Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update authentication mechanism #222

Open
huard opened this issue Apr 27, 2023 · 5 comments
Open

Update authentication mechanism #222

huard opened this issue Apr 27, 2023 · 5 comments

Comments

@huard
Copy link
Contributor

huard commented Apr 27, 2023

Description

In owslib, the use of "username", "password", "verify", and "cert" is deprecated. Use the "auth" keyword during class instantiation. These keywords will be removed in a future release.

Environment

  • Birdy version used, if any: 0.8.1
@huard
Copy link
Contributor Author

huard commented Apr 27, 2023

@fmigneault I don't see any test for the auth mechanism in the WPSClient. Do you where this is used so I can make sure I'm not breaking anything while fixing this?

@fmigneault
Copy link

@huard
I'm not sure about birdy. I've not been using it.
However, in Weaver I'm passing around the headers (https://github.com/crim-ca/weaver/blob/master/weaver/wps/utils.py#L262-L275) instead of relying on auth because it only supports basic auth with username/password, while Magpie uses cookies.
If anything, owslib should allow a custom auth handler similar to what requests does to support any kind of auth method.

@fmigneault
Copy link

Looks like this is what is already being done here also:

birdy/birdy/client/base.py

Lines 107 to 131 in 7398c8a

if auth is not None:
if isinstance(auth, tuple) and len(auth) == 2:
# special-case basic HTTP auth
auth = requests.auth.HTTPBasicAuth(*auth)
# We only need some headers from the requests.auth.AuthBase implementation
# We prepare a dummy request, call the auth object with it, and get its headers
dummy_request = requests.Request("get", "http://localhost")
r = auth(dummy_request.prepare())
auth_headers = ["Authorization", "Proxy-Authorization", "Cookie"]
headers.update({h: r.headers[h] for h in auth_headers if h in r.headers})
self._wps = WebProcessingService(
url,
version=version,
username=username,
password=password,
verbose=verbose,
headers=headers,
verify=verify,
cert=cert,
skip_caps=True,
language=language,
)

@huard
Copy link
Contributor Author

huard commented Apr 27, 2023

Yep, this is exactly the bit of code that I want to test.

If anything, owslib should allow a custom auth handler similar to what requests does to support any kind of auth method.

I think that's what the auth_delegate parameter does, and I'd like to test it.

@fmigneault
Copy link

You could try registering a duplicate WPS in Magpie, and make it protected except for a certain user.
Then, use https://github.com/Ouranosinc/requests-magpie to pass the auth parameter to WPSClient.
If the GetCapabilities resolves when using the correct user, and blocked otherwise, that would make a good validation test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants