OzanH

In this tutorial I would like to share my cookie aware transport mechanism that I highly use in my programs within XML-RPC protocol. Python's builtin xmlrpclib module does not support cookies so I found some useful resources at some sites and I changed the codes for my needs. This transport mechanism provides cookie support if remote server delivers cookie. To have a working example I also put a cherrypy server example under myxmlrpctransport.py file to show you how it works. I use cookies for authentication mostly. The module is tested with python2.7. For python3 you may need to make some changes. With python 2.7.9, ssl context variable is introduced for xmlrpclib module, so for https connection you need the pass context variable to transport function if you use your ssl certificates generated by you.

myxmlrpctransport.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
"""
The MIT License (MIT)
 
Copyright (c) 2015 Ozan HACIBEKİROĞLU ([email protected])
 
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
 
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
 
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
"""
from __future__ import print_function, absolute_import, unicode_literals
 
__version__ = "0.1"
__author__ = "Ozan HACIBEKİROĞLU"
 
import xmlrpclib
import urlparse
 
class CookieTransportRequest(object):
    """A Transport request that retains cookies.
 
    The regular xmlrpclib transports ignore cookies. Which causes
    a bit of a problem when you need a cookie-based authentication
 
    So this is a helper for defining a Transport which looks for
    cookies being set in responses and saves them to add to all future
    requests.
    """
 
    # Inspiration drawn from
    # http://www.lunch.org.uk/wiki/xmlrpccookies
 
    cookies = {}
 
    def send_cookies(self, connection):
        if self.cookies:
            for cookie in self.cookies:
                connection.putheader("Cookie", "=".join((cookie, self.cookies[cookie])))
 
    def request(self, host, handler, request_body, verbose=0):
 
        # issue XML-RPC request
        h = self.make_connection(host)
        if verbose:
            h.set_debuglevel(1)
        self.verbose = verbose
        try:
            self.send_request(h, handler, request_body)
            self.send_host(h, host)
            self.send_cookies(h)
            self.send_user_agent(h)
            self.send_content(h, request_body)
            try:
                response = h.getresponse(buffering=True)
            except AttributeError:
                response = h._conn.getresponse()
        except xmlrpclib.Fault:
            raise
        except Exception:
            self.close()
            raise
 
        # Add any cookie definitions to our list.
        for header in response.msg.getallmatchingheaders("Set-Cookie"):
            val = header.split(": ", 1)[1]
            cookie = val.split(";", 1)[0]
            cookie_key, cookie_value = cookie.split("=")
            if cookie_key not in self.cookies:
                self.cookies[cookie_key] = cookie_value
 
        if response.status != 200:
            raise xmlrpclib.ProtocolError(host + handler, response.status,
                                          response.reason, response.msg.headers)
 
        payload = response.read()
        if self.verbose:
            print("payload:", repr(payload), "\n")
        parser, unmarshaller = self.getparser()
        parser.feed(payload)
        parser.close()
 
        return unmarshaller.close()
 
 
class CookieTransport(CookieTransportRequest, xmlrpclib.Transport):
 
    def __init__(self, *args, **kwargs):
        xmlrpclib.Transport.__init__(self, *args, **kwargs)
        CookieTransportRequest.__init__(self)
 
 
class CookieSafeTransport(CookieTransportRequest, xmlrpclib.SafeTransport):
 
    def __init__(self, *args, **kwargs):
        xmlrpclib.SafeTransport.__init__(self, *args, **kwargs)
        CookieTransportRequest.__init__(self)
 
 
def transport(uri, *args, **kwargs):
    """Return an appropriate Transport for the URI.
 
    If the URI type is https, return a CookieSafeTransport.
    If the type is http, return a CookieTransport.
    """
    if urlparse.urlparse(uri, "http")[0] == "https":
        return CookieSafeTransport(*args, **kwargs)
    else:
        return CookieTransport(*args, **kwargs)
 
 
if __name__=="__main__":
 
    url = "http://127.0.0.1:8090/"
    server = xmlrpclib.ServerProxy(url, transport(url),
                                   verbose=True,
                                   allow_none=True)
    server.login("demo", "password")
    server.check()
    server.check()
    server.check()
 
    server2 = xmlrpclib.ServerProxy(url, transport(url),
                                    verbose=True,
                                    allow_none=True)
    server2.login("test", "test")
    server2.check()

Here is the example cherrypy XML-RPC server so you can test the module with this.

cherrypy_xmlrpc_example_server.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
from __future__ import print_function
import threading
import uuid
import cherrypy
 
RLOCK = threading.RLock()
AUTH_COOKIES = []
 
 
class Root(object):
    pass
 
 
class Sample(cherrypy._cptools.XMLRPCController):
 
    _cp_config = {'tools.xmlrpc.on': True,
                  'tools.xmlrpc.allow_none': 1,
                  'tools.xmlrpc.encoding': 'utf-8',
                  'tools.gzip.on': True,
                  # 'request.dispatch': cherrypy.dispatch.XMLRPCDispatcher()
                  }
 
    @cherrypy.expose
    def login(self, username, password):
        user_pass = ["demo", "password"]
        auth = False
        if username == user_pass[0] and password == user_pass[1]:
            auth = True
        if auth is False:
            raise Exception("Username or password is incorrect")
 
        cpid = uuid.uuid4().hex
        with RLOCK:
            if cpid in AUTH_COOKIES:
                while True:
                    cpid = uuid.uuid4().hex
                    if cpid not in AUTH_COOKIES:
                        break
            AUTH_COOKIES.append(cpid)
        cookie = cherrypy.response.cookie
        cookie["CPID"] = cpid
        cookie["CPID"]["path"] = "/"
 
        return "success"
 
    @cherrypy.expose
    def check(self):
        print("Auth Cookies", AUTH_COOKIES)
        cookie1 = cherrypy.request.cookie
        if not cookie1.get("CPID"):
            raise Exception("UNAUTHORIZED USER")
        else:
            cpid = cookie1["CPID"].value
            if cpid not in AUTH_COOKIES:
                raise Exception("cpid %s UNAUTHORIZED USER" % (cpid,))
            return "Welcome"
 
if __name__ == "__main__":
    cherrypy.config.update({'server.socket_host': "0.0.0.0",
                            'server.socket_port': 8090,
                            "log.screen": True,
                            })
    root = Sample()
    cherrypy.quickstart(root)