Skip to content

Commit

Permalink
Drop support for winrm.
Browse files Browse the repository at this point in the history 
 - Indicate so in the HISTORY file.
 - Bump version (though we're on 0.x, so we're only bumping the minor
   version)
 - Change the argument order for generate_request_header to make the
   changes minimally invasive.
  • Loading branch information
@mkomitee
mkomitee committed Jul 1, 2019
1 parent 7f4327b commit 3e3da1c
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 10 deletions.
8 changes: 8 additions & 0 deletions HISTORY.rst
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
History
=======

0.14.0.dev0: 2019-07-01
-----------------------

- Dropped winrm support. The kerberos context is now attached to response
objects so applications like winrm can be implemented external to
requests-kerberos.
- Corrected a concurrency issue exposed by threaded applications.

0.12.0: 2017-12-20
------------------------

Expand Down
2 changes: 1 addition & 1 deletion requests_kerberos/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,4 @@

__all__ = ('HTTPKerberosAuth', 'MutualAuthenticationError', 'REQUIRED',
'OPTIONAL', 'DISABLED')
__version__ = '0.13.0.dev0'
__version__ = '0.14.0.dev0'
25 changes: 22 additions & 3 deletions requests_kerberos/kerberos_.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ def __init__(
self.cbt_binding_tried = False
self.cbt_struct = None

def generate_request_header(self, host, request=None, response=None, is_preemptive=False):
def generate_request_header(self, response, host, request=None, is_preemptive=False):
"""
Generates the GSSAPI authentication token with kerberos.
Expand Down Expand Up @@ -262,7 +262,7 @@ def authenticate_user(self, response, **kwargs):
host = urlparse(response.url).hostname

try:
auth_header = self.generate_request_header(host, response=response)
auth_header = self.generate_request_header(response, host)
except KerberosExchangeError:
# GSS Failure, return existing response
return response
Expand Down Expand Up @@ -426,13 +426,32 @@ def deregister(self, response):
"""Deregisters the response handler"""
response.request.deregister_hook('response', self.handle_response)

def wrap_winrm(self, host, message):
raise NotImplementedError(
"WinRM encryption is no longer supported. The established "
"kerberos is now made available on the returned response objects "
"with the attribute named 'requests_kerberos_context' so WinRM "
"and other similar applications can be implemented external to "
"requests_kerberos."
)

def unwrap_winrm(self, host, message, header):
raise NotImplementedError(
"WinRM encryption is no longer supported. The established "
"kerberos is now made available on the returned response objects "
"with the attribute named 'requests_kerberos_context' so WinRM "
"and other similar applications can be implemented external to "
"requests_kerberos."
)


def __call__(self, request):
if self.force_preemptive and not self.auth_done:
# add Authorization header before we receive a 401
# by the 401 handler
host = urlparse(request.url).hostname

auth_header = self.generate_request_header(host, request=request, is_preemptive=True)
auth_header = self.generate_request_header(None, host, request=request, is_preemptive=True)

log.debug("HTTPKerberosAuth: Preemptive Authorization header: {0}".format(auth_header))

Expand Down
12 changes: 6 additions & 6 deletions tests/test_requests_kerberos.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ def test_generate_request_header(self):
host = urlparse(response.url).hostname
auth = requests_kerberos.HTTPKerberosAuth()
self.assertEqual(
auth.generate_request_header(host, response=response),
auth.generate_request_header(response, host),
"Negotiate GSSRESPONSE"
)
clientInit_complete.assert_called_with(
Expand All @@ -138,7 +138,7 @@ def test_generate_request_header_init_error(self):
host = urlparse(response.url).hostname
auth = requests_kerberos.HTTPKerberosAuth()
self.assertRaises(requests_kerberos.exceptions.KerberosExchangeError,
auth.generate_request_header, host, response=response,
auth.generate_request_header, response, host
)
clientInit_error.assert_called_with(
"[email protected]",
Expand All @@ -160,7 +160,7 @@ def test_generate_request_header_step_error(self):
host = urlparse(response.url).hostname
auth = requests_kerberos.HTTPKerberosAuth()
self.assertRaises(requests_kerberos.exceptions.KerberosExchangeError,
auth.generate_request_header, host, response=response,
auth.generate_request_header, response, host
)
clientInit_complete.assert_called_with(
"[email protected]",
Expand Down Expand Up @@ -568,7 +568,7 @@ def test_generate_request_header_custom_service(self):
response.headers = {'www-authenticate': 'negotiate token'}
host = urlparse(response.url).hostname
auth = requests_kerberos.HTTPKerberosAuth(service="barfoo")
auth.generate_request_header(host, response=response),
auth.generate_request_header(response, host)
clientInit_complete.assert_called_with(
"[email protected]",
gssflags=(
Expand Down Expand Up @@ -633,7 +633,7 @@ def test_principal_override(self):
response.headers = {'www-authenticate': 'negotiate token'}
host = urlparse(response.url).hostname
auth = requests_kerberos.HTTPKerberosAuth(principal="user@REALM")
auth.generate_request_header(host, response=response)
auth.generate_request_header(response, host)
clientInit_complete.assert_called_with(
"[email protected]",
gssflags=(
Expand All @@ -651,7 +651,7 @@ def test_realm_override(self):
response.headers = {'www-authenticate': 'negotiate token'}
host = urlparse(response.url).hostname
auth = requests_kerberos.HTTPKerberosAuth(hostname_override="otherhost.otherdomain.org")
auth.generate_request_header(host, response=response)
auth.generate_request_header(response, host)
clientInit_complete.assert_called_with(
"[email protected]",
gssflags=(
Expand Down

0 comments on commit 3e3da1c

Please sign in to comment.