In this tutorial I would like to share my cookie aware transport mechanism that I highly use in my programs within XML-RPC protocol. Python's builtin xmlrpclib module does not support cookies so I found some useful resources at some sites and I changed the codes for my needs. This transport mechanism provides cookie support if remote server delivers cookie. To have a working example I also put a cherrypy server example under myxmlrpctransport.py file to show you how it works. I use cookies for authentication mostly. The module is tested with python2.7. For python3 you may need to make some changes. With python 2.7.9, ssl context variable is introduced for xmlrpclib module, so for https connection you need the pass context variable to transport function if you use your ssl certificates generated by you.
#!/usr/bin/python # -*- coding: utf-8 -*- """ The MIT License (MIT) Copyright (c) 2015 Ozan HACIBEKİROĞLU ([email protected]) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ from __future__ import print_function, absolute_import, unicode_literals __version__ = "0.1" __author__ = "Ozan HACIBEKİROĞLU" import xmlrpclib import urlparse class CookieTransportRequest(object): """A Transport request that retains cookies. The regular xmlrpclib transports ignore cookies. Which causes a bit of a problem when you need a cookie-based authentication So this is a helper for defining a Transport which looks for cookies being set in responses and saves them to add to all future requests. """ # Inspiration drawn from # http://www.lunch.org.uk/wiki/xmlrpccookies cookies = {} def send_cookies(self, connection): if self.cookies: for cookie in self.cookies: connection.putheader("Cookie", "=".join((cookie, self.cookies[cookie]))) def request(self, host, handler, request_body, verbose=0): # issue XML-RPC request h = self.make_connection(host) if verbose: h.set_debuglevel(1) self.verbose = verbose try: self.send_request(h, handler, request_body) self.send_host(h, host) self.send_cookies(h) self.send_user_agent(h) self.send_content(h, request_body) try: response = h.getresponse(buffering=True) except AttributeError: response = h._conn.getresponse() except xmlrpclib.Fault: raise except Exception: self.close() raise # Add any cookie definitions to our list. for header in response.msg.getallmatchingheaders("Set-Cookie"): val = header.split(": ", 1)[1] cookie = val.split(";", 1)[0] cookie_key, cookie_value = cookie.split("=") if cookie_key not in self.cookies: self.cookies[cookie_key] = cookie_value if response.status != 200: raise xmlrpclib.ProtocolError(host + handler, response.status, response.reason, response.msg.headers) payload = response.read() if self.verbose: print("payload:", repr(payload), "\n") parser, unmarshaller = self.getparser() parser.feed(payload) parser.close() return unmarshaller.close() class CookieTransport(CookieTransportRequest, xmlrpclib.Transport): def __init__(self, *args, **kwargs): xmlrpclib.Transport.__init__(self, *args, **kwargs) CookieTransportRequest.__init__(self) class CookieSafeTransport(CookieTransportRequest, xmlrpclib.SafeTransport): def __init__(self, *args, **kwargs): xmlrpclib.SafeTransport.__init__(self, *args, **kwargs) CookieTransportRequest.__init__(self) def transport(uri, *args, **kwargs): """Return an appropriate Transport for the URI. If the URI type is https, return a CookieSafeTransport. If the type is http, return a CookieTransport. """ if urlparse.urlparse(uri, "http")[0] == "https": return CookieSafeTransport(*args, **kwargs) else: return CookieTransport(*args, **kwargs) if __name__=="__main__": url = "http://127.0.0.1:8090/" server = xmlrpclib.ServerProxy(url, transport(url), verbose=True, allow_none=True) server.login("demo", "password") server.check() server.check() server.check() server2 = xmlrpclib.ServerProxy(url, transport(url), verbose=True, allow_none=True) server2.login("test", "test") server2.check()
Here is the example cherrypy XML-RPC server so you can test the module with this.
#!/usr/bin/python # -*- coding: utf-8 -*- from __future__ import print_function import threading import uuid import cherrypy RLOCK = threading.RLock() AUTH_COOKIES = [] class Root(object): pass class Sample(cherrypy._cptools.XMLRPCController): _cp_config = {'tools.xmlrpc.on': True, 'tools.xmlrpc.allow_none': 1, 'tools.xmlrpc.encoding': 'utf-8', 'tools.gzip.on': True, # 'request.dispatch': cherrypy.dispatch.XMLRPCDispatcher() } @cherrypy.expose def login(self, username, password): user_pass = ["demo", "password"] auth = False if username == user_pass[0] and password == user_pass[1]: auth = True if auth is False: raise Exception("Username or password is incorrect") cpid = uuid.uuid4().hex with RLOCK: if cpid in AUTH_COOKIES: while True: cpid = uuid.uuid4().hex if cpid not in AUTH_COOKIES: break AUTH_COOKIES.append(cpid) cookie = cherrypy.response.cookie cookie["CPID"] = cpid cookie["CPID"]["path"] = "/" return "success" @cherrypy.expose def check(self): print("Auth Cookies", AUTH_COOKIES) cookie1 = cherrypy.request.cookie if not cookie1.get("CPID"): raise Exception("UNAUTHORIZED USER") else: cpid = cookie1["CPID"].value if cpid not in AUTH_COOKIES: raise Exception("cpid %s UNAUTHORIZED USER" % (cpid,)) return "Welcome" if __name__ == "__main__": cherrypy.config.update({'server.socket_host': "0.0.0.0", 'server.socket_port': 8090, "log.screen": True, }) root = Sample() cherrypy.quickstart(root)
Discussion