Skip to content

Commit

Permalink
fix(plugins): add ssl_verify where necessary and remove where unneces…
Browse files Browse the repository at this point in the history 
…sary (#1289)
  • Loading branch information
@jlahovnik
jlahovnik authored Aug 9, 2024
1 parent e864f53 commit 0af86ad
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 17 deletions.
4 changes: 4 additions & 0 deletions eodag/plugins/authentication/keycloak.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ def _request_new_token(self) -> Dict[str, Any]:
"grant_type": self.GRANT_TYPE,
}
credentials = {k: v for k, v in self.config.credentials.items()}
ssl_verify = getattr(self.config, "ssl_verify", True)
try:
response = self.session.post(
self.TOKEN_URL_TEMPLATE.format(
Expand All @@ -126,6 +127,7 @@ def _request_new_token(self) -> Dict[str, Any]:
data=dict(req_data, **credentials),
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
)
response.raise_for_status()
except requests.exceptions.Timeout as exc:
Expand All @@ -142,6 +144,7 @@ def _get_token_with_refresh_token(self) -> Dict[str, str]:
"grant_type": "refresh_token",
"refresh_token": self.token_info["refresh_token"],
}
ssl_verify = getattr(self.config, "ssl_verify", True)
try:
response = self.session.post(
self.TOKEN_URL_TEMPLATE.format(
Expand All @@ -151,6 +154,7 @@ def _get_token_with_refresh_token(self) -> Dict[str, str]:
data=req_data,
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
)
response.raise_for_status()
except requests.RequestException as e:
Expand Down
14 changes: 13 additions & 1 deletion eodag/plugins/authentication/openid_connect.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -336,10 +336,12 @@ def _get_token_with_refresh_token(self) -> Dict[str, str]:
post_request_kwargs: Any = {
self.config.token_exchange_post_data_method: token_data
}
ssl_verify = getattr(self.config, "ssl_verify", True)
try:
token_response = self.session.post(
self.config.token_uri,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
**post_request_kwargs,
)
token_response.raise_for_status()
Expand All @@ -363,11 +365,13 @@ def authenticate_user(self, state: str) -> Response:
"state": state,
"redirect_uri": self.config.redirect_uri,
}
ssl_verify = getattr(self.config, "ssl_verify", True)
authorization_response = self.session.get(
self.config.authorization_uri,
params=params,
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
)

login_document = etree.HTML(authorization_response.text)
Expand Down Expand Up @@ -401,7 +405,11 @@ def authenticate_user(self, state: str) -> Response:
if not auth_uri:
raise MisconfiguredError("authentication_uri is missing")
return self.session.post(
auth_uri, data=login_data, headers=USER_AGENT, timeout=HTTP_REQ_TIMEOUT
auth_uri,
data=login_data,
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
)

def grant_user_consent(self, authentication_response: Response) -> Response:
Expand All @@ -415,11 +423,13 @@ def grant_user_consent(self, authentication_response: Response) -> Response:
key: self._constant_or_xpath_extracted(value, user_consent_form)
for key, value in self.config.user_consent_form_data.items()
}
ssl_verify = getattr(self.config, "ssl_verify", True)
return self.session.post(
self.config.authorization_uri,
data=user_consent_data,
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
)

def _prepare_token_post_data(self, token_data: Dict[str, Any]) -> Dict[str, Any]:
Expand Down Expand Up @@ -467,10 +477,12 @@ def exchange_code_for_token(self, authorized_url: str, state: str) -> Response:
post_request_kwargs: Any = {
self.config.token_exchange_post_data_method: token_exchange_data
}
ssl_verify = getattr(self.config, "ssl_verify", True)
r = self.session.post(
self.config.token_uri,
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
**post_request_kwargs,
)
return r
Expand Down
3 changes: 3 additions & 0 deletions eodag/plugins/authentication/token.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ def _token_request(
req_kwargs: Dict[str, Any] = {
"headers": dict(self.config.headers, **USER_AGENT)
}
ssl_verify = getattr(self.config, "ssl_verify", True)

if self.refresh_token:
logger.debug("fetching access token with refresh token")
Expand All @@ -135,6 +136,7 @@ def _token_request(
self.config.refresh_uri,
data={"refresh_token": self.refresh_token},
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
**req_kwargs,
)
response.raise_for_status()
Expand Down Expand Up @@ -170,6 +172,7 @@ def _token_request(
method=method,
url=self.config.auth_uri,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
**req_kwargs,
)

Expand Down
2 changes: 2 additions & 0 deletions eodag/plugins/authentication/token_exchange.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,14 @@ def authenticate(self) -> CodeAuthorizedAuth:
"audience": self.config.audience,
}
logger.debug("Getting target auth token")
ssl_verify = getattr(self.config, "ssl_verify", True)
try:
auth_response = self.subject.session.post(
self.config.token_uri,
data=auth_data,
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=ssl_verify,
)
auth_response.raise_for_status()
except requests.exceptions.Timeout as exc:
Expand Down
16 changes: 0 additions & 16 deletions eodag/resources/providers.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
api: !plugin
type: UsgsApi
need_auth: true
google_base_url: 'http://storage.googleapis.com/earthengine-public/landsat/'
pagination:
max_items_per_page: 5000
total_items_nb_key_path: '$.totalHits'
Expand Down Expand Up @@ -539,7 +538,6 @@
- productPath
auth: !plugin
type: AwsAuth
ssl_verify: true

