From 513b1bb23b530b9d341ba6b9f68c05a9a36254a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rnar=20Snoksrud?= Date: Tue, 8 Jul 2025 10:39:23 +0200 Subject: [PATCH 1/2] api_ref: use bearer token instead of basic auth --- novem/api_ref.py | 4 ++-- tests/test_cli_config.py | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/novem/api_ref.py b/novem/api_ref.py index 0ccd88b..b7be098 100644 --- a/novem/api_ref.py +++ b/novem/api_ref.py @@ -85,14 +85,14 @@ def __init__(self, **kwargs: Any) -> None: if config.get("token", None): assert config["token"] self.token = config["token"] - self._session.auth = ("", self.token) + self._session.headers["Authorization"] = f"Bearer {self.token}" if env_token is not None and not did_token_warning: did_token_warning = True print("WARN: Both NOVEM_TOKEN and config file token are set. Using config file token.", file=sys.stderr) elif env_token is not None: self.token = env_token - self._session.auth = ("", self.token) + self._session.headers["Authorization"] = f"Bearer {self.token}" elif not config_status: print( diff --git a/tests/test_cli_config.py b/tests/test_cli_config.py index cb7136f..82f4453 100644 --- a/tests/test_cli_config.py +++ b/tests/test_cli_config.py @@ -1,4 +1,3 @@ -import base64 import configparser import json import re @@ -413,7 +412,8 @@ def test_can_override_profile_for_plot(requests_mock, fs, cli): def mk_response(r, context): nonlocal request - request = (r.hostname, r.path, base64.decodebytes(r.headers["Authorization"].partition(" ")[2].encode())) + token = r.headers.get("Authorization", "")[len("Bearer ") :] + request = (r.hostname, r.path, token) return "[]" matcher = re.compile(r"https://(\d+)/u/(.+)/p/") @@ -424,10 +424,10 @@ def mk_response(r, context): f.write(conf) cli("--conf", "conf", "-p") - assert request == ("1", "/u/user1/p/", b":token1") + assert request == ("1", "/u/user1/p/", "token1") cli("--conf", "conf", "--profile", "user1", "-p") - assert request == ("1", "/u/user1/p/", b":token1") + assert request == ("1", "/u/user1/p/", "token1") cli("--conf", "conf", "--profile", "user2", "-p") - assert request == ("2", "/u/user2/p/", b":token2") + assert request == ("2", "/u/user2/p/", "token2") From cc790d55be4584fb32af898a5922d0c4c40639c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rnar=20Snoksrud?= Date: Tue, 8 Jul 2025 10:40:42 +0200 Subject: [PATCH 2/2] api_ref: dont use the session for create_token --- novem/api_ref.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/novem/api_ref.py b/novem/api_ref.py index b7be098..51877b3 100644 --- a/novem/api_ref.py +++ b/novem/api_ref.py @@ -118,10 +118,9 @@ def _parse_kwargs(self, **kwargs: Any) -> None: self._api_root = kwargs["api_root"] def create_token(self, params: Dict[str, str]) -> Dict[str, str]: - - r = self._session.post( + r = requests.post( f"{self._api_root}token", - auth=None, + headers={"User-Agent": self._session.headers["User-Agent"]}, json=params, ) @@ -130,9 +129,7 @@ def create_token(self, params: Dict[str, str]) -> Dict[str, str]: if r.status_code == 401: raise Novem401(resp["message"]) - res = r.json() - - return res + return r.json() def delete(self, path: str) -> bool: