session: Use Authorization header for RH bugzilla

crobinso · crobinso · commit ddfbc168f647 · 2021-10-05T16:46:12.000-04:00
See https://bugzilla.redhat.com/show_bug.cgi?id=1833585 bugzilla.redhat.com has added support for non-standard 'Authorization: Bearer $APIKEY' header for authenticating. Other auth methods may eventually be removed. So let's start using this for bugzilla.redhat.com One caveat is that we need to stop sending token/apikey values as query parameters when this header is used Signed-off-by: Cole Robinson <crobinso@redhat.com>
diff --git a/bugzilla/_session.py b/bugzilla/_session.py
@@ -18,14 +18,16 @@ class _BugzillaSession(object):
     Class to handle the backend agnostic 'requests' setup
     """
     def __init__(self, url, user_agent,
-            sslverify, cert,
-            tokencache, api_key, requests_session=None):
+            sslverify, cert, tokencache, api_key,
+            is_redhat_bugzilla,
+            requests_session=None):
         self._url = url
         self._user_agent = user_agent
         self._scheme = urllib.parse.urlparse(url)[0]
         self._tokencache = tokencache
         self._api_key = api_key
         self._is_xmlrpc = False
+        self._use_auth_bearer = False
 
         if self._scheme not in ["http", "https"]:
             raise Exception("Invalid URL scheme: %s (%s)" % (
@@ -41,6 +43,11 @@ def __init__(self, url, user_agent,
             self._session.verify = False
         self._session.headers["User-Agent"] = self._user_agent
 
+        if is_redhat_bugzilla and self._api_key:
+            self._use_auth_bearer = True
+            self._session.headers["Authorization"] = (
+                "Bearer %s" % self._api_key)
+
     def _get_timeout(self):
         # Default to 5 minutes. This is longer than bugzilla.redhat.com's
         # apparent 3 minute timeout so shouldn't affect legitimate usage,
@@ -63,6 +70,11 @@ def set_token_value(self, value):
         self._tokencache.set_value(self._url, value)
 
     def get_auth_params(self):
+        # bugzilla.redhat.com will error if there's auth bits in params
+        # when Authorization header is used
+        if self._use_auth_bearer:
+            return {}
+
         # Don't add a token to the params list if an API key is set.
         # Keeping API key solo means bugzilla will definitely fail
         # if the key expires. Passing in a token could hide that
diff --git a/bugzilla/base.py b/bugzilla/base.py
@@ -504,11 +504,15 @@ def connect(self, url=None):
         # we've changed URLs - reload config
         self.readconfig(overwrite=False)
 
+        # Detect if connecting to redhat bugzilla
+        self._init_class_from_url()
+
         self._session = _BugzillaSession(self.url, self.user_agent,
                 sslverify=self._sslverify,
                 cert=self.cert,
                 tokencache=self._tokencache,
                 api_key=self.api_key,
+                is_redhat_bugzilla=self._is_redhat_bugzilla,
                 requests_session=self._user_requests_session)
         self._backend = backendclass(self.url, self._session)
 
@@ -522,7 +526,6 @@ def connect(self, url=None):
         version = self._backend.bugzilla_version()["version"]
         log.debug("Bugzilla version string: %s", version)
         self._set_bz_version(version)
-        self._init_class_from_url()
 
 
     @property
