42a7e90e
commit 2a42a7e90e
parent b7b6faf14a
1 changed files with 24 additions and 12 deletions
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@ -2071,26 +2071,38 @@ class RestClient(Backend):
        )
        self.cookie = None

-    def _ssldo(self, method, path, headers=None, body=None):
+    def _ssldo(self, method, path, headers=None, body=None, use_session=True):
        """
-        :param url: The URL to post to.
-        :param kw:  Keyword arguments to encode into POST body.
+        Perform an HTTPS request.
+
+        :param method: HTTP method to use
+        :param path: Path component. This will *extend* the path defined for
+            the class (if any).
+        :param headers: Additional headers to include in the request.
+        :param body: Request body.
+        :param use_session: If ``True``, session cookie is added to request
+            (client must be logged in).
+
        :return:   (http_status, http_headers, http_body)
                   as (integer, dict, str)

-        Perform an HTTPS request
+        :raises: ``RemoteRetrieveError`` if ``use_session`` is not ``False``
+            and client is not logged in.
+
        """
+        headers = headers or {}
+
+        if use_session:
            if self.cookie is None:
                raise errors.RemoteRetrieveError(
                    reason=_("REST API is not logged in."))
-
-        headers = headers or {}
            headers['Cookie'] = self.cookie

+        resource = '/ca/rest'
+        if self.path is not None:
+            resource = os.path.join(resource, self.path)
        if path is not None:
-            resource = os.path.join('/ca/rest', self.path, path)
-        else:
-            resource = os.path.join('/ca/rest', self.path)
+            resource = os.path.join(resource, path)

        # perform main request
        status, resp_headers, resp_body = dogtag.https_request(