---
!provider # MARK: theia
Expand Down Expand Up @@ -875,8 +873,6 @@
issuerId: peps
auth: !plugin
type: GenericAuth
auth_uri: 'https://peps.cnes.fr/resto/api/users/connect'
ssl_verify: true
---
!provider # MARK: creodias
name: creodias
Expand Down Expand Up @@ -1562,7 +1558,6 @@
Content-Type: application/json
auth: !plugin
type: GenericAuth
ssl_verify: true

---
!provider # MARK: astraea_eod
Expand Down Expand Up @@ -1691,7 +1686,6 @@
- tilePath
auth: !plugin
type: AwsAuth
ssl_verify: true

---
!provider # MARK: usgs_satapi_aws
Expand Down Expand Up @@ -1752,7 +1746,6 @@
ssl_verify: true
auth: !plugin
type: AwsAuth
ssl_verify: true

---
!provider # MARK: earth_search
Expand Down Expand Up @@ -1855,7 +1848,6 @@
- tilePath
auth: !plugin
type: AwsAuth
ssl_verify: true

---
!provider # MARK: earth_search_cog
Expand Down Expand Up @@ -1978,7 +1970,6 @@
default_bucket: 'gcp-public-data-sentinel-2'
auth: !plugin
type: AwsAuth
ssl_verify: true
---
!provider # MARK: ecmwf
name: ecmwf
Expand All @@ -1990,8 +1981,6 @@
api: !plugin
type: EcmwfApi
api_endpoint: https://api.ecmwf.int/v1
extract: false
ssl_verify: true
metadata_mapping:
productType: '$.productType'
title: '$.id'
Expand Down Expand Up @@ -2215,7 +2204,6 @@
auth: !plugin
type: GenericAuth
method: basic
ssl_verify: true
download: !plugin
type: HTTPDownload
timeout: 30
Expand Down Expand Up @@ -2745,7 +2733,6 @@
auth: !plugin
type: GenericAuth
method: basic
ssl_verify: true
download: !plugin
type: HTTPDownload
timeout: 30
Expand Down Expand Up @@ -3758,7 +3745,6 @@
auth: !plugin
type: GenericAuth
method: basic
ssl_verify: true
---
!provider # MARK: meteoblue
name: meteoblue
Expand Down Expand Up @@ -4332,7 +4318,6 @@
ssl_verify: true
auth: !plugin
type: HTTPHeaderAuth
ssl_verify: true
headers:
X-API-Key: "{apikey}"

Expand Down Expand Up @@ -6513,7 +6498,6 @@
auth: !plugin
type: AwsAuth
auth_error_code: 403
ssl_verify: true
products:
# S1
S1_SAR_RAW:
Expand Down
9 changes: 9 additions & 0 deletions tests/units/test_auth_plugins.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1419,6 +1419,7 @@ def test_plugins_auth_codeflowauth_get_token_with_refresh_token_ok(
mock.ANY,
auth_plugin.config.token_uri,
timeout=HTTP_REQ_TIMEOUT,
verify=True,
**post_request_kwargs,
)
mock_request_new_token.assert_not_called()
Expand Down Expand Up @@ -1475,6 +1476,7 @@ def test_plugins_auth_codeflowauth_grant_user_consent(
data={"const_key": "const_value", "xpath_key": "additional value"},
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=True,
)

@mock.patch(
Expand Down Expand Up @@ -1526,6 +1528,7 @@ def test_plugins_auth_codeflowauth_authenticate_user_no_action(
},
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=True,
)

@mock.patch(
Expand Down Expand Up @@ -1576,6 +1579,7 @@ def test_plugins_auth_codeflowauth_authenticate_user_no_authentication_uri(
},
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=True,
)

@mock.patch(
Expand Down Expand Up @@ -1627,6 +1631,7 @@ def test_plugins_auth_codeflowauth_authenticate_user_ok(
},
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=True,
)
# Second request: post to the authentication URI
mock_requests_post.assert_called_once_with(
Expand All @@ -1639,6 +1644,7 @@ def test_plugins_auth_codeflowauth_authenticate_user_ok(
},
headers=USER_AGENT,
timeout=HTTP_REQ_TIMEOUT,
verify=True,
)
# authenticate_user returns the authentication response
self.assertEqual(mock_requests_post.return_value, auth_response)
Expand Down Expand Up @@ -1699,6 +1705,7 @@ def test_plugins_auth_codeflowauth_exchange_code_for_token_ok(
"state": state,
"grant_type": "authorization_code",
},
verify=True,
)

@mock.patch(
Expand Down Expand Up @@ -1745,6 +1752,7 @@ def test_plugins_auth_codeflowauth_exchange_code_for_token_client_secret_ok(
"state": state,
"grant_type": "authorization_code",
},
verify=True,
)

@mock.patch(
Expand Down Expand Up @@ -1790,4 +1798,5 @@ def test_plugins_auth_codeflowauth_exchange_code_for_token_exchange_params_ok(
"state": state,
"grant_type": "authorization_code",
},
verify=True,
)

0 comments on commit 0af86ad

Please sign in to comment.