api: Allow disabling TLS verification via env vars.
This commit is contained in:
Yago González
Tim Abbott
parent
285464a367
commit
d85792524e
|
|
@ -271,6 +271,20 @@ def get_default_config_filename():
|
||||||
" mv ~/.humbugrc ~/.zuliprc\n")
|
" mv ~/.humbugrc ~/.zuliprc\n")
|
||||||
return config_file
|
return config_file
|
||||||
|
|
||||||
|
def validate_boolean_field(field):
|
||||||
|
# type: (Optional[Text]) -> Union[bool, None]
|
||||||
|
if not isinstance(field, str):
|
||||||
|
return None
|
||||||
|
|
||||||
|
field = field.lower()
|
||||||
|
|
||||||
|
if field == "true":
|
||||||
|
return True
|
||||||
|
elif field == "false":
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
class ZulipError(Exception):
|
class ZulipError(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
@ -308,7 +322,19 @@ class Client(object):
|
||||||
client_cert_key = os.environ.get("ZULIP_CERT_KEY")
|
client_cert_key = os.environ.get("ZULIP_CERT_KEY")
|
||||||
if cert_bundle is None:
|
if cert_bundle is None:
|
||||||
cert_bundle = os.environ.get("ZULIP_CERT_BUNDLE")
|
cert_bundle = os.environ.get("ZULIP_CERT_BUNDLE")
|
||||||
|
if insecure is None:
|
||||||
|
# Be quite strict about what is accepted so that users don't
|
||||||
|
# disable security unintentionally.
|
||||||
|
insecure_setting = os.environ.get('ZULIP_ALLOW_INSECURE')
|
||||||
|
|
||||||
|
if insecure_setting is not None:
|
||||||
|
insecure = validate_boolean_field(insecure_setting)
|
||||||
|
|
||||||
|
if insecure is None:
|
||||||
|
raise ZulipError("The ZULIP_ALLOW_INSECURE environment "
|
||||||
|
"variable is set to '{}', it must be "
|
||||||
|
"'true' or 'false'"
|
||||||
|
.format(insecure_setting))
|
||||||
if config_file is None:
|
if config_file is None:
|
||||||
config_file = get_default_config_filename()
|
config_file = get_default_config_filename()
|
||||||
|
|
||||||
|
|
@ -331,14 +357,15 @@ class Client(object):
|
||||||
if insecure is None and config.has_option("api", "insecure"):
|
if insecure is None and config.has_option("api", "insecure"):
|
||||||
# Be quite strict about what is accepted so that users don't
|
# Be quite strict about what is accepted so that users don't
|
||||||
# disable security unintentionally.
|
# disable security unintentionally.
|
||||||
insecure_setting = config.get("api", "insecure").lower()
|
insecure_setting = config.get('api', 'insecure')
|
||||||
if insecure_setting == "true":
|
|
||||||
insecure = True
|
insecure = validate_boolean_field(insecure_setting)
|
||||||
elif insecure_setting == "false":
|
|
||||||
insecure = False
|
if insecure is None:
|
||||||
else:
|
raise ZulipError("insecure is set to '{}', it must be "
|
||||||
raise ZulipError("insecure is set to '%s', it must be 'true' or 'false' if it is used in %s"
|
"'true' or 'false' if it is used in {}"
|
||||||
% (insecure_setting, config_file))
|
.format(insecure_setting, config_file))
|
||||||
|
|
||||||
elif None in (api_key, email):
|
elif None in (api_key, email):
|
||||||
raise ConfigNotFoundError("api_key or email not specified and file %s does not exist"
|
raise ConfigNotFoundError("api_key or email not specified and file %s does not exist"
|
||||||
% (config_file,))
|
% (config_file,))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue