def run_action_webhook_multi(self, action, eval_context={}): user = eval_context.get('user') fields = action.webhook_fields.mapped('name') records = eval_context.get('records') or self.env[action.model_name] payload = { 'name': action.name, 'uid': eval_context.get('uid'), 'user': user and user.name, 'model': action.model_name, 'records': json.dumps(records.read(fields=fields), cls=RecordEncoder) } auth = None session = Session() if action.webhook_authentication == 'base': auth = HTTPBasicAuth(action.webhook_user, action.webhook_password) elif action.webhook_authentication == 'digest': auth = HTTPDigestAuth(action.webhook_user, action.webhook_password) elif action.webhook_authentication == 'oauth1': auth = OAuth1(action.webhook_client_key, client_secret=action.webhook_client_secret, resource_owner_key=action.webhook_resource_owner_key, resource_owner_secret=action.webhook_resource_owner_secret) elif action.webhook_authentication == 'oauth2' and action.webhook_grant == 'password': session = OAuth2Session(client=LegacyApplicationClient(client_id=action.webhook_client_key)) session.fetch_token(token_url=action.webhook_token_url, username=action.webhook_user, password=action.webhook_password, client_id=action.webhook_client_key, client_secret=action.webhook_client_secret) elif action.webhook_authentication == 'oauth2' and action.webhook_grant == 'client_credentials': session = OAuth2Session(client=BackendApplicationClient(client_id=client_id)) session.fetch_token(token_url=action.webhook_token_url, client_id=action.webhook_client_key, client_secret=action.webhook_client_secret) elif action.webhook_authentication == 'token': payload.update({'access_token': action.webhook_token}) if action.webhook_payload: safe_eval(action.webhook_payload.strip(), eval_context, mode="exec", nocopy=True) if 'content' in eval_context: payload.update({'content': eval_context['content']}) request = Request(action.webhook_method, action.webhook_address, data=payload, auth=auth) prepared_request = session.prepare_request(request) logger_message = "Webhook: [%s] %s" % (action.webhook_method, action.webhook_address) try: webhook_path = action.webhook_path webhook_verify = action.webhook_verify verify = webhook_path if webhook_verify and webhook_path else webhook_verify response = session.send(prepared_request, timeout=action.webhook_timeout, verify=verify) _logger.info("%s - %s" % (logger_message, response.status_code)) if action.webhook_process: eval_context.update({'request': prepared_request, 'response': response}) safe_eval(action.webhook_process.strip(), eval_context, mode="exec") except RequestException: _logger.exception(logger_message) finally: session.close()
def get_app_session(self, domain): if self.can_auth_with_client_credentials: sess = self.app_sessions.get(domain) if not sess: client_id = self.get_credentials(domain)[0] if self.use_basic_auth_for_app_session: sess = Session() sess.auth = self.get_credentials(domain) else: sess = self.session_class(client=BackendApplicationClient(client_id)) self.app_sessions[domain] = sess if not sess.auth and not sess.token: access_token_url = self.access_token_url.format(domain=domain) client_id, client_secret = self.get_credentials(domain) sess.fetch_token(access_token_url, client_id=client_id, client_secret=client_secret) return sess else: return self.get_auth_session(domain)
class Client: __secrets = {"username": None, "password": None, "client_id": None, "client_secret": None} def __init__(self, config_file=None, **kwargs): auth_types = {'basicauth': self.__http_basic_auth, 'digestauth': self.__http_digest_auth, 'oauth2': self.__oauth2} self.config = Config(path=config_file) #self.config['auth'] = auth if self.config.auth: assert self.config['auth']['type'].lower() in auth_types.keys() self.__get_secrets_file(path=self.config['auth']['secret']) auth_types[self.config['auth']['type']]() else: self.session = Session() self.iota = Agent(config=self.config, session=self.session) self.ocb = Orion(config=self.config, session=self.session) self.timeseries = QuantumLeap(config=self.config, session=self.session) @property def headers(self): return self.session.headers @property def cert(self): return self.session.cert @property def secrets(self): return self.__secrets @secrets.setter def secrets(self, data: dict): self.__secrets.update(data) @secrets.deleter def secrets(self): self.__secrets = {} def __get_secrets_file(self, path=None): """ Reads credentials form secret file the path variable is pointing to. :param path: location of secrets-file :return: None """ try: with open(path, 'r') as filename: logger.info(f"Reading credentials from: {path}") self.__secrets.update(json.load(filename)) except IOError as err: if err.errno == errno.ENOENT: logger.error(f"{path} - does not exist") elif err.errno == errno.EACCES: logger.error(f"{path} - cannot be read") else: logger.error(f"{path} - some other error") def __http_basic_auth(self): """ Initiates a client using the basic authorization mechanism provided by the requests package. The documentation of the package is located here: https://requests.readthedocs.io/en/master/user/authentication/ The credentials must be provided via secret-file. """ try: self.session = Session() self.session.auth = HTTPBasicAuth(self.__secrets['username'], self.__secrets['password']) except KeyError: pass def __http_digest_auth(self): """ Initiates a client using the digest authorization mechanism provided by the requests package. The documentation of the package is located here: https://requests.readthedocs.io/en/master/user/authentication/ The credentials must be provided via secret-file. """ try: self.session = Session() self.session.auth = HTTPDigestAuth(self.__secrets['username'], self.__secrets['password']) except KeyError: pass def __oauth2(self): """ Initiates a oauthclient according to the workflows defined by OAuth2.0. We use requests-oauthlib for this implementation. The documentation of the package is located here: https://requests-oauthlib.readthedocs.io/en/latest/index.html The information for workflow selection must be provided via filip-config. The credentials must be provided via secrets-file. :return: None """ oauth2clients = {'authorization_code': None, 'implicit': MobileApplicationClient, 'resource_owner_password_credentials': LegacyApplicationClient, 'client_credentials': BackendApplicationClient, } try: workflow = self.config['auth']['workflow'] except KeyError: logger.warning(f"No workflow for OAuth2 defined! Default " f"workflow will used: Authorization Code Grant." f"Other oauth2-workflows available are: " f"{oauth2clients.keys()}") workflow = 'authorization_code_grant' oauthclient = oauth2clients[workflow](client_id=self.__secrets[ 'client_id']) self.session = OAuth2Session(client_id=None, client=oauthclient, auto_refresh_url=self.__secrets[ 'token_url'], auto_refresh_kwargs={ self.__secrets['client_id'], self.__secrets['client_secret']}) self.__token = self.session.fetch_token( token_url=self.__secrets['token_url'], username=self.__secrets['username'], password=self.__secrets['password'], client_id=self.__secrets['client_id'], client_secret=self.__secrets['client_secret']) def __token_saver(self, token): self.__token = token