search

pycontribs / jenkinsapi

A Python API for accessing resources and configuring Hudson & Jenkins continuous-integration servers
http://pypi.python.org/pypi/jenkinsapi
MIT License
859 stars 485 forks source link

Connection failed with crumb requester as 403 Client Error: Forbidden #679

Closed adriananeci closed 5 years ago

adriananeci commented 5 years ago
ISSUE TYPE
Jenkinsapi VERSION

0.3.7

Jenkins VERSION

Jenkins ver. 2.150.1

SUMMARY

Looks like in the latest release the connection to a jenkins instance that has CSRF protection enabled is not working anymore. For example by executing:

#!/usr/bin/env python3

from jenkinsapi.jenkins import Jenkins
from jenkinsapi.utils.crumb_requester import CrumbRequester

jenkins = Jenkins(
    'http://localhost:8080', username='test', password='test',
    requester=CrumbRequester(
        baseurl='http://localhost:8080',
        username='test',
        password='test'
    )
)

for job_name in jenkins.jobs:
    print (job_name)
EXPECTED RESULTS

Print all the jobs currently available on the jenkins instance. In the previous version (0.3.6) the above code just worked fine.

ACTUAL RESULTS

Getting 403 forbidden when instantiating a new Jenkins object. The stacktrace is:

ERROR:root:Failed request at http://localhost:8080/api/python with params: {'tree': 'jobs[name,color,url]'} jobs[name,color,url]
Traceback (most recent call last):
  File "./test.py", line 11, in <module>
    password='test'
  File "/usr/local/lib/python3.6/dist-packages/jenkinsapi/jenkins.py", line 63, in __init__
    JenkinsBase.__init__(self, baseurl, poll=not lazy)
  File "/usr/local/lib/python3.6/dist-packages/jenkinsapi/jenkinsbase.py", line 35, in __init__
    self.poll()
  File "/usr/local/lib/python3.6/dist-packages/jenkinsapi/jenkinsbase.py", line 57, in poll
    data = self._poll(tree=tree)
  File "/usr/local/lib/python3.6/dist-packages/jenkinsapi/jenkins.py", line 68, in _poll
    if not tree else tree)
  File "/usr/local/lib/python3.6/dist-packages/jenkinsapi/jenkinsbase.py", line 81, in get_data
    response.raise_for_status()
  File "/usr/lib/python3/dist-packages/requests/models.py", line 935, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://localhost:8080/api/python?tree=jobs%5Bname%2Ccolor%2Curl%5D
USEFUL INFORMATION

Just run the code above using both 0.3.6 and 0.3.7 and compare output.

JonasVerhofste commented 5 years ago

I think the problem is not a change in crumb_requester.py, but one in requester.py itself. 0a10e81f1fb9b5996b53a00cd9683dc05277d5c9 changes the variables "username" and "password in the requester init from a keyworded to a non-keyworded. The how_to for the crumb_requester uses keyworded variables, as it was before 0a10e81f1fb9b5996b53a00cd9683dc05277d5c9.

I think #682 should fix this.

lechat commented 5 years ago

Just released v0.3.8 with that fix.

Many thanks for fixing it!