def login(self, username, password, otp=None):
""" Open a session for the user.
Log in the user with the specified username and password
against the FAS OpenID server.
:arg username: the FAS username of the user that wants to log in
:arg password: the FAS password of the user that wants to log in
:kwarg otp: currently unused. Eventually a way to send an otp to the
API that the API can use.
"""
if not username:
raise AuthError("Username may not be %r at login." % username)
if not password:
raise AuthError("Password required for login.")
response = openid_login(
session=self._session,
login_url=self.login_url,
username=username,
password=password,
otp=otp,
openid_insecure=self.openid_insecure)
self._save_cookies()
return response
def login(self, username, password, otp=None):
""" Open a session for the user.
Log in the user with the specified username and password
against the FAS OpenID server.
:arg username: the FAS username of the user that wants to log in
:arg password: the FAS password of the user that wants to log in
:kwarg otp: currently unused. Eventually a way to send an otp to the
API that the API can use.
"""
if not username:
raise AuthError("Username may not be %r at login." % username)
if not password:
raise AuthError("Password required for login.")
# It looks like we're really doing this. Let's make sure that we don't
# collide various cookies, and clear every cookie we had up until now
# for this service.
self._session.cookies.clear()
self._save_cookies()
response = openid_login(session=self._session,
login_url=self.login_url,
username=username,
password=password,
otp=otp,
openid_insecure=self.openid_insecure)
self._save_cookies()
return response
def send_request(self, method, auth=False, verb='POST', **kwargs):
"""Make an HTTP request to a server method.
The given method is called with any parameters set in req_params. If
auth is True, then the request is made with an authenticated session
cookie.
:arg method: Method to call on the server. It's a url fragment that
comes after the :attr:`base_url` set in :meth:`__init__`.
:kwarg auth: If True perform auth to the server, else do not.
:kwarg req_params: Extra parameters to send to the server.
:kwarg file_params: dict of files where the key is the name of the
file field used in the remote method and the value is the local
path of the file to be uploaded. If you want to pass multiple
files to a single file field, pass the paths as a list of paths.
:kwarg verb: HTTP verb to use. GET and POST are currently supported.
POST is the default.
"""
# Decide on the set of auth cookies to use
method = absolute_url(self.base_url, method)
self._authed_verb_dispatcher = {
(False, 'POST'): self._session.post,
(False, 'GET'): self._session.get,
(True, 'POST'): self._authed_post,
(True, 'GET'): self._authed_get
}
if 'timeout' not in kwargs:
kwargs['timeout'] = self.timeout
try:
func = self._authed_verb_dispatcher[(auth, verb)]
except KeyError:
raise Exception('Unknown HTTP verb')
try:
output = func(method, **kwargs)
except LoginRequiredError:
raise AuthError()
try:
data = output.json()
except ValueError as e:
# The response wasn't JSON data
raise ServerError(
method, output.status_code, 'Error returned from'
' json module while processing %(url)s: %(err)s\n%(output)s' %
{
'url': to_bytes(method),
'err': to_bytes(e),
'output': to_bytes(output.text),
})
data = munchify(data)
return data
def login(self, username, password):
data = self.send_request('api.php', req_params={
'action': 'login',
'format': 'json',
'lgname': username,
'lgpassword': password,
})
if 'lgtoken' not in data.get('login', {}):
raise AuthError('Login failed: %(data)s' %
{'data':to_bytes(data)})
#self.session_id = data['login']['lgtoken']
#self.username = data['login']['lgusername']
self.check_api_limits()
return data
def wrapper(*args, **kwargs):
try:
result = method(*args, **kwargs)
# Bodhi allows comments to be written by unauthenticated users if they solve a Captcha.
# Due to this, an authentication error is not raised by the server if the client fails
# to authenticate for any reason, and instead an error about needing a captcha key is
# presented instead. If we see that error, we can just raise an AuthError to trigger the
# retry logic in the exception handler below.
if 'errors' in result:
for error in result['errors']:
if 'name' in error and error['name'] == 'captcha_key':
raise AuthError('Captcha key needed.')
