Merge pull request #239 from cloudant/235-add-session-renewal-option

alfinkel · web-flow · commit 3d95c61a92d9 · 2016-11-02T09:59:06.000-05:00
Add session auto-renewal option
diff --git a/src/cloudant/_2to3.py b/src/cloudant/_2to3.py
@@ -33,6 +33,7 @@
 if PY2:
     # pylint: disable=wrong-import-position,no-name-in-module,import-error,unused-import
     from urllib import quote as url_quote, quote_plus as url_quote_plus
+    from urlparse import urlparse as url_parse
     from ConfigParser import RawConfigParser
 
     def iteritems_(adict):
@@ -53,7 +54,9 @@ def next_(itr):
         """
         return itr.next()
 else:
-    from urllib.parse import quote as url_quote, quote_plus as url_quote_plus  # pylint: disable=wrong-import-position,no-name-in-module,import-error,ungrouped-imports
+    from urllib.parse import urlparse as url_parse  # pylint: disable=wrong-import-position,no-name-in-module,import-error,ungrouped-imports
+    from urllib.parse import quote as url_quote  # pylint: disable=wrong-import-position,no-name-in-module,import-error,ungrouped-imports
+    from urllib.parse import quote_plus as url_quote_plus  # pylint: disable=wrong-import-position,no-name-in-module,import-error,ungrouped-imports
     from configparser import RawConfigParser  # pylint: disable=wrong-import-position,no-name-in-module,import-error
 
     def iteritems_(adict):
diff --git a/src/cloudant/_common_util.py b/src/cloudant/_common_util.py
@@ -21,8 +21,9 @@
 import platform
 from collections import Sequence
 import json
+from requests import Session
 
-from ._2to3 import STRTYPE, NONETYPE, UNITYPE, iteritems_
+from ._2to3 import STRTYPE, NONETYPE, UNITYPE, iteritems_, url_parse
 from .error import CloudantArgumentError
 
 # Library Constants
@@ -288,3 +289,40 @@ class _Code(str):
     """
     def __new__(cls, code):
         return str.__new__(cls, code)
+
+class InfiniteSession(Session):
+    """
+    This class provides for the ability to automatically renew session login
+    information in the event of expired session authentication.
+    """
+
+    def __init__(self, username, password, server_url):
+        super(InfiniteSession, self).__init__()
+        self._username = username
+        self._password = password
+        self._server_url = server_url
+
+    def request(self, method, url, **kwargs):
+        """
+        Overrides ``requests.Session.request`` to perform a POST to the
+        _session endpoint to renew Session cookie authentication settings and
+        then retry the original request, if necessary.
+        """
+        resp = super(InfiniteSession, self).request(method, url, **kwargs)
+        path = url_parse(url).path.lower()
+        post_to_session = method.upper() == 'POST' and path == '/_session'
+        is_expired = any((
+            resp.status_code == 403 and
+            resp.json().get('error') == 'credentials_expired',
+            resp.status_code == 401
+        ))
+        if not post_to_session and is_expired:
+            super(InfiniteSession, self).request(
+                'POST',
+                '/'.join([self._server_url, '_session']),
+                data={'name': self._username, 'password': self._password},
+                headers={'Content-Type': 'application/x-www-form-urlencoded'}
+            )
+            resp = super(InfiniteSession, self).request(method, url, **kwargs)
+
+        return resp
diff --git a/src/cloudant/client.py b/src/cloudant/client.py
@@ -25,7 +25,11 @@
 from .database import CloudantDatabase, CouchDatabase
 from .feed import Feed, InfiniteFeed
 from .error import CloudantException, CloudantArgumentError
-from ._common_util import USER_AGENT, append_response_error_content
+from ._common_util import (
+    USER_AGENT,
+    append_response_error_content,
+    InfiniteSession
+)
 
 
 class CouchDB(dict):
@@ -49,6 +53,9 @@ class CouchDB(dict):
         configuring requests.
     :param bool connect: Keyword argument, if set to True performs the call to
         connect as part of client construction.  Default is False.
+    :param bool auto_renew: Keyword argument, if set to True performs
+        automatic renewal of expired session authentication settings.
+        Default is False.
     """
     _DATABASE_CLASS = CouchDatabase
 
@@ -63,7 +70,9 @@ def __init__(self, user, auth_token, admin_party=False, **kwargs):
         self.encoder = kwargs.get('encoder') or json.JSONEncoder
         self.adapter = kwargs.get('adapter')
         self.r_session = None
-        if kwargs.get('connect', False):
+        self._auto_renew = kwargs.get('auto_renew', False)
+        connect_to_couch = kwargs.get('connect', False)
+        if connect_to_couch and self._DATABASE_CLASS == CouchDatabase:
             self.connect()
 
     def connect(self):
@@ -74,7 +83,14 @@ def connect(self):
         if self.r_session:
             return
 
