Make following redirects opt in (#118)

* Make following redirects opt in Following the example from `curl`, requests will now only follow redirects if the `-L` or `--location` flag is provided. Signed requests will error on most redirects to other AWS services because the redirect uri no longer matches the canonical uri in the signed request. Closes #117 * Add allow_redirects to mock Co-authored-by: Chad Nelson <chadbnelson@gmail.com>
okigan · Jun 26, 2021 · be28cdf · be28cdf
1 parent c51bf9a
commit be28cdf
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/awscurl/awscurl.py b/awscurl/awscurl.py
@@ -65,7 +65,8 @@ def make_request(method,
                  secret_key,
                  security_token,
                  data_binary,
-                 verify=True):
+                 verify=True,
+                 allow_redirects=False):
     """
     # Make HTTP request with AWS Version 4 signing
 
@@ -82,6 +83,7 @@ def make_request(method,
     :param security_token: str
     :param data_binary: bool
     :param verify: bool
+    :param allow_redirects: false
 
     See also: http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
     """
@@ -132,9 +134,9 @@ def make_request(method,
     headers.update(auth_headers)
 
     if data_binary:
-        return __send_request(uri, data, headers, method, verify)
+        return __send_request(uri, data, headers, method, verify, allow_redirects)
     else:
-        return __send_request(uri, data.encode('utf-8'), headers, method, verify)
+        return __send_request(uri, data.encode('utf-8'), headers, method, verify, allow_redirects)
 
 
 # pylint: disable=too-many-arguments,too-many-locals
@@ -320,14 +322,14 @@ def __now():
     return datetime.datetime.utcnow()
 
 
-def __send_request(uri, data, headers, method, verify):
+def __send_request(uri, data, headers, method, verify, allow_redirects):
     __log('\nHEADERS++++++++++++++++++++++++++++++++++++')
     __log(headers)
 
     __log('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
     __log('Request URL = ' + uri)
 
-    response = requests.request(method, uri, headers=headers, data=data, verify=verify)
+    response = requests.request(method, uri, headers=headers, data=data, verify=verify, allow_redirects=allow_redirects)
 
     __log('\nRESPONSE++++++++++++++++++++++++++++++++++++')
     __log('Response code: %d\n' % response.status_code)
@@ -433,6 +435,8 @@ def inner_main(argv):
     # https://github.com/boto/botocore/blob/c76553d3158b083d818f88c898d8f6d7918478fd/botocore/credentials.py#L260-262
     parser.add_argument('--security_token', env_var='AWS_SECURITY_TOKEN')
     parser.add_argument('--session_token', env_var='AWS_SESSION_TOKEN')
+    parser.add_argument('-L', '--location', action='store_true', default=False, 
+                        help="Follow redirects")
 
     parser.add_argument('uri')
 
@@ -484,7 +488,8 @@ def inner_main(argv):
                             args.secret_key,
                             args.session_token,
                             args.data_binary,
-                            verify=not args.insecure)
+                            verify=not args.insecure,
+                            allow_redirects=args.location)
 
     if args.include or IS_VERBOSE:
         print(response.headers, end='\n\n')

diff --git a/tests/unit_test.py b/tests/unit_test.py
@@ -50,7 +50,7 @@ def my_mock_send_request_verify():
     class Object():
         pass
 
-    def ss(uri, data, headers, method, verify, **kargs):
+    def ss(uri, data, headers, method, verify, allow_redirects, **kargs):
         print("in mock")
         if not verify:
             raise SSLError
@@ -121,7 +121,8 @@ def test_make_request(self, *args, **kvargs):
                   'secret_key': '',
                   'security_token': '',
                   'data_binary': False,
-                  'verify': False}
+                  'verify': False,
+                  'allow_redirects': False}
 
         with pytest.raises(SSLError):
             make_request(**params)
@@ -145,7 +146,8 @@ def test_make_request(self, *args, **kvargs):
                   'secret_key': '',
                   'security_token': '',
                   'data_binary': False,
-                  'verify': True}
+                  'verify': True,
+                  'allow_redirects': False}
         make_request(**params)
 
         expected = {'x-amz-date': '19700101T000000Z',