Skip to content

Commit 4b0ee2e

Browse files
deathiopdeathiop
committed
feat: handle allowedIPs parameters in CK building
Signed-off-by: Adrien Barreau <[email protected]>
1 parent 1bffec6 commit 4b0ee2e

File tree

4 files changed

+19
-10
lines changed

4 files changed

+19
-10
lines changed

ovh/client.py

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -228,14 +228,15 @@ def new_consumer_key_request(self):
228228
""" # noqa:E501
229229
return ConsumerKeyRequest(self)
230230

231-
def request_consumerkey(self, access_rules, redirect_url=None):
231+
def request_consumerkey(self, access_rules, redirect_url=None, allowedIPs=None):
232232
"""
233233
Create a new "consumer key" identifying this application's end user. API
234234
will return a ``consumerKey`` and a ``validationUrl``. The end user must
235235
visit the ``validationUrl``, authenticate and validate the requested
236236
``access_rules`` to link his account to the ``consumerKey``. Once this
237237
is done, he may optionally be redirected to ``redirect_url`` and the
238-
application can start using the ``consumerKey``.
238+
application can start using the ``consumerKey``. If adding an ``allowedIPs``
239+
parameter, the generated credentials will only be usable from these IPs.
239240
240241
The new ``consumerKey`` is automatically loaded into
241242
``self._consumer_key`` and is ready to used as soon as validated.
@@ -270,7 +271,7 @@ def request_consumerkey(self, access_rules, redirect_url=None):
270271
]
271272
272273
# Request token
273-
validation = client.request_consumerkey(access_rules)
274+
validation = client.request_consumerkey(access_rules, redirect_url="https://optional-redirect-url.example.org", allowedIPs=["127.0.0.1/32"])
274275
275276
print("Please visit", validation['validationUrl'], "to authenticate")
276277
input("and press Enter to continue...")
@@ -280,12 +281,19 @@ def request_consumerkey(self, access_rules, redirect_url=None):
280281
281282
282283
:param list access_rules: Mapping specifying requested privileges.
283-
:param str redirect_url: Where to redirect end user upon validation.
284+
:param str redirect_url: Where to redirect end user upon validation (optional).
285+
:param list allowedIPs: CIDRs that will be allowed to use these credentials (optional).
284286
:raises APIError: When ``self.call`` fails.
285287
:returns: dict with ``consumerKey`` and ``validationUrl`` keys
286288
:rtype: dict
287-
"""
288-
res = self.post("/auth/credential", _need_auth=False, accessRules=access_rules, redirection=redirect_url)
289+
""" # noqa:E501
290+
res = self.post(
291+
"/auth/credential",
292+
_need_auth=False,
293+
accessRules=access_rules,
294+
redirection=redirect_url,
295+
allowedIPs=allowedIPs,
296+
)
289297
self._consumer_key = res["consumerKey"]
290298
return res
291299

ovh/consumer_key.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ def __init__(self, client):
6161
self._client = client
6262
self._access_rules = []
6363

64-
def request(self, redirect_url=None):
64+
def request(self, redirect_url=None, allowedIPs=None):
6565
"""
6666
Create the consumer key with the configures autorizations. The user will
6767
need to validate it before it can be used with the API
@@ -73,7 +73,7 @@ def request(self, redirect_url=None):
7373
'validationUrl': 'https://eu.api.ovh.com/auth/?credentialToken=now2OOAVO4Wp6t7bemyN9DMWIobhGjFNZSHmixtVJM4S7mzjkN2L5VBfG96Iy1i0'
7474
}
7575
""" # noqa: E501
76-
return self._client.request_consumerkey(self._access_rules, redirect_url)
76+
return self._client.request_consumerkey(self._access_rules, redirect_url, allowedIPs)
7777

7878
def add_rule(self, method, path):
7979
"""

tests/test_client.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,14 +77,15 @@ def test_time_delta(self, m_call, m_time):
7777
@mock.patch.object(Client, "call", return_value={"consumerKey": "CK"})
7878
def test_request_consumerkey(self, m_call):
7979
api = Client("ovh-eu")
80-
ret = api.request_consumerkey([{"method": "GET", "path": "/"}], "https://example.com")
80+
ret = api.request_consumerkey([{"method": "GET", "path": "/"}], "https://example.com", ["127.0.0.1/32"])
8181

8282
m_call.assert_called_once_with(
8383
"POST",
8484
"/auth/credential",
8585
{
8686
"redirection": "https://example.com",
8787
"accessRules": [{"method": "GET", "path": "/"}],
88+
"allowedIPs": ["127.0.0.1/32"],
8889
},
8990
False,
9091
)

tests/test_consumer_key.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,4 +86,4 @@ def test_add_rules(self):
8686
ck._access_rules = []
8787
ck.add_recursive_rules(ovh.API_READ_WRITE, "/")
8888
assert ck.request() is m_client.request_consumerkey.return_value
89-
m_client.request_consumerkey.assert_called_once_with(ck._access_rules, None)
89+
m_client.request_consumerkey.assert_called_once_with(ck._access_rules, None, None)

0 commit comments

Comments
 (0)