Merge pull request #8 from jafferli/patch-1

add support for token based access

README.md

@@ -14,6 +14,10 @@ Then, make an object with your base Graylog URL and username and password for au
 
 `api = pygraylog.GraylogAPI('https://localhost:12900', username='foo', password='foo')`
 
+For good security practics, use token based access as following
+
+`api = pygraylog.GraylogAPI('https://localhost:12900', api_key='xopqoiwepmd1o23m9awuaspofp')`
+
 Then, check out `pygraylog/endpoints.py` to see which endpoints are implemented/enforced by this library and make your API call.
 
 `api.search.universal.absolute.get(fields="src_ip", query="*", from_='1970-01-01 00:00:00', to='1970-01-01 23:59:59')`  

pygraylog/graylogapi.py

@@ -4,6 +4,11 @@
 from urlparse import urlparse
 class GraylogAPI(object):
     def __init__(self, url, username=None, password=None, api_key=None):
+
+        # check if the username / password vs. api_key cannot be provided at same time
+        if username is not None and api_key is not None:
+            raise ValueError('username / api_key cannot be provided at same time')
+
         self.url = url
         self._path = urlparse(self.url).path
         self.username = username
@@ -31,7 +36,13 @@ def method(**kwargs):
             return self._(name)
 
     def build_auth_header(self):
-        payload = self.username + ':' + self.password
+
+        # use the api_key if it is been provided
+        if self.api_key is not None:
+            payload = self.api_key + ':token'
+        else:
+            payload = self.username + ':' + self.password
+
         header = {
             'Authorization' : 'Basic ' + base64.b64encode(payload),
             'Accept' : 'application/json'

setup.py

@@ -3,7 +3,7 @@
 from distutils.core import setup
 
 setup(name='pygraylog',
-      version='0.3.1',
+      version='0.3.2',
       description='Graylog API wrapper for python',
       author='Zack Allen',
       author_email='zma4580@gmail.com',

test/unit/test_graylogapi.py

@@ -3,14 +3,25 @@
 from pygraylog.pygraylog import graylogapi
 
 def test_obj_creation():
+    # test based on username / password API end-point access level
     api = graylogapi.GraylogAPI('https://test.com/foo/bar/',
         username = 'Zack',
         password = 'Zack',
-        api_key = 'ABCDEFG')
+        api_key = None)
     assert api._path == '/foo/bar/'
     assert api.username == 'Zack'
     assert api.password == 'Zack'
-    assert api.api_key == 'ABCDEFG'
+    assert api.api_key is None
+
+    # test based on api-key token access level
+    api = graylogapi.GraylogAPI('https://test.com/foo/bar/',
+        username = None,
+        password = None,
+        api_key = 'ABCDEFG')
+    assert api._path == '/foo/bar/'
+    assert api.username is None
+    assert api.password is None
+    assert api.api_key == 'ABCDEFG'    
 
 def test_obj_path_build():
     api = graylogapi.GraylogAPI('https://test.com')
@@ -23,6 +34,7 @@ def test_obj_path_build():
     assert api._path == '/foo/bar/baz/from'
 
 def test_auth_header():
+    # test based on username / password API end-point access level
     api = graylogapi.GraylogAPI('/',  username='Zack', password='Zack')
     header = api.build_auth_header()
     payload = 'Zack' + ':' + 'Zack' 
@@ -31,3 +43,16 @@ def test_auth_header():
         'Accept' : 'application/json'
     }
     assert header == header_test
+
+    # test based on api-key token access level
+    api = graylogapi.GraylogAPI('/',
+        username = None,
+        password = None,
+        api_key = 'ABCDEFG')
+    header = api.build_auth_header()
+    payload = 'ABCDEFG' + ':' + 'token'
+    header_test = {
+        'Authorization' : 'Basic ' + base64.b64encode(payload),
+        'Accept' : 'application/json'
+    }
+    assert header == header_test