-        self.r_session = requests.Session()
+        if self._auto_renew and not self.admin_party:
+            self.r_session = InfiniteSession(
+                self._user,
+                self._auth_token,
+                self.server_url
+            )
+        else:
+            self.r_session = requests.Session()
         # If a Transport Adapter was supplied add it to the session
         if self.adapter is not None:
             self.r_session.mount(self.server_url, self.adapter)
@@ -398,7 +414,6 @@ class Cloudant(CouchDB):
 
     def __init__(self, cloudant_user, auth_token, **kwargs):
         super(Cloudant, self).__init__(cloudant_user, auth_token, **kwargs)
-
         self._client_user_header = {'User-Agent': USER_AGENT}
         account = kwargs.get('account')
         url = kwargs.get('url')
@@ -413,6 +428,9 @@ def __init__(self, cloudant_user, auth_token, **kwargs):
         if self.server_url is None:
             raise CloudantException('You must provide a url or an account.')
 
+        if kwargs.get('connect', False):
+            self.connect()
+
     def db_updates(self, raw_data=False, **kwargs):
         """
         Returns the ``_db_updates`` feed iterator.  The ``_db_updates`` feed can
diff --git a/tests/unit/auth_renewal_tests.py b/tests/unit/auth_renewal_tests.py
@@ -0,0 +1,143 @@
+#!/usr/bin/env python
+# Copyright (c) 2016 IBM. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+Unit tests for the renewal of cookie auth
+
+See configuration options for environment variables in unit_t_db_base
+module docstring.
+"""
+import unittest
+import os
+import requests
+import time
+
+from cloudant._common_util import InfiniteSession
+
+from .unit_t_db_base import UnitTestDbBase
+
+@unittest.skipIf(os.environ.get('ADMIN_PARTY') == 'true', 'Skipping - Admin Party mode')
+class AuthRenewalTests(UnitTestDbBase):
+    """
+    Auto renewal tests primarily testing the InfiniteSession functionality
+    """
+
+    def setUp(self):
+        """
+        Override UnitTestDbBase.setUp() with no set up
+        """
+        pass
+
+    def tearDown(self):
+        """
+        Override UnitTestDbBase.tearDown() with no tear down
+        """
+        pass
+        
+    def test_client_db_doc_stack_success(self):
+        """
+        Ensure that auto renewal of cookie auth happens as expected and applies
+        to all references of r_session throughout the library.
+        """
+        try:
+            self.set_up_client(auto_connect=True, auto_renew=True)
+            db = self.client._DATABASE_CLASS(self.client, self.dbname())
+            db.create()
+            db_2 = self.client._DATABASE_CLASS(self.client, self.dbname())
+            doc = db.create_document({'_id': 'julia001', 'name': 'julia'})
+
+            auth_session = self.client.r_session.cookies.get('AuthSession')
+            db_auth_session = db.r_session.cookies.get('AuthSession')
+            db_2_auth_session = db_2.r_session.cookies.get('AuthSession')
+            doc_auth_session = doc.r_session.cookies.get('AuthSession')
+            
+            self.assertIsInstance(self.client.r_session, InfiniteSession)
+            self.assertIsInstance(db.r_session, InfiniteSession)
+            self.assertIsInstance(db_2.r_session, InfiniteSession)
+            self.assertIsInstance(doc.r_session, InfiniteSession)
+            self.assertIsNotNone(auth_session)
+            self.assertTrue(
+                auth_session ==
+                db_auth_session ==
+                db_2_auth_session ==
+                doc_auth_session
+            )
+            self.assertTrue(db.exists())
+            self.assertTrue(doc.exists())
+
+            # Will cause a 401 response to be handled internally
+            self.client.r_session.cookies.clear()
+            self.assertIsNone(self.client.r_session.cookies.get('AuthSession'))
+            self.assertIsNone(db.r_session.cookies.get('AuthSession'))
+            self.assertIsNone(db_2.r_session.cookies.get('AuthSession'))
+            self.assertIsNone(doc.r_session.cookies.get('AuthSession'))
+
+            time.sleep(1) # Ensure a different cookie auth value
+
+            # 401 response handled by renew of cookie auth and retry of request
+            db_2.create()
+
+            new_auth_session = self.client.r_session.cookies.get('AuthSession')
+            new_db_auth_session = db.r_session.cookies.get('AuthSession')
+            new_db_2_auth_session = db_2.r_session.cookies.get('AuthSession')
+            new_doc_auth_session = doc.r_session.cookies.get('AuthSession')
+            self.assertIsNotNone(new_auth_session)
+            self.assertNotEqual(new_auth_session, auth_session)
+            self.assertTrue(
+                new_auth_session ==
+                new_db_auth_session ==
+                new_db_2_auth_session ==
+                new_doc_auth_session
+            )
+            self.assertTrue(db.exists())
+            self.assertTrue(doc.exists())
+        finally:
+            # Clean up
+            self.client.delete_database(db.database_name)
+            self.client.delete_database(db_2.database_name)
+            self.client.disconnect()
+            del self.client
+
+    def test_client_db_doc_stack_failure(self):
+        """
+        Ensure that when the regular requests.Session is used that
+        cookie auth renewal is not handled.
+        """
+        try:
+            self.set_up_client(auto_connect=True)
+            db = self.client._DATABASE_CLASS(self.client, self.dbname())
+            db.create()
+            
+            self.assertIsInstance(self.client.r_session, requests.Session)
+            self.assertIsInstance(db.r_session, requests.Session)
+
+            # Will cause a 401 response
+            self.client.r_session.cookies.clear()
+            
+            # 401 response expected to raised
+            with self.assertRaises(requests.HTTPError) as cm:
+                db.delete()
+            self.assertEqual(cm.exception.response.status_code, 401)
+        finally:
+            # Manual reconnect
+            self.client.disconnect()
+            self.client.connect()
+            # Clean up
+            self.client.delete_database(db.database_name)
+            self.client.disconnect()
+            del self.client
+
+
+if __name__ == '__main__':
+    unittest.main()
diff --git a/tests/unit/client_tests.py b/tests/unit/client_tests.py
@@ -32,6 +32,7 @@
 from cloudant.client import Cloudant, CouchDB
 from cloudant.error import CloudantException, CloudantArgumentError
 from cloudant.feed import Feed, InfiniteFeed
+from cloudant._common_util import InfiniteSession
 