except AuthError:
# An AuthError can be raised for four different reasons:
#
# 0) The password is wrong.
# 1) The session cookies are expired. fedora.python does not handle this automatically.
# 2) The session cookies are not expired, but are no longer valid (for example, this can
# happen if the server's auth secret has changed.)
# 3) The client received a captcha_key error, as described in the try block above.
#
# We don't know the difference between the cases here, but case #1 is fairly common and
# we can work around it and case #2 by removing the session cookies and csrf token and
# retrying the request. If the password is wrong, the second attempt will also fail but
# we won't guard it and the AuthError will still be raised.
args[0]._session.cookies.clear()
args[0].csrf_token = None
result = method(*args, **kwargs)
if 'errors' not in result:
return result
# Otherwise, there was a problem...
problems = 'An unhandled error occurred in the BodhiClient'
try:
problems = "\n".join([e['description'] for e in result['errors']])
except Exception:
pass
raise BodhiClientException(problems)
def openid_login(session,
login_url,
username,
password,
otp=None,
openid_insecure=False):
""" Open a session for the user.
Log in the user with the specified username and password
against the FAS OpenID server.
:arg session: Requests session object required to persist the cookies
that are created during redirects on the openid provider.
:arg login_url: The url to the login endpoint of the application.
:arg username: the FAS username of the user that wants to log in
:arg password: the FAS password of the user that wants to log in
:kwarg otp: currently unused. Eventually a way to send an otp to the
API that the API can use.
:kwarg openid_insecure: If True, do not check the openid server
certificates against their CA's. This means that man-in-the-middle
attacks are possible against the `BaseClient`. You might turn this
option on for testing against a local version of a server with a
self-signed certificate but it should be off in production.
"""
# Log into the service
response = session.get(login_url, headers={'Accept': 'application/json'})
try:
data = response.json()
openid_url = data.get('server_url', None)
if not FEDORA_OPENID_RE.match(openid_url):
raise FedoraServiceError('Un-expected openid provider asked: %s' %
openid_url)
except:
# Some consumers (like pyramid_openid) return redirects with the
# openid attributes encoded in the url
if not FEDORA_OPENID_RE.match(response.url):
raise FedoraServiceError('Un-expected openid provider asked: %s' %
response.url)
data = _parse_response_history(response)
# Contact openid provider
data['username'] = username
data['password'] = password
# Let's precise to FedOAuth that we want to authenticate with FAS
data['auth_module'] = 'fedoauth.auth.fas.Auth_FAS'
data['auth_flow'] = 'fedora'
if not 'openid.mode' in data:
data['openid.mode'] = 'checkid_setup'
response = session.post(FEDORA_OPENID_API,
data=data,
verify=not openid_insecure)
if not bool(response):
raise ServerError(FEDORA_OPENID_API, response.status_code,
'Error returned from our POST to ipsilon.')
output = response.json()
if not output['success']:
raise AuthError(output['message'])
response = session.post(output['response']['openid.return_to'],
data=output['response'])
return response
def send_request(self,
method,
verb='POST',
req_params=None,
auth_params=None,
file_params=None,
retries=None,
timeout=None,
headers=None):
"""Make an HTTP request to a server method.
The given method is called with any parameters set in ``req_params``.
If auth is True, then the request is made with an authenticated
session cookie. Note that path parameters should be set by adding
onto the method, not via ``req_params``.
:arg method: Method to call on the server. It's a url fragment that
comes after the base_url set in __init__(). Note that any
parameters set as extra path information should be listed here,
not in ``req_params``.
