diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-08-26 08:59:10 +1000 |
|---|---|---|
| committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-09-07 12:49:28 +0200 |
| commit | 2a42a7e90eb8154a6722ae93d93f8cf6796f4a21 (patch) | |
| tree | d45d128c68fc30658095e18bdfe7a891ad80094f | |
| parent | b7b6faf14aaa8ac677ab9ebc2bcbf87e6b2a1146 (diff) | |
| download | freeipa-2a42a7e90eb8154a6722ae93d93f8cf6796f4a21.tar.gz freeipa-2a42a7e90eb8154a6722ae93d93f8cf6796f4a21.tar.xz freeipa-2a42a7e90eb8154a6722ae93d93f8cf6796f4a21.zip | |
Allow Dogtag RestClient to perform requests without logging in
Currently the Dogtag RestClient '_ssldo' method requires a session
cookie unconditionally, however, not all REST methods require a
session: some do not require authentication at all, and some will
authenticate the agent on the fly.
To avoid unnecessary login/logout requests via the context manager,
add the 'use_session' keyword argument to '_ssldo'. It defaults to
'True' to preserve existing behaviour (session required) but a
caller can set to 'False' to avoid the requirement.
Part of: https://fedorahosted.org/freeipa/ticket/6260
Part of: https://fedorahosted.org/freeipa/ticket/3473
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
| -rw-r--r-- | ipaserver/plugins/dogtag.py | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 01e5f1383..f3fb2703f 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -2071,26 +2071,38 @@ class RestClient(Backend): ) self.cookie = None - def _ssldo(self, method, path, headers=None, body=None): + def _ssldo(self, method, path, headers=None, body=None, use_session=True): """ - :param url: The URL to post to. - :param kw: Keyword arguments to encode into POST body. + Perform an HTTPS request. + + :param method: HTTP method to use + :param path: Path component. This will *extend* the path defined for + the class (if any). + :param headers: Additional headers to include in the request. + :param body: Request body. + :param use_session: If ``True``, session cookie is added to request + (client must be logged in). + :return: (http_status, http_headers, http_body) as (integer, dict, str) - Perform an HTTPS request - """ - if self.cookie is None: - raise errors.RemoteRetrieveError( - reason=_("REST API is not logged in.")) + :raises: ``RemoteRetrieveError`` if ``use_session`` is not ``False`` + and client is not logged in. + """ headers = headers or {} - headers['Cookie'] = self.cookie + if use_session: + if self.cookie is None: + raise errors.RemoteRetrieveError( + reason=_("REST API is not logged in.")) + headers['Cookie'] = self.cookie + + resource = '/ca/rest' + if self.path is not None: + resource = os.path.join(resource, self.path) if path is not None: - resource = os.path.join('/ca/rest', self.path, path) - else: - resource = os.path.join('/ca/rest', self.path) + resource = os.path.join(resource, path) # perform main request status, resp_headers, resp_body = dogtag.https_request( |