adding support for v3.7.x REST API authentication

Author: Glenn Snyder

blackduck/HubRestApi.py

@@ -56,6 +56,9 @@ class CreateFailedAlreadyExists(Exception):
 class CreateFailedUnknown(Exception):
  pass
 
+class UnknownVersion(Exception):
+ pass
+
 class HubInstance(object):
  '''
  classdocs
@@ -89,7 +92,8 @@ def __init__(self, *args, **kwargs):
  if self.config['debug']:
  print(self.configfile)
 
- self.token, self.csrf_token = self.get_auth_token()
+ self.token, self.csrf_token, self.cookie = self.get_auth_token()
+ self.bd_major_version = self._get_major_version()
 
 
  def read_config(self):
@@ -114,7 +118,7 @@ def get_auth_token(self):
  )
  csrf_token = response.headers['X-CSRF-TOKEN']
  bearer_token = json.loads(response.content.decode('utf-8'))['bearerToken']
- return (bearer_token, csrf_token)
+ return (bearer_token, csrf_token, None)
  else:
  authendpoint="/j_spring_security_check"
  url = self.config['baseurl'] + authendpoint
@@ -125,8 +129,27 @@ def get_auth_token(self):
  response = session.post(url, credentials, verify= not self.config['insecure'])
  cookie = response.headers['Set-Cookie']
  token = cookie[cookie.index('=')+1:cookie.index(';')]
- return (token, None)
+ return (token, None, cookie)
 
+ def _get_major_version(self):
+ '''Get the version info from the server, if available, and
+ return the major version number as string
+ '''
+ session = requests.session()
+ url = self.config['baseurl'] + "/api/current-version"
+ response = session.get(url, verify = not self.config['insecure'])
+ version_info = response.json()
+
+ if response.status_code == 200:
+ if 'version' in version_info:
+ return version_info['version'].split(".")[0]
+ else:
+ raise UnknownVersion("Did not find the 'version' key in the response to a successful GET on /api/current-version")
+ else:
+ # the only version of Black Duck not having the /api/current-version
+ # endpoint are v3, so assume it's that
+ return "3"
+
  def get_urlbase(self):
  return self.config['baseurl']
 
@@ -137,7 +160,10 @@ def get_headers(self):
  'Authorization': 'Bearer {}'.format(self.token), 
  'Content-Type': 'application/json'}
  else:
- return {"Authorization":"Bearer " + self.token}
+ if self.bd_major_version == "3":
+ return {"Cookie": self.cookie}
+ else:
+ return {"Authorization":"Bearer " + self.token}
 
  def get_api_version(self):
  url = self.get_urlbase() + '/api/current-version'

blackduck/__version__.py

@@ -1,4 +1,4 @@
 
-VERSION = (0, 0, 4)
+VERSION = (0, 0, 5)
 
 __version__ = '.'.join(map(str, VERSION))

test/test_hub_rest_api_python.py

@@ -43,9 +43,21 @@ def teardown_function(function):
 @pytest.fixture()
 def mock_hub_instance(requests_mock):
  requests_mock.post(
- "https://my-hub-host/j_spring_security_check", 
+ "{}/j_spring_security_check".format(fake_hub_host), 
  headers={"Set-Cookie": 'AUTHORIZATION_BEARER={}; Path=/; secure; Secure; HttpOnly'.format(invalid_bearer_token)}
  )
+ requests_mock.get(
+ "{}/api/current-version".format(fake_hub_host),
+ json = {
+ "version": "2018.11.0",
+ "_meta": {
+ "allow": [
+ "GET"
+ ],
+ "href": "{}/api/current-version".format(fake_hub_host)
+ }
+ }
+ )
  yield HubInstance(fake_hub_host, "a_username", "a_password")
 
 @pytest.fixture()
@@ -58,6 +70,18 @@ def mock_hub_instance_using_api_token(requests_mock):
  'Content-Type': 'application/json'
  }
  )
+ requests_mock.get(
+ "{}/api/current-version".format(fake_hub_host),
+ json = {
+ "version": "2018.11.0",
+ "_meta": {
+ "allow": [
+ "GET"
+ ],
+ "href": "{}/api/current-version".format(fake_hub_host)
+ }
+ }
+ )
 
  yield HubInstance(fake_hub_host, api_token=made_up_api_token)
 
