NotificationsYou must be signed in to change notification settings
Fork673
Star2.4k

fix oauth token access#174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Closed

deanrock wants to merge1 commit intopython-gitlab:oauthfromdeanrock:oauth

Closed

fix oauth token access#174

deanrock wants to merge1 commit intopython-gitlab:oauthfromdeanrock:oauth

Conversation

Copy link

deanrock commentedOct 26, 2016

authorization header doesn't have a colon in it's value, requests' auth parameter overrides custom authorization header

(and there was a PEP8 error for line 441)

deanrock mentioned this pull request

Oct 26, 2016

Access token support#163

Closed

deanrock force-pushed theoauth branch fromd1cdfd4 toc886c5dCompare

October 26, 2016 23:51

Fix OAuth2 authentication support

3164a0b

deanrock force-pushed theoauth branch fromc886c5d to3164a0bCompare

October 26, 2016 23:53

Copy link

dzervas commentedOct 27, 2016

I think that this will have problems with HTTP requests apart from GET (have you tested PUT/PUSH/DELETE?) 'cause the authorization header is overwritten by basic auth.

I fixed all these just yesterday (I wish I could see your request earlier...). Have a look#176

Copy link

Author

deanrock commentedOct 27, 2016

@dzervas yes, you are correct, I didn't test with other requests :/

can you please fix example:3164a0b#diff-8a23d682236897c1a2f5bafede722cb3L28 ?

Copy link

I think that the example should not be fixed, as the private key is not static (and you should give that "feel" in the documentation). It's not doing the whole auth thing (you have to talk with the server to gain the key).

Copy link

Contributor

gpocentek commentedOct 28, 2016

@deanrock @dzervas thank you for your patches and comments, really appreciated. I should be able to review and test the changes next week.

gpocentek suggested changes

Nov 5, 2016

View reviewed changes

Copy link

Contributor

gpocentek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Please see my suggestion inline, I think there's a nicer way to handle both oauth and basic HTTP auth.

Thanks!

gitlab/__init__.py

		auth = requests.auth.HTTPBasicAuth(
		self.http_username,
		self.http_password)

Copy link

Contributor

gpocentekNov 5, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

There is one thing bothering me here: with oauth token we explicitly define headers, with basic HTTP auth we don't and use a python-requests feature instead. I'd prefer to have the same method for both authentication methods.

Updating the_create_headers method might be the easiest way to achieve consistency. This would also avoid code duplication in the_raw_* methods.

What do you think about this?