 from .unit_t_db_base import UnitTestDbBase
 from .. import bytes_, str_
@@ -120,6 +121,33 @@ def test_multiple_connect(self):
             self.client.disconnect()
             self.assertIsNone(self.client.r_session)
 
+    def test_auto_renew_enabled(self):
+        """
+        Test that InfiniteSession is used when auto_renew is enabled.
+        """
+        try:
+            self.set_up_client(auto_renew=True)
+            self.client.connect()
+            if os.environ.get('ADMIN_PARTY') == 'true':
+                self.assertIsInstance(self.client.r_session, requests.Session)
+            else:
+                self.assertIsInstance(self.client.r_session, InfiniteSession)
+        finally:
+            self.client.disconnect()
+
+    def test_auto_renew_enabled_with_auto_connect(self):
+        """
+        Test that InfiniteSession is used when auto_renew is enabled along with
+        an auto_connect.
+        """
+        try:
+            self.set_up_client(auto_connect=True, auto_renew=True)
+            if os.environ.get('ADMIN_PARTY') == 'true':
+                self.assertIsInstance(self.client.r_session, requests.Session)
+            else:
+                self.assertIsInstance(self.client.r_session, InfiniteSession)
+        finally:
+            self.client.disconnect()
 
     def test_session(self):
         """
diff --git a/tests/unit/database_tests.py b/tests/unit/database_tests.py
@@ -1333,11 +1333,7 @@ def test_get_search_result_with_both_q_and_query(self):
             self.db.get_search_result('searchddoc001', 'searchindex001',
                                       query='julia*', q='julia*')
         err = cm.exception
-        self.assertEqual(
-            str(err),
-            'A single query/q parameter is required. '
-            'Found: {\'q\': \'julia*\', \'query\': \'julia*\'}'
-        )
+        self.assertTrue(str(err).startswith('A single query/q parameter is required.'))
 
     def test_get_search_result_with_invalid_value_types(self):
         """
diff --git a/tests/unit/unit_t_db_base.py b/tests/unit/unit_t_db_base.py
@@ -135,7 +135,7 @@ def setUp(self):
         """
         self.set_up_client()
 
-    def set_up_client(self, auto_connect=False, encoder=None):
+    def set_up_client(self, auto_connect=False, auto_renew=False, encoder=None):
         if os.environ.get('RUN_CLOUDANT_TESTS') is None:
             admin_party = False
             if (os.environ.get('ADMIN_PARTY') and
@@ -150,6 +150,7 @@ def set_up_client(self, auto_connect=False, encoder=None):
                 admin_party,
                 url=self.url,
                 connect=auto_connect,
+                auto_renew=auto_renew,
                 encoder=encoder
             )
         else:
@@ -165,6 +166,7 @@ def set_up_client(self, auto_connect=False, encoder=None):
                 url=self.url,
                 x_cloudant_user=self.account,
                 connect=auto_connect,
+                auto_renew=auto_renew,
                 encoder=encoder
             )
 