:kwarg req_params: dict containing extra parameters to send to the
server
:kwarg auth_params: dict containing one or more means of
authenticating to the server. Valid entries in this dict are:
:cookie: **Deprecated** Use ``session_id`` instead. If both
``cookie`` and ``session_id`` are set, only ``session_id``
will be used. A ``Cookie.SimpleCookie`` to send as a
session cookie to the server
:session_id: Session id to put in a cookie to construct an
identity for the server
:username: Username to send to the server
:password: Password to use with username to send to the server
:httpauth: If set to ``basic`` then use HTTP Basic Authentication
to send the username and password to the server. This may
be extended in the future to support other httpauth types
than ``basic``.
Note that cookie can be sent alone but if one of username or
password is set the other must as well. Code can set all of
these if it wants and all of them will be sent to the server.
Be careful of sending cookies that do not match with the
username in this case as the server can decide what to do in
this case.
:kwarg file_params: dict of files where the key is the name of the
file field used in the remote method and the value is the local
path of the file to be uploaded. If you want to pass multiple
files to a single file field, pass the paths as a list of paths.
:kwarg retries: if we get an unknown or possibly transient error
from the server, retry this many times. Setting this to a
negative number makes it try forever. Default to use the
:attr:`retries` value set on the instance or in :meth:`__init__`.
:kwarg timeout: A float describing the timeout of the connection.
The timeout only affects the connection process itself, not the
downloading of the response body. Defaults to the :attr:`timeout`
value set on the instance or in :meth:`__init__`.
:kwarg headers: A dictionary containing specific headers to add to
the request made.
:returns: A tuple of session_id and data.
:rtype: tuple of session information and data from server
"""
log.debug('openidproxyclient.send_request: entered')
# parameter mangling
file_params = file_params or {}
# Check whether we need to authenticate for this request
session_id = None
username = None
password = None
if auth_params:
if 'session_id' in auth_params:
session_id = auth_params['session_id']
if 'username' in auth_params and 'password' in auth_params:
username = auth_params['username']
password = auth_params['password']
elif 'username' in auth_params or 'password' in auth_params:
raise AuthError(
'username and password must both be set in auth_params')
if not (session_id or username):
raise AuthError(
'No known authentication methods specified: set '
'"cookie" in auth_params or set both username and '
'password in auth_params')
# urljoin is slightly different than os.path.join(). Make sure
# method will work with it.
method = method.lstrip('/')
# And join to make our url.
url = urljoin(self.base_url, urllib.quote(method))
# Set standard headers
if headers:
if not 'User-agent' in headers:
headers['User-agent'] = self.useragent
if not 'Accept' in headers:
headers['Accept'] = 'application/json'
else:
headers = {
'User-agent': self.useragent,
'Accept': 'application/json',
}
# Files to upload
for field_name, local_file_name in file_params:
file_params[field_name] = open(local_file_name, 'rb')
cookies = requests.cookies.RequestsCookieJar()
# If we have a session_id, send it
if session_id:
