From d85792524e9c2552cf75a091a5a40cbd57fb03fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yago=20Gonz=C3=A1lez?= <yagogonzalezg@gmail.com>
Date: Sun, 13 May 2018 01:49:52 +0200
Subject: [PATCH] api: Allow disabling TLS verification via env vars.

---
 zulip/zulip/__init__.py | 43 +++++++++++++++++++++++++++++++++--------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/zulip/zulip/__init__.py b/zulip/zulip/__init__.py
index ddafda8..805a1b5 100644
--- a/zulip/zulip/__init__.py
+++ b/zulip/zulip/__init__.py
@@ -271,6 +271,20 @@ def get_default_config_filename():
                          "  mv ~/.humbugrc ~/.zuliprc\n")
     return config_file
 
+def validate_boolean_field(field):
+    # type: (Optional[Text]) -> Union[bool, None]
+    if not isinstance(field, str):
+        return None
+
+    field = field.lower()
+
+    if field == "true":
+        return True
+    elif field == "false":
+        return False
+    else:
+        return None
+
 class ZulipError(Exception):
     pass
 
@@ -308,7 +322,19 @@ class Client(object):
             client_cert_key = os.environ.get("ZULIP_CERT_KEY")
         if cert_bundle is None:
             cert_bundle = os.environ.get("ZULIP_CERT_BUNDLE")
+        if insecure is None:
+            # Be quite strict about what is accepted so that users don't
+            # disable security unintentionally.
+            insecure_setting = os.environ.get('ZULIP_ALLOW_INSECURE')
 
+            if insecure_setting is not None:
+                insecure = validate_boolean_field(insecure_setting)
+
+                if insecure is None:
+                    raise ZulipError("The ZULIP_ALLOW_INSECURE environment "
+                                     "variable is set to '{}', it must be "
+                                     "'true' or 'false'"
+                                     .format(insecure_setting))
         if config_file is None:
             config_file = get_default_config_filename()
 
@@ -331,14 +357,15 @@ class Client(object):
             if insecure is None and config.has_option("api", "insecure"):
                 # Be quite strict about what is accepted so that users don't
                 # disable security unintentionally.
-                insecure_setting = config.get("api", "insecure").lower()
-                if insecure_setting == "true":
-                    insecure = True
-                elif insecure_setting == "false":
-                    insecure = False
-                else:
-                    raise ZulipError("insecure is set to '%s', it must be 'true' or 'false' if it is used in %s"
-                                     % (insecure_setting, config_file))
+                insecure_setting = config.get('api', 'insecure')
+
+                insecure = validate_boolean_field(insecure_setting)
+
+                if insecure is None:
+                    raise ZulipError("insecure is set to '{}', it must be "
+                                     "'true' or 'false' if it is used in {}"
+                                     .format(insecure_setting, config_file))
+
         elif None in (api_key, email):
             raise ConfigNotFoundError("api_key or email not specified and file %s does not exist"
                                       % (config_file,))