search

gdcc / pyDataverse

Python module for Dataverse Software (dataverse.org).
http://pydataverse.readthedocs.io/
MIT License
63 stars 41 forks source link

It is not possible to use the API ignoring the SSL certificate of the dataverse server #150

Open sergejzr opened 1 year ago

sergejzr commented 1 year ago

Issue

Dear pyDataverse community, at the moment it is not possible to use the API when the server is running with the self-signed certificate. While I found a workaround as listed below, it would be useful to switch the check off with a parameter of the client.

The solution is adopted from https://stackoverflow.com/questions/15445981/how-do-i-disable-the-security-certificate-check-in-python-requests:

first we create an environment within that checks are disabled:

import warnings
import contextlib

import requests
from urllib3.exceptions import InsecureRequestWarning

old_merge_environment_settings = requests.Session.merge_environment_settings

@contextlib.contextmanager
def no_ssl_verification():
    opened_adapters = set()

    def merge_environment_settings(self, url, proxies, stream, verify, cert):
        # Verification happens only once per connection so we need to close
        # all the opened adapters once we're done. Otherwise, the effects of
        # verify=False persist beyond the end of this context manager.
        opened_adapters.add(self.get_adapter(url))

        settings = old_merge_environment_settings(self, url, proxies, stream, verify, cert)
        settings['verify'] = False

        return settings

    requests.Session.merge_environment_settings = merge_environment_settings

    try:
        with warnings.catch_warnings():
            warnings.simplefilter('ignore', InsecureRequestWarning)
            yield
    finally:
        requests.Session.merge_environment_settings = old_merge_environment_settings

        for adapter in opened_adapters:
            try:
                adapter.close()
            except:
                pass

Instantiate a client normally with:

from pyDataverse.api import NativeApi
api = NativeApi("https://fmydataverseserver.de", "9465673b-e56756-4ad7-5675672-4645d567567ee")

Now we can use it as follows:

with no_ssl_verification():
    resp = api.get_info_version()
    print(resp.json())
    print(resp.status_code)
skasberger commented 1 year ago

Update: I left AUSSDA, so my funding for pyDataverse development has stopped.

I want to get some basic funding to implement the most urgent updates (PRs, Bug fixes, maintenance work). If you can support this, please reach out to me. (www.stefankasberger.at). If you have feature requests, the same.

Another option would be, that someone else helps with the development and / or maintenance. For this, also get in touch with me (or comment here).