No verification bypass option in session buildup
PoesRaven opened this issue · comments
Great work! Please consider:
Change
import request.Session
to
import request
def __init__(self, url, username, password, verify=True, session=None):
"""Create a client for the given ePO server.
:param url: Location of ePO server.
:param username: Username to authenticate.
:param password: Password to authenticate.
:param session: Custom instance of :class:`requests.Session`,
useful for configuring server verification.
"""
self.url = url
self.username = username
self.password = password
if session is None:
session = requests.Session()
self._session = session
self._token = None
self._verify = verify
if not verify:
requests.packages.urllib3.disable_warnings()
and
if any(kwargs.get(key) for key in ("data", "json", "files")):
# Use post method if there is post data.
r = self._session.post(url, verify=self._verify, **kwargs)
else:
r = self._session.get(url, verify=self._verify, **kwargs)
This allows the client to bypass certification verification in development situations
I don't think this needs to change. session
is already an argument due to the need to control verify
(either enable, configure, or disable it). And I don't think a library should automatically disable warnings in another library, that's something a user should be doing deliberately.
Understood - its not clear in the session documentation, but appears as though "verify" is an argument to the get/post methods, not the class definition/init. If so, verify cannot be set in the session object and passed to the Client() init
verify
is an attribute of Session
https://docs.python-requests.org/en/latest/api/#requests.Session.verify
verify
is an attribute ofSession
https://docs.python-requests.org/en/latest/api/#requests.Session.verify
#Schooled - thanks!