From 20d48418263b2e9991e56c54845d2bd5456a3228 Mon Sep 17 00:00:00 2001 From: adehad <26027314+adehad@users.noreply.github.com> Date: Fri, 29 Oct 2021 20:47:25 +0100 Subject: [PATCH 1/4] add the `.verify` property correctly --- jira/client.py | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/jira/client.py b/jira/client.py index 74404ea4a..be4174fca 100644 --- a/jira/client.py +++ b/jira/client.py @@ -378,7 +378,7 @@ def __init__( * rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``. * agile_rest_path - the REST path to use for Jira Agile requests. Defaults to ``greenhopper`` (old, private API). Check :py:class:`jira.resources.GreenHopperResource` for other supported values. - * verify -- Verify SSL certs. Defaults to ``True``. + * verify (Union[bool, str]) -- Verify SSL certs. Defaults to ``True``. * client_cert -- a tuple of (cert,key) for the requests library for client side SSL * check_update -- Check whether using the newest python-jira library version. * headers -- a dict to update the default headers the session uses for all API requests. @@ -492,12 +492,12 @@ def __init__( # always log in for cookie based auth, as we need a first request to be logged in validate = True else: - verify = bool(self._options["verify"]) self._session = ResilientSession(timeout=timeout) - self._session.verify = verify # Add the client authentication certificate to the request if configured self._add_client_cert_to_session() + # Add the SSL Cert to the request if configured + self._add_ssl_cert_to_session() self._session.headers.update(self._options["headers"]) @@ -560,7 +560,6 @@ def _create_cookie_auth( ): self._session = ResilientSession(timeout=timeout) self._session.auth = JiraCookieAuth(self._session, self.session, auth) - self._session.verify = bool(self._options["verify"]) def _check_update_(self): """Check if the current version of the library is outdated.""" @@ -3345,15 +3344,12 @@ def _create_http_basic_session( Returns: ResilientSession """ - verify = bool(self._options["verify"]) self._session = ResilientSession(timeout=timeout) - self._session.verify = verify self._session.auth = (username, password) def _create_oauth_session( self, oauth, timeout: Optional[Union[Union[float, int], Tuple[float, float]]] ): - verify = bool(self._options["verify"]) from oauthlib.oauth1 import SIGNATURE_RSA from requests_oauthlib import OAuth1 @@ -3366,7 +3362,6 @@ def _create_oauth_session( resource_owner_secret=oauth["access_token_secret"], ) self._session = ResilientSession(timeout) - self._session.verify = verify self._session.auth = oauth_instance def _create_kerberos_session( @@ -3374,7 +3369,6 @@ def _create_kerberos_session( timeout: Optional[Union[Union[float, int], Tuple[float, float]]], kerberos_options=None, ): - verify = bool(self._options["verify"]) if kerberos_options is None: kerberos_options = {} @@ -3391,7 +3385,6 @@ def _create_kerberos_session( ) self._session = ResilientSession(timeout=timeout) - self._session.verify = verify self._session.auth = HTTPKerberosAuth( mutual_authentication=mutual_authentication ) @@ -3403,6 +3396,13 @@ def _add_client_cert_to_session(self): client_cert: Tuple[str, str] = self._options["client_cert"] # to help mypy self._session.cert = client_cert + def _add_ssl_cert_to_session(self): + """ + Adds the client certificate to the request if configured through the constructor. + """ + ssl_cert: Union[bool, str] = self._options["verify"] # to help mypy + self._session.verify = ssl_cert + @staticmethod def _timestamp(dt: datetime.timedelta = None): t = datetime.datetime.utcnow() @@ -3428,7 +3428,6 @@ def _create_jwt_session( for f in jwt["payload"].items(): jwt_auth.add_field(f[0], f[1]) self._session = ResilientSession(timeout=timeout) - self._session.verify = bool(self._options["verify"]) self._session.auth = jwt_auth def _create_token_session( @@ -3440,9 +3439,7 @@ def _create_token_session( Creates token-based session. Header structure: "authorization": "Bearer " """ - verify = self._options["verify"] self._session = ResilientSession(timeout=timeout) - self._session.verify = verify self._session.auth = TokenAuth(token_auth) def _set_avatar(self, params, url, avatar): From c69f88b2bdc224f4a9cc00b4e5c4009d89ecca8f Mon Sep 17 00:00:00 2001 From: adehad <26027314+adehad@users.noreply.github.com> Date: Fri, 29 Oct 2021 20:50:32 +0100 Subject: [PATCH 2/4] remove duplicated line --- jira/client.py | 1 - 1 file changed, 1 deletion(-) diff --git a/jira/client.py b/jira/client.py index be4174fca..ed74b3315 100644 --- a/jira/client.py +++ b/jira/client.py @@ -480,7 +480,6 @@ def __init__( self._create_oauth_session(oauth, timeout) elif basic_auth: self._create_http_basic_session(*basic_auth, timeout=timeout) - self._session.headers.update(self._options["headers"]) elif jwt: self._create_jwt_session(jwt, timeout) elif token_auth: From 9f27a59756945b045caa0c5858707b82dfa8707e Mon Sep 17 00:00:00 2001 From: adehad <26027314+adehad@users.noreply.github.com> Date: Sat, 30 Oct 2021 10:55:13 +0100 Subject: [PATCH 3/4] update docstrings and function name for clarity --- jira/client.py | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/jira/client.py b/jira/client.py index ed74b3315..7ea092449 100644 --- a/jira/client.py +++ b/jira/client.py @@ -496,7 +496,7 @@ def __init__( # Add the client authentication certificate to the request if configured self._add_client_cert_to_session() # Add the SSL Cert to the request if configured - self._add_ssl_cert_to_session() + self._add_ssl_cert_verif_strategy_to_session() self._session.headers.update(self._options["headers"]) @@ -3389,17 +3389,25 @@ def _create_kerberos_session( ) def _add_client_cert_to_session(self): + """Adds the client certificate to the session. + If configured through the constructor. + + https://docs.python-requests.org/en/master/user/advanced/#client-side-certificates + - str: a single file (containing the private key and the certificate) + - Tuple[str,str] a tuple of both files’ paths """ - Adds the client certificate to the request if configured through the constructor. - """ - client_cert: Tuple[str, str] = self._options["client_cert"] # to help mypy + client_cert: Union[str, Tuple[str, str]] = self._options["client_cert"] self._session.cert = client_cert - def _add_ssl_cert_to_session(self): - """ - Adds the client certificate to the request if configured through the constructor. + def _add_ssl_cert_verif_strategy_to_session(self): + """Adds verification strategy for host SSL certificates. + If configured through the constructor. + + https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification + - str: Path to a `CA_BUNDLE` file or directory with certificates of trusted CAs. + - bool: True/False """ - ssl_cert: Union[bool, str] = self._options["verify"] # to help mypy + ssl_cert: Union[bool, str] = self._options["verify"] self._session.verify = ssl_cert @staticmethod From 205defb0fb9ee65263f8506c7a86fe6840bc67d7 Mon Sep 17 00:00:00 2001 From: adehad <26027314+adehad@users.noreply.github.com> Date: Sat, 30 Oct 2021 11:09:03 +0100 Subject: [PATCH 4/4] update client `__init__` docstring, as that is actually public --- jira/client.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jira/client.py b/jira/client.py index 7ea092449..251f3003f 100644 --- a/jira/client.py +++ b/jira/client.py @@ -379,7 +379,10 @@ def __init__( * agile_rest_path - the REST path to use for Jira Agile requests. Defaults to ``greenhopper`` (old, private API). Check :py:class:`jira.resources.GreenHopperResource` for other supported values. * verify (Union[bool, str]) -- Verify SSL certs. Defaults to ``True``. - * client_cert -- a tuple of (cert,key) for the requests library for client side SSL + Or path to to a CA_BUNDLE file or directory with certificates of trusted CAs, + for the `requests` library to use. + * client_cert (Union[str, Tuple[str,str]]) -- Path to file with both cert and key or + a tuple of (cert,key), for the `requests` library to use for client side SSL. * check_update -- Check whether using the newest python-jira library version. * headers -- a dict to update the default headers the session uses for all API requests.