Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow authentification via 'additional_headers' #267

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion mock_tests/conftest.py
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
import pytest
from pytest_httpserver import HTTPServer
from pytest_httpserver import HTTPServer, HeaderValueMatcher


MOCK_IP = "127.0.0.1"
MOCK_PORT = 23536
CLIENT_ID = "DoesNotMatter"
MOCK_SERVER_URL = "http://" + MOCK_IP + ":" + str(MOCK_PORT)

# pytest_httpserver 'Authorization' HeaderValueMatcher does not work with Bearer tokens.
# Hence, overwrite it with the default header value matcher that just compares for equality.
HeaderValueMatcher.DEFAULT_MATCHERS[
"Authorization"
] = HeaderValueMatcher.default_header_value_matcher


@pytest.fixture(scope="session")
def httpserver_listen_address():
Expand Down
25 changes: 19 additions & 6 deletions mock_tests/test_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -140,17 +140,16 @@ def test_auth_header_without_weaviate_auth(weaviate_mock):

def test_auth_header_with_catchall_proxy(weaviate_mock, recwarn):
"""Test that the client can handle situations in which a proxy returns a catchall page for all requests."""
bearer_token = "OTHER TOKEN"
weaviate_mock.expect_request(
"/v1/schema", headers={"Authorization": "Bearer " + bearer_token}
).respond_with_json({})
weaviate_mock.expect_request("/v1/schema").respond_with_json({})
weaviate_mock.expect_request("/v1/.well-known/openid-configuration").respond_with_data(
"JsonCannotParseThis"
)

client = weaviate.Client(
url=MOCK_SERVER_URL,
additional_headers={"Authorization": "Bearer " + bearer_token},
auth_client_secret=weaviate.AuthClientPassword(
username="test-username", password="test-password"
),
dirkkul marked this conversation as resolved.
Show resolved Hide resolved
)
client.schema.delete_all() # some call that includes authorization

Expand Down Expand Up @@ -206,7 +205,7 @@ def handler(request: Request):
assert str(w.message).startswith("Con001")


def test_with_simple_auth_no_oidc(weaviate_mock, recwarn):
def test_with_simple_auth_no_oidc_via_api_key(weaviate_mock, recwarn):
weaviate_mock.expect_request(
"/v1/schema", headers={"Authorization": "Bearer " + "Super-secret-key"}
).respond_with_json({})
Expand All @@ -219,3 +218,17 @@ def test_with_simple_auth_no_oidc(weaviate_mock, recwarn):

weaviate_mock.check_assertions()
assert len(recwarn) == 0


def test_with_simple_auth_no_oidc_via_additional_headers(weaviate_mock, recwarn):
weaviate_mock.expect_request(
"/v1/schema", headers={"Authorization": "Bearer " + "Super-secret-key"}
).respond_with_json({})

client = weaviate.Client(
url=MOCK_SERVER_URL, additional_headers={"Authorization": "Bearer " + "Super-secret-key"}
)
client.schema.delete_all()

weaviate_mock.check_assertions()
assert len(recwarn) == 0
4 changes: 4 additions & 0 deletions weaviate/connect/connection.py
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,10 @@ def _create_session(self, auth_client_secret: Optional[AuthCredentials]) -> None
self._session = requests.Session()
return

if "authorization" in self._headers and auth_client_secret is None:
self._session = requests.Session()
return

oidc_url = self.url + self._api_version_path + "/.well-known/openid-configuration"
response = requests.get(
oidc_url,
Expand Down