Add support for htdigest auth when using CORE webservices API

2023-05-22 21:34:46 -05:00 · 2023-05-22 21:34:46 -05:00 · d58426c073
parent 757fb50a96
commit d58426c073
1 changed files with 35 additions and 19 deletions
--- a/corepos/api.py
+++ b/corepos/api.py
@ -2,7 +2,7 @@
 ################################################################################
 #
 #  pyCOREPOS -- Python Interface to CORE POS
-#  Copyright © 2018-2021 Lance Edgar
+#  Copyright © 2018-2023 Lance Edgar
 #
 #  This file is part of pyCOREPOS.
 #
@ -28,6 +28,7 @@ import json
 import logging

 import requests
+from requests.auth import HTTPDigestAuth


 log = logging.getLogger(__name__)
@ -48,27 +49,42 @@ class CoreAPIError(Exception):
 class CoreWebAPI(object):
    """
    Client implementation for the CORE webservices API.
+
+    :param str url: URL to the CORE webservices API,
+       e.g. ``'http://localhost/fannie/ws/'``
+
+    :param bool verify: How to handle certificate validation for HTTPS
+       URLs.  This value is passed as-is to the ``requests`` library,
+       so see those docs for more info.  The default value for this is
+       ``True`` because the assumption is that security should be on
+       by default.  Set it to ``False`` in order to disable validation
+       entirely, e.g. for self-signed certs.  (This may also be needed
+       for basic HTTP URLs?)  Other values may be possible also; again
+       see the ``requests`` docs for more info.
+
+    :param htdigest_username: Username for htdigest authentication, if
+       applicable.
+
+    :param htdigest_password: Password for htdigest authentication, if
+       applicable.
    """

-    def __init__(self, url, verify=True):
-        """
-        Constructor for the API client.
-
-        :param str url: URL to the CORE webservices API,
-           e.g. ``'http://localhost/fannie/ws/'``
-
-        :param bool verify: How to handle certificate validation for HTTPS
-           URLs.  This value is passed as-is to the ``requests`` library, so
-           see those docs for more info.  The default value for this is
-           ``True`` because the assumption is that security should be on by
-           default.  Set it to ``False`` in order to disable validation
-           entirely, e.g. for self-signed certs.  (This may also be needed for
-           basic HTTP URLs?)  Other values may be possible also; again see the
-           ``requests`` docs for more info.
-        """
+    def __init__(
+            self,
+            url,
+            verify=True,
+            htdigest_username=None,
+            htdigest_password=None,
+    ):
        self.url = url
        self.verify = verify

+        self.session = requests.Session()
+
+        if htdigest_username and htdigest_password:
+            self.session.auth = HTTPDigestAuth(htdigest_username,
+                                               htdigest_password)
+
    def post(self, params, method=None):
        """
        Issue a POST request to the API, with the given ``params``.  If not
@ -88,8 +104,8 @@ class CoreWebAPI(object):
            'id': 1,
        }

-        response = requests.post(self.url, data=json.dumps(payload),
-                                 verify=self.verify)
+        response = self.session.post(self.url, data=json.dumps(payload),
+                                     verify=self.verify)
        response.raise_for_status()
        return response