[IMP] connector_magento: custom User-Agent

Ability to make all petitions with a custom User-Agent. Many sysadmins implement filters based in *User-Agent* of received petitions, discarding generic ones like `python/requests` to avoid DDOS attacks.
OCA · Oct 25, 2020 · f751c62 · f751c62
1 parent 6834069
commit f751c62
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 5 deletions.
diff --git a/connector_magento/components/backend_adapter.py b/connector_magento/components/backend_adapter.py
@@ -38,6 +38,7 @@ def __init__(self, location, username, password, token, version,
         self.use_auth_basic = False
         self.auth_basic_username = None
         self.auth_basic_password = None
+        self.user_agent = None
 
     @property
     def location(self):
@@ -53,15 +54,18 @@ def location(self):
 
 class Magento2Client(object):
 
-    def __init__(self, url, token, verify_ssl=True, use_custom_api_path=False):
+    def __init__(self, url, token, verify_ssl=True, use_custom_api_path=False,
+                 user_agent=None):
         if not use_custom_api_path:
             url += '/' if not url.endswith('/') else ''
             url += 'index.php/rest/V1'
         self._url = url
         self._token = token
         self._verify_ssl = verify_ssl
+        self.user_agent = user_agent
 
-    def call(self, resource_path, arguments, http_method=None, storeview=None):
+    def call(self, resource_path, arguments, http_method=None,
+             storeview=None, headers=None):
         if resource_path is None:
             _logger.exception('Magento2 REST API called without resource path')
             raise NotImplementedError
@@ -72,8 +76,16 @@ def call(self, resource_path, arguments, http_method=None, storeview=None):
         if http_method is None:
             http_method = 'get'
         function = getattr(requests, http_method)
-        headers = {'Authorization': 'Bearer %s' % self._token}
-        kwargs = {'headers': headers}
+        base_headers = {
+            'Authorization': 'Bearer %s' % self._token,
+        }
+        if self.user_agent:
+            base_headers.update({
+                'User-Agent': self.user_agent,
+            })
+        if headers:
+            base_headers.update(headers)
+        kwargs = {'headers': base_headers}
         if http_method == 'get':
             kwargs['params'] = arguments
         elif arguments is not None:
@@ -112,7 +124,8 @@ def api(self):
                     self._location.location,
                     self._location.token,
                     self._location.verify_ssl,
-                    use_custom_api_path=self._location.use_custom_api_path
+                    use_custom_api_path=self._location.use_custom_api_path,
+                    user_agent=self._location.user_agent,
                 )
             self._api = api
         return self._api

diff --git a/connector_magento/models/magento_backend/common.py b/connector_magento/models/magento_backend/common.py
@@ -87,6 +87,10 @@ def _get_stock_field_id(self):
         string='Verify SSL certificate',
         default=True,
         help="Only for Magento 2.0+")
+    user_agent = fields.Char(
+        string='User Agent',
+        help="Custom user agent to use instead of library's one",
+    )
     sale_prefix = fields.Char(
         string='Sale Prefix',
         help="A prefix put before the name of imported sales orders.\n"
@@ -210,6 +214,8 @@ def work_on(self, model_name, **kwargs):
             magento_location.use_auth_basic = True
             magento_location.auth_basic_username = self.auth_basic_username
             magento_location.auth_basic_password = self.auth_basic_password
+        if self.user_agent:
+            magento_location.user_agent = self.user_agent
         # We create a Magento Client API here, so we can create the
         # client once (lazily on the first use) and propagate it
         # through all the sync session, instead of recreating a client

diff --git a/connector_magento/views/magento_backend_views.xml b/connector_magento/views/magento_backend_views.xml
@@ -33,6 +33,7 @@
                                            attrs="{'invisible': [('version', '!=', '1.7')], 'required': [('version', '=', '1.7')]}"/>
                                     <field name="token" password="1" colspan="2"
                                            attrs="{'invisible': [('version', '=', '1.7')], 'required': [('version', '!=', '1.7')]}"/>
+                                    <field name="user_agent" colspan="2"/>
                                 </group>
                             </page>
                             <page string="HTTP Authentication" name="auth" colspan="4" col="4">