# Anytime the session_id exists, send it so that visit tracking
# works. Will also authenticate us if there's a need. Note
# that there's no need to set other cookie attributes because
# this is a cookie generated client-side.
cookies.set(self.session_name, session_id)
complete_params = req_params or {}
auth = None
if username and password:
# OpenID login
resp, session = self.login(username, password, otp=None)
cookies = session.cookies
# If debug, give people our debug info
log.debug('Creating request %s', to_bytes(url))
log.debug('Headers: %s', to_bytes(headers, nonstring='simplerepr'))
if self.debug and complete_params:
debug_data = copy.deepcopy(complete_params)
if 'password' in debug_data:
debug_data['password'] = '******'
log.debug('Data: %r', debug_data)
if retries is None:
retries = self.retries
if timeout is None:
timeout = self.timeout
num_tries = 0
while True:
try:
response = session.request(
method=verb,
url=url,
data=complete_params,
cookies=cookies,
headers=headers,
auth=auth,
verify=not self.insecure,
timeout=timeout,
)
except (requests.Timeout, requests.exceptions.SSLError) as err:
if isinstance(err, requests.exceptions.SSLError):
# And now we know how not to code a library exception
# hierarchy... We're expecting that requests is raising
# the following stupidity:
# requests.exceptions.SSLError(
# urllib3.exceptions.SSLError(
# ssl.SSLError('The read operation timed out')))
# If we weren't interested in reraising the exception with
# full traceback we could use a try: except instead of
# this gross conditional. But we need to code defensively
# because we don't want to raise an unrelated exception
# here and if requests/urllib3 can do this sort of
# nonsense, they may change the nonsense in the future
if not (err.args and isinstance(
err.args[0], urllib3.exceptions.SSLError)
and err.args[0].args
and isinstance(err.args[0].args[0], ssl.SSLError)
and err.args[0].args[0].args
and 'timed out' in err.args[0].args[0].args[0]):
# We're only interested in timeouts here
raise
log.debug('Request timed out')
if retries < 0 or num_tries < retries:
num_tries += 1
log.debug('Attempt #%s failed', num_tries)
time.sleep(0.5)
continue
# Fail and raise an error
# Raising our own exception protects the user from the
# implementation detail of requests vs pycurl vs urllib
raise ServerError(
url, -1, 'Request timed out after %s seconds' % timeout)
# When the python-requests module gets a response, it attempts to
# guess the encoding using chardet (or a fork)
# That process can take an extraordinarily long time for long
# response.text strings.. upwards of 30 minutes for FAS queries to
# /accounts/user/list JSON api! Therefore, we cut that codepath
# off at the pass by assuming that the response is 'utf-8'. We can
# make that assumption because we're only interfacing with servers
# that we run (and we know that they all return responses
# encoded 'utf-8').
response.encoding = 'utf-8'
# Check for auth failures
# Note: old TG apps returned 403 Forbidden on authentication
# failures.
# Updated apps return 401 Unauthorized
# We need to accept both until all apps are updated to return 401.
http_status = response.status_code
if http_status in (401, 403):
# Wrong username or password
log.debug('Authentication failed logging in')
raise AuthError(
'Unable to log into server. Invalid '
'authentication tokens. Send new username and password')
elif http_status >= 400:
if retries < 0 or num_tries < retries:
# Retry the request
num_tries += 1
log.debug('Attempt #%s failed', num_tries)
time.sleep(0.5)
continue
# Fail and raise an error
try:
msg = httplib.responses[http_status]
except (KeyError, AttributeError):
msg = 'Unknown HTTP Server Response'
raise ServerError(url, http_status, msg)
# Successfully returned data
break
# In case the server returned a new session cookie to us
new_session = session.cookies.get(self.session_name, '')
log.debug('openidproxyclient.send_request: exited')
#data = munchify(data)
return new_session, response
def send_request(self,
method,
req_params=None,
auth_params=None,
file_params=None,
retries=None,
timeout=None):
'''Make an HTTP request to a server method.
The given method is called with any parameters set in ``req_params``.
If auth is True, then the request is made with an authenticated session
cookie. Note that path parameters should be set by adding onto the
method, not via ``req_params``.
:arg method: Method to call on the server. It's a url fragment that
comes after the base_url set in __init__(). Note that any
parameters set as extra path information should be listed here,
not in ``req_params``.
:kwarg req_params: dict containing extra parameters to send to the
server
:kwarg auth_params: dict containing one or more means of authenticating
to the server. Valid entries in this dict are:
:cookie: **Deprecated** Use ``session_id`` instead. If both
``cookie`` and ``session_id`` are set, only ``session_id`` will
be used. A ``Cookie.SimpleCookie`` to send as a session cookie
to the server
:session_id: Session id to put in a cookie to construct an identity
for the server
:username: Username to send to the server
:password: Password to use with username to send to the server
:httpauth: If set to ``basic`` then use HTTP Basic Authentication
to send the username and password to the server. This may be
extended in the future to support other httpauth types than
``basic``.
Note that cookie can be sent alone but if one of username or
password is set the other must as well. Code can set all of these
if it wants and all of them will be sent to the server. Be careful
of sending cookies that do not match with the username in this
case as the server can decide what to do in this case.