@@ -82,6 +106,54 @@ def test_vulnerability_info(requests_mock):
  with open("sample-vulnerability.json") as sample_vulnerability_file:
  yield json.loads(sample_vulnerability_file.read())
 
+def test_get_major_version(requests_mock):
+ requests_mock.post(
+ "{}/j_spring_security_check".format(fake_hub_host), 
+ headers={"Set-Cookie": 'AUTHORIZATION_BEARER={}; Path=/; secure; Secure; HttpOnly'.format(invalid_bearer_token)}
+ )
+ for version in ["2018.11.0", "5.0.2", "4.8.3", "3.7.2"]:
+ expected = version.split(".")[0]
+ requests_mock.get(
+ "{}/api/current-version".format(fake_hub_host),
+ json = {
+ "version": "{}".format(version),
+ "_meta": {
+ "allow": [
+ "GET"
+ ],
+ "href": "{}/api/current-version".format(fake_hub_host)
+ }
+ }
+ )
+ hub = HubInstance(fake_hub_host, "a_username", "a_password")
+ assert hub.bd_major_version == expected
+
+def test_get_headers(mock_hub_instance):
+ # somewhat contrived, but it does execute all the paths
+ # TODO: better way to test this one?
+ #
+ the_api_token = "fake-api-token"
+ the_csrf_token = "fake-csrf-token"
+ the_token = "fake-bearer-token"
+ mock_hub_instance.config['api_token'] = the_api_token
+ mock_hub_instance.csrf_token = the_csrf_token
+ mock_hub_instance.token = the_token
+
+ assert mock_hub_instance.get_headers() == {
+ 'X-CSRF-TOKEN': the_csrf_token, 
+ 'Authorization': "Bearer {}".format(the_token),
+ 'Content-Type': 'application/json'}
+
+ del mock_hub_instance.config['api_token']
+ for bd_major_version in ["2018", "5", "4", "3"]:
+ if bd_major_version == "3":
+ expected = {"Cookie": mock_hub_instance.cookie}
+ else:
+ expected = {"Authorization":"Bearer " + mock_hub_instance.token}
+
+ mock_hub_instance.bd_major_version = bd_major_version
+ assert mock_hub_instance.get_headers() == expected
+
 def test_get_policy_url(mock_hub_instance):
  assert mock_hub_instance._get_policy_url() == fake_hub_host + "/api/policy-rules"
 
@@ -114,6 +186,19 @@ def test_hub_instance_with_write_config(requests_mock):
  "https://my-hub-host/j_spring_security_check", 
  headers={"Set-Cookie": 'AUTHORIZATION_BEARER={}; Path=/; secure; Secure; HttpOnly'.format(invalid_bearer_token)}
  )
+ requests_mock.get(
+ "{}/api/current-version".format(fake_hub_host),
+ json = {
+ "version": "2018.11.0",
+ "_meta": {
+ "allow": [
+ "GET"
+ ],
+ "href": "{}/api/current-version".format(fake_hub_host)
+ }
+ }
+ )
+ 
  with patch("builtins.open", new_callable=mock_open()) as m:
  with patch('json.dump') as m_json:
  hub = HubInstance(fake_hub_host, "a_username", "a_password")
@@ -126,6 +211,19 @@ def test_hub_instance_with_write_config_false(requests_mock):
  "https://my-hub-host/j_spring_security_check", 
  headers={"Set-Cookie": 'AUTHORIZATION_BEARER={}; Path=/; secure; Secure; HttpOnly'.format(invalid_bearer_token)}
  )
+ requests_mock.get(
+ "{}/api/current-version".format(fake_hub_host),
+ json = {
+ "version": "2018.11.0",
+ "_meta": {
+ "allow": [
+ "GET"
+ ],
+ "href": "{}/api/current-version".format(fake_hub_host)
+ }
+ }
+ )
+
  with patch.object(HubInstance, "write_config") as mock_write_config:
  hub = HubInstance(fake_hub_host, "a_username", "a_password", write_config_flag=False)