30514: Upgrade Python to use API Session Key (#10)

* Issue 30514: Upgrade Python to use API Session Key
  -- Also update automated tests

* Issue 30514: Upgrade Python to use API Session Key
  -- Code review: don't add apikey header if not specified
  -- Fix up automated tests

* API Key: move to session header
- remove SafeTLSAdapter in favor of normal TLS convention
- improve exception messaging when raising ServerContextError

* Update .gitignore

Author: labkey-nicka

.gitignore

@@ -1,4 +1,7 @@
 # Build Artifacts
 *.py[cod]
 build/
-dist/
+dist/
+
+# Project Artifacts
+.idea/

labkey/exceptions.py

@@ -17,7 +17,7 @@
 
 
 # base exception class for server responses
-class RequestError(exceptions.HTTPError):
+class RequestError(exceptions.RequestException):
     default_msg = 'Server Error'
 
     def __init__(self, server_response, **kwargs):
@@ -62,14 +62,21 @@ class ServerNotFoundError(RequestError):
     default_msg = 'Server resource not found. Please verify context path and project path are valid'
 
 
-class ServerContextError(exceptions.HTTPError):
-    def __init__(self, inner_exception=None):
-        self.message = self._get_message(inner_exception)
+class ServerContextError(RequestError):
+
+    def __init__(self, server_context, inner_exception):
+        self.message = self._get_message(server_context, inner_exception)
         self.exception = inner_exception
 
-    def _get_message(self, e):
+    @staticmethod
+    def _get_message(server_context, e):
         switcher = {
+            exceptions.ConnectionError:
+                'Failed to connect to server. Ensure the server_context domain, context_path, '
+                'and SSL are configured correctly.',
+            exceptions.InvalidURL:
+                'Failed to parse URL. Context is ' + str(server_context),
             exceptions.SSLError:
                 'Failed to match server SSL configuration. Ensure the server_context is configured correctly.'
         }
-        return switcher.get(type(e), 'Please verify server_context is configured correctly')
+        return switcher.get(type(e), 'Please verify server_context is configured correctly.')

labkey/utils.py

@@ -16,20 +16,18 @@
 from __future__ import unicode_literals
 
 import requests
-import ssl
 
-from requests.adapters import HTTPAdapter
-from requests.exceptions import SSLError
-from requests.packages.urllib3.poolmanager import PoolManager
-from labkey.exceptions import RequestError, RequestAuthorizationError, QueryNotFoundError, \
-    ServerContextError, ServerNotFoundError
+from requests.exceptions import RequestException
+from labkey.exceptions import RequestError, RequestAuthorizationError, QueryNotFoundError, ServerContextError, \
+    ServerNotFoundError
 
 __default_timeout = 60 * 5  # 5 minutes
+API_KEY_TOKEN = 'apikey'
 CSRF_TOKEN = 'X-LABKEY-CSRF'
 DISABLE_CSRF_CHECK = False  # Used by tests to disable CSRF token check
 
 
-def create_server_context(domain, container_path, context_path=None, use_ssl=True):
+def create_server_context(domain, container_path, context_path=None, use_ssl=True, api_key=None):
     """
     Create a LabKey server context. This context is used to encapsulate properties
     about the LabKey server that is being requested against. This includes, but is not limited to,
@@ -38,9 +36,17 @@ def create_server_context(domain, container_path, context_path=None, use_ssl=Tru
     :param container_path:
     :param context_path:
     :param use_ssl:
+    :param api_key:
     :return:
     """
-    config = dict(domain=domain, container_path=container_path, context_path=context_path, use_ssl=use_ssl)
+    config = dict(
+        domain=domain,
+        container_path=container_path,
+        context_path=context_path,
+        use_ssl=use_ssl,
+        api_key=api_key
+    )
+
     return ServerContext(**config)
 
 
@@ -57,6 +63,12 @@ def build_url(server_context, controller, action, container_path=None):
     return server_context.build_url(controller, action, container_path=container_path)
 
 
+def handle_request_exception(e, server_context=None):
+    if type(e) in [RequestAuthorizationError, QueryNotFoundError, ServerNotFoundError]:
+        raise e
+    raise ServerContextError(server_context, e)
+
+
 def handle_response(response):
     sc = response.status_code
 
@@ -81,32 +93,23 @@ def handle_response(response):
             # could not decode response
             raise ServerNotFoundError(response)
     else:
+        # consider response.raise_for_status()
         raise RequestError(response)
 