:kwarg file_params: dict of files where the key is the name of the
file field used in the remote method and the value is the local
path of the file to be uploaded. If you want to pass multiple
files to a single file field, pass the paths as a list of paths.
:kwarg retries: if we get an unknown or possibly transient error from
the server, retry this many times. Setting this to a negative
number makes it try forever. Default to use the :attr:`retries`
value set on the instance or in :meth:`__init__`.
:kwarg timeout: A float describing the timeout of the connection. The
timeout only affects the connection process itself, not the
downloading of the response body. Defaults to the :attr:`timeout`
value set on the instance or in :meth:`__init__`.
:returns: If ProxyClient is created with session_as_cookie=True (the
default), a tuple of session cookie and data from the server.
If ProxyClient was created with session_as_cookie=False, a tuple
of session_id and data instead.
:rtype: tuple of session information and data from server
.. versionchanged:: 0.3.17
No longer send tg_format=json parameter. We rely solely on the
Accept: application/json header now.
.. versionchanged:: 0.3.21
* Return data as a Bunch instead of a DictContainer
* Add file_params to allow uploading files
.. versionchanged:: 0.3.33
Added the timeout kwarg
'''
self.log.debug(b_('proxyclient.send_request: entered'))
# parameter mangling
file_params = file_params or {}
# Check whether we need to authenticate for this request
session_id = None
username = None
password = None
if auth_params:
if 'session_id' in auth_params:
session_id = auth_params['session_id']
elif 'cookie' in auth_params:
warnings.warn(b_(
'Giving a cookie to send_request() to'
' authenticate is deprecated and will be removed in 0.4.'
' Please port your code to use session_id instead.'),
DeprecationWarning,
stacklevel=2)
session_id = auth_params['cookie'].output(attrs=[],
header='').strip()
if 'username' in auth_params and 'password' in auth_params:
username = auth_params['username']
password = auth_params['password']
elif 'username' in auth_params or 'password' in auth_params:
raise AuthError(
b_('username and password must both be set in'
' auth_params'))
if not (session_id or username):
raise AuthError(
b_('No known authentication methods'
' specified: set "cookie" in auth_params or set both'
' username and password in auth_params'))
# urljoin is slightly different than os.path.join(). Make sure method
# will work with it.
method = method.lstrip('/')
# And join to make our url.
url = urljoin(self.base_url, urllib.quote(method))
data = None # decoded JSON via json.load()
# Set standard headers
headers = {
'User-agent': self.useragent,
'Accept': 'application/json',
}
# Files to upload
for field_name, local_file_name in file_params:
file_params[field_name] = open(local_file_name, 'rb')
cookies = requests.cookies.RequestsCookieJar()
# If we have a session_id, send it
if session_id:
# Anytime the session_id exists, send it so that visit tracking
# works. Will also authenticate us if there's a need. Note that
# there's no need to set other cookie attributes because this is a
# cookie generated client-side.
cookies.set(self.session_name, session_id)
complete_params = req_params or {}
if session_id:
# Add the csrf protection token
token = sha_constructor(session_id)
complete_params.update({'_csrf_token': token.hexdigest()})
auth = None
if username and password:
if auth_params.get('httpauth', '').lower() == 'basic':
# HTTP Basic auth login
auth = (username, password)
else:
