Add possibility for token authentication (#102)

Petter Moe Kvalvaag · web-flow · commit 9450ca1e9be2 · 2022-02-17T11:46:47.000-08:00
* Add possibility for token authentication

* Add documentation for TOKEN setting
diff --git a/README.md b/README.md
@@ -67,6 +67,13 @@ in DATABASES control the behavior of the backend:
 
    String. Database user password.
 
+-  TOKEN
+
+   String. Access token fetched as a user or service principal which
+   has access to the database. E.g. when using `azure.identity`, the
+   result of `DefaultAzureCredential().get_token('https://database.windows.net/.default')`
+   can be passed.
+
 -  AUTOCOMMIT
 
    Boolean. Set this to `False` if you want to disable
diff --git a/mssql/base.py b/mssql/base.py
@@ -7,6 +7,7 @@
 import os
 import re
 import time
+import struct
 
 from django.core.exceptions import ImproperlyConfigured
 
@@ -53,7 +54,22 @@ def encode_connection_string(fields):
         '%s=%s' % (k, encode_value(v))
         for k, v in fields.items()
     )
+def prepare_token_for_odbc(token):
+    """
+    Will prepare token for passing it to the odbc driver, as it expects
+    bytes and not a string
+    :param token:
+    :return: packed binary byte representation of token string
+    """
+    if not isinstance(token, str):
+        raise TypeError("Invalid token format provided.")
 
+    tokenstr = token.encode()
+    exptoken = b""
+    for i in tokenstr:
+        exptoken += bytes({i})
+        exptoken += bytes(1)
+    return struct.pack("=i", len(exptoken)) + exptoken
 
 def encode_value(v):
     """If the value contains a semicolon, or starts with a left curly brace,
@@ -294,7 +310,7 @@ def get_new_connection(self, conn_params):
             cstr_parts['UID'] = user
             if 'Authentication=ActiveDirectoryInteractive' not in options_extra_params:
                 cstr_parts['PWD'] = password
-        else:
+        elif 'TOKEN' not in conn_params:
             if ms_drivers.match(driver) and 'Authentication=ActiveDirectoryMsi' not in options_extra_params:
                 cstr_parts['Trusted_Connection'] = trusted_connection
             else:
@@ -324,11 +340,17 @@ def get_new_connection(self, conn_params):
         conn = None
         retry_count = 0
         need_to_retry = False
+        args = {
+            'unicode_results': unicode_results,
+            'timeout': timeout,
+        }
+        if 'TOKEN' in conn_params:
+            args['attrs_before'] = {
+                1256: prepare_token_for_odbc(conn_params['TOKEN'])
+            }
         while conn is None:
             try:
-                conn = Database.connect(connstr,
-                                        unicode_results=unicode_results,
-                                        timeout=timeout)
+                conn = Database.connect(connstr, **args)
             except Exception as e:
                 for error_number in self._transient_error_numbers:
                     if error_number in e.args[1]:
