subvertpy
subvertpy copied to clipboard
jelmer
examples/documentation for authentication & ssl cert handling
I'm trying to use subvertpy to connect to a repo that can only be accessed over https and requires credentials be passed via basic auth (although I may also need to support public/private key in the future). I've looked in the code repo, the module documentation, and googled for examples but I just can't find enough information to figure out how to get this to work. I would greatly appreciate any help pointing me in the right direction.
Hi,
On Wed, Oct 16, 2013 at 03:10:08PM -0700, Rebecca Sutton Koeser wrote:
I'm trying to use subvertpy to connect to a repo that can only be accessed over https and requires credentials be passed via basic auth (although I may also need to support public/private key in the future). I've looked in the code repo, the module documentation, and googled for examples but I just can't find enough information to figure out how to get this to work. I would greatly appreciate any help pointing me in the right direction.
The documentation is a bit... scarce, indeed. I'll see if I can add an example that demonstrates the use of the credentials subsystem tonight.
Any examples you can provide would be helpful. I have to decide soon which python subversion implementation/binding I'm going to use, and subvertpy seems like the nicest option if I can get it do what I need.
I'm willing to contribute to the documentation if that helps - e.g. if you can provide or point to examples for auth + ssl handling I could potentially write it up once I get it working.
Sorry, I keep running out of time to write a proper example.
The short story is (assuming you're using the subvertpy.ra module): you need pass in a 'Auth' object to the RemoteAccess object. IIRC it's a keyword parameter named 'auth'.
An Auth object can be created by specifying a list of "auth providers". Auth providers are objects that get queried when authentication information of any sort is needed.
You can implement your own auth providers or you can use the stock auth providers that read from e.g. ~/.subversion or prompt on the command-line.
The most extensive example I know of that uses the Auth object is bzr-svn. An example of its auth code can be found at https://bazaar.launchpad.net/~bzr-svn/bzr-svn/1.2/view/head:/auth.py . create_auth_baton() is the main worker function.
Hope this helps. Please let me know if there's anything I should expand on.
Ok, here is what I came up with based on the code you pointed me to; this works for using a configured svn username and password. It's not actually clear to me if I need all of these or not. I like the idea of pulling credentials from .subversion - should one of these stock providers be doing that (if so, it didn't seem to work)? Or is there another one I need to use?
import subvertpy
from subvertpy import client, ra
from django.conf import settings
def svn_client():
# create an auth object with stock svn providers
auth = ra.Auth([
ra.get_simple_provider(),
ra.get_username_provider(),
ra.get_ssl_client_cert_file_provider(),
ra.get_ssl_client_cert_pw_file_provider(),
ra.get_ssl_server_trust_file_provider(),
])
# use configured svn username / password
auth.set_parameter(subvertpy.AUTH_PARAM_DEFAULT_USERNAME,
settings.SVN_USERNAME)
auth.set_parameter(subvertpy.AUTH_PARAM_DEFAULT_PASSWORD,
settings.SVN_PASSWORD)
return client.Client(auth=auth)
I just checked, and this auth setup seems to be working with the RemoteAccess also.
As a side note, is there a better way to communicate questions than github issues? For example, today I was working with the file properties returned by the client list method and it took me a while to figure out why the modification time couldn't be treated as a standard unix timestamp - I eventually figured it out by searching the code and finding this: https://github.com/jelmer/subvertpy/blob/f5608aa28506cfc0eb62e7a780b60f6aecb88135/subvertpy/properties.py#L50
I don't know if it's documented somewhere and I just don't know where to look, or whether it is something that's specific to subversion or to subvertpy.
On Thu, Oct 24, 2013 at 03:59:38PM -0700, Rebecca Sutton Koeser wrote:
Ok, here is what I came up with based on the code you pointed me to; this works for using a configured svn username and password. It's not actually clear to me if I need all of these or not. I like the idea of pulling credentials from .subversion - should one of these stock providers be doing that (if so, it didn't seem to work)? Or is there another one I need to use? Yep, the stock *_file_provider() providers should be pulling in data from ~/.subversion.
There's also a couple of other providers that will prompt the user for credentials on the console (get_username_prompt_provider, get_simple_prompt_provider). I don't think they update ~/.subversion though, so you'd have to do that manually.
As a side note, is there a better way to communicate questions than github issues? For example, today I was working with the file properties returned by the client list method and it took me a while to figure out why the modification time couldn't be treated as a standard unix timestamp - I eventually figured it out by searching the code and finding this: https://github.com/jelmer/subvertpy/blob/f5608aa28506cfc0eb62e7a780b60f6aecb88135/subvertpy/properties.py#L50 Usually people just e-mail me ([email protected]). I've been meaning to set up a mailing list so replies can be found later, but that hasn't happened yet.
I don't know if it's documented somewhere and I just don't know where to look, or whether it is something that's specific to subversion or to subvertpy. There is some basic documentation in the Subversion auth header file (https://subversion.apache.org/docs/api/1.7/svn__auth_8h.html); the auth functions in subvertpy are basic wrappers of the C functions described there.
If you do get it to work, any contributions to the documentation (what little of it exists) are very welcome.