# TG login
# Adding this to the request data prevents it from being logged by
# apache.
complete_params.update({
'user_name': to_bytes(username),
'password': to_bytes(password),
'login': '******',
})
# If debug, give people our debug info
self.log.debug(b_('Creating request %(url)s') % {'url': to_bytes(url)})
self.log.debug(
b_('Headers: %(header)s') %
{'header': to_bytes(headers, nonstring='simplerepr')})
if self.debug and complete_params:
debug_data = copy.deepcopy(complete_params)
if 'password' in debug_data:
debug_data['password'] = '******'
self.log.debug(b_('Data: %r') % debug_data)
if retries is None:
retries = self.retries
if timeout is None:
timeout = self.timeout
num_tries = 0
while True:
try:
response = requests.post(
url,
data=complete_params,
cookies=cookies,
headers=headers,
auth=auth,
verify=not self.insecure,
timeout=timeout,
)
except requests.Timeout:
self.log.debug(b_('Request timed out'))
if retries < 0 or num_tries < retries:
num_tries += 1
self.log.debug(
b_('Attempt #%(try)s failed') % {'try': num_tries})
time.sleep(0.5)
continue
# When the python-requests module gets a response, it attempts to
# guess the encoding using "charade", a fork of "chardet" which it
# bundles (and which we are in the process of unbundling:
# https://bugzilla.redhat.com/show_bug.cgi?id=910236).
# That process can take an extraordinarily long time for long
# response.text strings.. upwards of 30 minutes for FAS queries to
# /accounts/user/list JSON api! Therefore, we cut that codepath
# off at the pass by assuming that the response is 'utf-8'. We can
# make that assumption because we're only interfacing with servers
# that we run (and we know that they all return responses
# encoded 'utf-8').
response.encoding = 'utf-8'
# Check for auth failures
# Note: old TG apps returned 403 Forbidden on authentication failures.
# Updated apps return 401 Unauthorized
# We need to accept both until all apps are updated to return 401.
http_status = response.status_code
if http_status in (401, 403):
# Wrong username or password
self.log.debug(b_('Authentication failed logging in'))
raise AuthError(
b_('Unable to log into server. Invalid'
' authentication tokens. Send new username and password'
))
elif http_status >= 400:
if retries < 0 or num_tries < retries:
# Retry the request
num_tries += 1
self.log.debug(
b_('Attempt #%(try)s failed') % {'try': num_tries})
time.sleep(0.5)
continue
# Fail and raise an error
try:
msg = httplib.responses[http_status]
except (KeyError, AttributeError):
msg = b_('Unknown HTTP Server Response')
raise ServerError(url, http_status, msg)
# Successfully returned data
break
# In case the server returned a new session cookie to us
new_session = response.cookies.get(self.session_name, '')
try:
data = response.json
# Compatibility with newer python-requests
if callable(data):
data = data()
except ValueError, e:
# The response wasn't JSON data
raise ServerError(
url, http_status,
b_('Error returned from'
' json module while processing %(url)s: %(err)s') % {
'url': to_bytes(url),
'err': to_bytes(e)
})
def send_request(self,
method,
req_params=None,
file_params=None,
auth=False,
retries=None,
timeout=None,
**kwargs):
'''Make an HTTP request to a server method.
The given method is called with any parameters set in req_params. If
auth is True, then the request is made with an authenticated session
cookie.
:arg method: Method to call on the server. It's a url fragment that
comes after the base_url set in __init__().
:kwarg req_params: Extra parameters to send to the server.
:kwarg file_params: dict of files where the key is the name of the
file field used in the remote method and the value is the local
path of the file to be uploaded. If you want to pass multiple
files to a single file field, pass the paths as a list of paths.
:kwarg auth: If True perform auth to the server, else do not.
:kwarg retries: if we get an unknown or possibly transient error from
the server, retry this many times. Setting this to a negative
number makes it try forever. Default to use the :attr:`retries`
value set on the instance or in :meth:`__init__` (which defaults
to zero, no retries).
:kwarg timeout: A float describing the timeout of the connection. The
timeout only affects the connection process itself, not the
downloading of the response body. Default to use the
:attr:`timeout` value set on the instance or in :meth:`__init__`
(which defaults to 120s).
