search

capless / warrant

Python library for using AWS Cognito. With support for SRP.
Apache License 2.0
468 stars 192 forks source link

Do not sign requests with boto client #59

Closed balloob closed 6 years ago

balloob commented 6 years ago

Not all requests to Cognito require requests to be signed in. Examples of these are register, authenticate, forgot password, confirm forgot password.

This PR will make sure that request signing is disabled when no auth is passed in. Without this change, botocore will blow up with a NoCredentialsError exception:

  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/warrant/__init__.py", line 289, in authenticate
    tokens = aws.authenticate_user()
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/warrant/aws_srp.py", line 187, in authenticate_user
    ClientId=self.client_id
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/client.py", line 251, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/client.py", line 526, in _make_api_call
    operation_model, request_dict)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/endpoint.py", line 141, in make_request
    return self._send_request(request_dict, operation_model)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/endpoint.py", line 166, in _send_request
    request = self.create_request(request_dict, operation_model)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/endpoint.py", line 150, in create_request
    operation_name=operation_model.name)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/hooks.py", line 227, in emit
    return self._emit(event_name, kwargs)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/hooks.py", line 210, in _emit
    response = handler(**kwargs)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/signers.py", line 90, in handler
    return self.sign(operation_name, request)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/signers.py", line 147, in sign
    auth.add_auth(request)
  File "/Users/paulus/dev/python/home-assistant/lib/python3.6/site-packages/botocore/auth.py", line 316, in add_auth
    raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials
balloob commented 6 years ago

@bjinwright anything I can do to help this PR get merged?

bjinwright commented 6 years ago

Can you add tests?

bjinwright commented 6 years ago

I get two failing tests. 

======================================================================
ERROR: test_admin_get_user (warrant.tests.tests.CognitoAuthTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/brian/workspace/warrant/warrant/tests/tests.py", line 119, in test_admin_get_user
    u = self.user.admin_get_user()
  File "/home/brian/workspace/warrant/warrant/__init__.py", line 492, in admin_get_user
    Username=self.username)
  File "/home/brian/.virtualenvs/warrant/local/lib/python2.7/site-packages/botocore/client.py", line 251, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/brian/.virtualenvs/warrant/local/lib/python2.7/site-packages/botocore/client.py", line 537, in _make_api_call
    raise ClientError(parsed_response, operation_name)
ClientError: An error occurred (MissingAuthenticationTokenException) when calling the AdminGetUser operation: Missing Authentication Token

and 

======================================================================
ERROR: test_admin_authenticate (warrant.tests.tests.CognitoAuthTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/brian/workspace/warrant/warrant/tests/tests.py", line 167, in test_admin_authenticate
    self.user.admin_authenticate(self.password)
  File "/home/brian/workspace/warrant/warrant/__init__.py", line 370, in admin_authenticate
    AuthParameters=auth_params,
  File "/home/brian/.virtualenvs/warrant/local/lib/python2.7/site-packages/botocore/client.py", line 251, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/brian/.virtualenvs/warrant/local/lib/python2.7/site-packages/botocore/client.py", line 537, in _make_api_call
    raise ClientError(parsed_response, operation_name)
ClientError: An error occurred (MissingAuthenticationTokenException) when calling the AdminInitiateAuth operation: Missing Authentication Token
bjinwright commented 6 years ago

Please create another PR with the tests fixed.

balloob commented 6 years ago

I think that the way those 2 tests worked before is that they rely on the credentials in ~/.aws of the user running the tests because I did not change the if-statement that is responsible for adding the keys.