 
-# _ssl.c:504: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
-# http://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/
-class SafeTLSAdapter(HTTPAdapter):
-    def init_poolmanager(self, connections, maxsize, block=False):
-        self.poolmanager = PoolManager(num_pools=connections,
-                                       maxsize=maxsize,
-                                       block=block,
-                                       ssl_version=ssl.PROTOCOL_TLSv1)
-
-
 class ServerContext(object):
 
     def __init__(self, **kwargs):
         self._container_path = kwargs.pop('container_path', None)
         self._context_path = kwargs.pop('context_path', None)
         self._domain = kwargs.pop('domain', None)
         self._use_ssl = kwargs.pop('use_ssl', True)
+        self._api_key = kwargs.pop('api_key', None)
 
         self._session = requests.Session()
 
         if self._use_ssl:
             self._scheme = 'https://'
-            self._session.mount(self._scheme, SafeTLSAdapter())
         else:
             self._scheme = 'http://'
 
@@ -129,6 +132,14 @@ def build_url(self, controller, action, container_path=None):
 
     def make_request(self, url, payload, headers=None, timeout=300, method='POST'):
 
+        if self._api_key is not None:
+            global API_KEY_TOKEN
+
+            if self._session.headers.get(API_KEY_TOKEN) is not self._api_key:
+                self._session.headers.update({
+                    API_KEY_TOKEN: self._api_key
+                })
+
         if not DISABLE_CSRF_CHECK:
             global CSRF_TOKEN
 
@@ -140,14 +151,14 @@ def make_request(self, url, payload, headers=None, timeout=300, method='POST'):
                     self._session.headers.update({
                         CSRF_TOKEN: response['CSRF']
                     })
-                except SSLError as e:
-                    raise ServerContextError(e)
+                except RequestException as e:
+                    handle_request_exception(e, server_context=self)
 
         try:
             if method is 'GET':
                 raw_response = self._session.get(url, params=payload, headers=headers, timeout=timeout)
             else:
                 raw_response = self._session.post(url, data=payload, headers=headers, timeout=timeout)
             return handle_response(raw_response)
-        except SSLError as e:
-            raise ServerContextError(e)
+        except RequestException as e:
+            handle_request_exception(e, server_context=self)

test/test_query_api.py

@@ -59,7 +59,7 @@ def setUp(self):
         self.expected_kwargs = {
             'expected_args': [self.service.get_server_url()],
             'data': '{"queryName": "' + query + '", "rows": "{id:1234}", "schemaName": "' + schema + '"}',
-            'headers': {u'Content-Type': u'application/json'},
+            'headers': {'Content-Type': 'application/json'},
             'timeout': 300
         }
 
@@ -101,7 +101,7 @@ def setUp(self):
         self.expected_kwargs = {
             'expected_args': [self.service.get_server_url()],
             'data': '{"queryName": "' + query + '", "rows": "{id:1234}", "schemaName": "' + schema + '"}',
-            'headers': {u'Content-Type': u'application/json'},
+            'headers': {'Content-Type': 'application/json'},
             'timeout': 300
         }
 
@@ -143,7 +143,7 @@ def setUp(self):
         self.expected_kwargs = {
             'expected_args': [self.service.get_server_url()],
             'data': '{"queryName": "' + query + '", "rows": "{id:1234}", "schemaName": "' + schema + '"}',
-            'headers': {u'Content-Type': u'application/json'},
+            'headers': {'Content-Type': 'application/json'},
             'timeout': 300
         }
 

test/test_security.py

@@ -509,7 +509,7 @@ def setUp(self):
         }
 
         self.args = [
-            mock_server_context(self.service),
+            mock_server_context(self.service)
         ]
 
     def test_success(self):

test/test_utils.py

@@ -29,7 +29,8 @@ def mock_server_context(mock_action):
     with mock.patch('labkey.utils.requests.sessions.Session.get') as mock_get:
 
         mock_get.return_value = mock_action.get_csrf_response()
-        return create_server_context(mock_action.server_name, mock_action.project_path, mock_action.context_path)
+        return create_server_context(mock_action.server_name, mock_action.project_path, mock_action.context_path,
+                                     api_key=mock_action.api_key)
 
 
 def success_test(test, expected_response, api_method, compare_response, *args, **expected_kwargs):
@@ -83,6 +84,7 @@ class MockLabKey:
     default_server_not_found_body = ''
     default_query_not_found_body = ''
     default_general_server_error_body = ''
+    default_api_key = None
 
     def __init__(self, **kwargs):
         self.protocol = kwargs.pop('protocol', self.default_protocol)
@@ -95,6 +97,7 @@ def __init__(self, **kwargs):
         self.server_not_found_body = kwargs.pop('server_not_found_body', self.default_server_not_found_body)
         self.query_not_found_body = kwargs.pop('query_not_found_body', self.default_query_not_found_body)
         self.general_server_error_body = kwargs.pop('general_server_error_body', self.default_general_server_error_body)
+        self.api_key = kwargs.pop('api_key', self.default_api_key)
 
     def _get_mock_response(self, code, url, body):
         mock_response = mock.Mock(requests.Response)