:rtype: Bunch
:returns: The data from the server
.. versionchanged:: 0.3.21
* Return data as a Bunch instead of a DictContainer
* Add file_params to allow uploading files
.. versionchanged:: 0.3.33
* Added the timeout kwarg
'''
# Check for deprecated arguments. This section can go once we hit 0.4
if len(kwargs) >= 1:
for arg in kwargs:
# If we have extra args, raise an error
if arg != 'input':
raise TypeError('send_request() got an unexpected'
' keyword argument "%(arg)s"' %
{'arg': to_bytes(arg)})
if req_params:
# We don't want to allow input if req_params was already given
raise TypeError('send_request() got an unexpected keyword'
' argument "input"')
if len(kwargs) > 1:
# We shouldn't get here
raise TypeError('send_request() got an unexpected keyword'
' argument')
# Error checking over, set req_params to the value in input
warnings.warn(
'send_request(input) is deprecated. Use'
' send_request(req_params) instead',
DeprecationWarning,
stacklevel=2)
req_params = kwargs['input']
auth_params = {'session_id': self.session_id}
if auth == True:
# We need something to do auth. Check user/pass
password, otp = filter_password(self.password)
if self.username and password:
# Add the username and password and we're all set
auth_params['username'] = self.username
auth_params['password'] = password
if otp:
auth_params['otp'] = otp
if self.httpauth:
auth_params['httpauth'] = self.httpauth
else:
# No? Check for session_id
if not self.session_id:
# Not enough information to auth
raise AuthError(
'Auth was requested but no way to'
' perform auth was given. Please set username'
' and password or session_id before calling'
' this function with auth=True')
# Remove empty params
# pylint: disable-msg=W0104
[
auth_params.__delitem__(key) for key, value in auth_params.items()
if not value
]
# pylint: enable-msg=W0104
session_id, data = super(BaseClient,
self).send_request(method,
req_params=req_params,
file_params=file_params,
auth_params=auth_params,
retries=retries,
timeout=timeout)
# In case the server returned a new session id to us
if self.session_id != session_id:
self.session_id = session_id
return data
def send_request(self, method, auth=False, verb='POST', **kwargs):
"""Make an HTTP request to a server method.
The given method is called with any parameters set in req_params. If
auth is True, then the request is made with an authenticated session
cookie.
:arg method: Method to call on the server. It's a url fragment that
comes after the :attr:`base_url` set in :meth:`__init__`.
:kwarg retries: if we get an unknown or possibly transient error from
the server, retry this many times. Setting this to a negative
number makes it try forever. Default to use the :attr:`retries`
value set on the instance or in :meth:`__init__` (which defaults
to zero, no retries).
:kwarg timeout: A float describing the timeout of the connection. The
timeout only affects the connection process itself, not the
downloading of the response body. Default to use the
:attr:`timeout` value set on the instance or in :meth:`__init__`
(which defaults to 120s).
:kwarg auth: If True perform auth to the server, else do not.
:kwarg req_params: Extra parameters to send to the server.
:kwarg file_params: dict of files where the key is the name of the
file field used in the remote method and the value is the local
path of the file to be uploaded. If you want to pass multiple
files to a single file field, pass the paths as a list of paths.
:kwarg verb: HTTP verb to use. GET and POST are currently supported.
POST is the default.
"""
# Decide on the set of auth cookies to use
method = absolute_url(self.base_url, method)
self._authed_verb_dispatcher = {(False, 'POST'): self._session.post,
(False, 'GET'): self._session.get,
(True, 'POST'): self._authed_post,
(True, 'GET'): self._authed_get}
try:
func = self._authed_verb_dispatcher[(auth, verb)]
except KeyError:
raise Exception('Unknown HTTP verb')
if auth:
auth_params = {'session_id': self.session_id,
'openid_session_id': self.openid_session_id}
try:
output = func(method, auth_params, **kwargs)
except LoginRequiredError:
raise AuthError()
else:
try:
output = func(method, **kwargs)
except LoginRequiredError:
raise AuthError()
try:
data = output.json
# Compatibility with newer python-requests
if callable(data):
data = data()
except ValueError as e:
# The response wasn't JSON data
raise ServerError(
method, output.status_code, 'Error returned from'
' json module while processing %(url)s: %(err)s\n%(output)s' %
{
'url': to_bytes(method),
'err': to_bytes(e),
'output': to_bytes(output.text),
})
data = munchify(data)
return data