7
\$\begingroup\$

I am trying to implement a custom ApiClient in Python, using requests. The way it does authentication is by:

  1. login(username, password) -> get back a token if valid, http error code if not

  2. set the token in {'Authorization': token} header and use that header for all endpoints which need authentication

Can you check if the code looks OK, and if not what kind of changes would you recommend?

#!/usr/bin/env python
import requests
import json
import os
import sys
def read_file_contents(path):
 if os.path.exists(path):
 with open(path) as infile:
 return infile.read().strip()
class ApiClient():
 token = None
 api_url = 'http://10.0.1.194:1234'
 session = requests.Session()
 def __init__(self):
 self.token = self.load_token()
 if self.token:
 self.session.headers.update({'Authorization': self.token})
 else:
 # if no token, do login
 if not self.token:
 try:
 self.login()
 except requests.HTTPError:
 sys.exit('Username-password invalid')
 def load_token(self):
 return read_file_contents('token')
 def save_token(self, str):
 with open('token', 'w') as outfile:
 outfile.write(str)
 def login(self):
 email = '[email protected]'
 password = 'passwd'
 headers = {'content-type': 'application/json'}
 payload = {
 'email': email,
 'password': password
 }
 r = requests.post(self.api_url + '/auth',
 data=json.dumps(payload),
 headers=headers)
 # raise exception if cannot login
 r.raise_for_status()
 # save token and update session
 self.token = r.json()['session']['token']
 self.save_token(self.token)
 self.session.headers.update({'Authorization': self.token})
 def test_auth(self):
 r = self.session.get(self.api_url + '/auth/is-authenticated')
 return r.ok
if __name__ == '__main__':
 api = ApiClient()
 print api.test_auth()
Reinderien
70.9k5 gold badges76 silver badges256 bronze badges
asked Apr 8, 2014 at 16:20
\$\endgroup\$
1
  • \$\begingroup\$ the email-password will obviously not be hard coded \$\endgroup\$ Commented Apr 8, 2014 at 16:39

1 Answer 1

3
\$\begingroup\$

I don't have time to do a thorough review, but here are some comments based on a casual reading.

  • In read_file_contents, the function returns None if the file doesn’t exist. I’d suggest modifying this to print or return an explicit message to that effect, to make debugging easier later. For example, something like:

    def read_file_contents(path):
 try:
 with open(path) as infile:
 return infile.read().strip()
 except FileNotFoundError:
 print "Couldn't find the token file!"
 return None

    will make your life easier later.

    Also, is this meant to be open(path, 'r')?

  • New-style classes should inherit from object: that is, use

    class ApiClient(object):

    instead of 

    class ApiClient():

  • Don't copy and paste the API URL throughout your code. Make it a variable, and then pass api_url as an input to ApiClient(). That way, you can reuse this code for other APIs, or make changes to the URL in a single place. (If, for example, the API changes.)

  • Don't hard code username, email and password in the login function. It makes it harder to change them later, and it's a security risk. Consider using something like the keyring module for storing sensitive information. (Should the token be stored securely as well?)

  • The __init__ function uses the token, and also retrieves it from the file. This can cause problems if you later get the token from somewhere else. (For example, if you used keyring.) Instead, consider passing token as an argument to __init__, and having the code to obtain the token somewhere else. Something like:

    def __init__(self, api_url, token=None):
 self.api_url = api_url
 self.token = token
 if self.token is not None:
 # if you get a token
 else:
 # if you don't

    and then later:

    if __name__ == '__main__':
 api_token = read_file_contents('token')
 api_url = 'http://10.0.1.194:1234'
 api = ApiClient(api_token, api_url)
 print api.test_auth()
answered Apr 8, 2014 at 16:43
\$\endgroup\$
3
  • 1
    \$\begingroup\$ Even better than returning None if the file is unreadable, just let the exception propagate, and catch it in __init__(). \$\endgroup\$ Commented Apr 8, 2014 at 16:49
  • 1
    \$\begingroup\$ open() mode is 'r' by default. \$\endgroup\$ Commented Apr 8, 2014 at 16:50
  • 1
    \$\begingroup\$ @200_success While that is true, it could be argued that this qualifies as "explicit is better than implicit". \$\endgroup\$ Commented Apr 8, 2014 at 21:51

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.