Zeep:努力将 mustunderstand=1 添加到 WSE header
Zeep: Struggling to add mustunderstand=1 to WSE header
当我在 SOAPUI 中查看原始请求时,我在 <soapenv:Header> 部分中得到 = wsse:Security soapenv:mustUnderstand="1"。使用 zeep 和 python 时,我在发送到服务器的请求中看不到这一点 - 我在应用程序日志中遇到安全问题
from zeep import Client
from zeep.transports import Transport
from zeep import xsd
from zeep.wsse.username import UsernameToken
from zeep.wsse.utils import get_security_header
from requests import Session
request_data = {
'idNumber': 'someID',
'encryptedPin': 'encPin0101='
}
header_value = {
"wsse":{
"mustUnderstand":'1'
}
}
wsdl = 'http://someURL/AuthenticationWS?WSDL'
# session = Session()
# session.verify = True
# transport = Transport(session=session,
# operation_timeout=10)
cl = Client(wsdl=wsdl,
wsse=UsernameToken('username', 'password', use_digest=True))
def send_request(client, data):
return client.service.authenticateCustomer(data)
node = cl.create_message(cl.service, 'authenticateCustomer',
idNumber='someID',
encryptedPin='encPin=')
from lxml import etree
print('###########')
print(etree.tostring(node))
print('###########')
print(send_request(cl, request_data))
第一次打印成功,我看到了我需要的信息except mustunderstand=1
第二个打印错误 - 我得到 'fault occurred' 并且应用程序日志给出了与安全相关的错误让我认为这是必须理解的事情并且我尝试了不同的事情
我已尝试使用 soapheader 执行此操作,但未成功:
How do I add attributes to header authentication in Zeep?
添加 session\transport 东西没有弹出 header 我需要的东西。我正忙着浏览
https://pydoc.net/zeep/2.5.0/zeep.wsse.signature/
以了解“get_security_header”,但是我没有因此而获胜 :( 我看过的其他资源:
https://docs.python-zeep.org/en/master/headers.html
我改用了 https://github.com/suds-community/suds,它具有添加这些安全令牌的简单方法:
security = Security()
token = UsernameToken('username', 'password')
token.setnonce()
token.setcreated()
token.setnonceencoding(True)
token.setpassworddigest('digest')
security.tokens.append(token)
client = Client('http://someURL/AuthenticationWS?WSDL')
client.set_options(wsse=security)
client.service.logCustomerInNoAuth('id_number', id_number))
轻松多了
现在很忙,但这里有一个片段:
class UsernameToken2(UsernameToken):
def apply(self, envelope, headers):
from zeep.wsse import utils
from lxml.etree import QName
envelope, headers = super().apply(envelope, headers)
security = utils.get_security_header(envelope)
security.set(QName('http://schemas.xmlsoap.org/soap/envelope/', 'mustUnderstand'), '1')
return envelope, headers
当我在 SOAPUI 中查看原始请求时,我在 <soapenv:Header> 部分中得到 = wsse:Security soapenv:mustUnderstand="1"。使用 zeep 和 python 时,我在发送到服务器的请求中看不到这一点 - 我在应用程序日志中遇到安全问题
from zeep import Client
from zeep.transports import Transport
from zeep import xsd
from zeep.wsse.username import UsernameToken
from zeep.wsse.utils import get_security_header
from requests import Session
request_data = {
'idNumber': 'someID',
'encryptedPin': 'encPin0101='
}
header_value = {
"wsse":{
"mustUnderstand":'1'
}
}
wsdl = 'http://someURL/AuthenticationWS?WSDL'
# session = Session()
# session.verify = True
# transport = Transport(session=session,
# operation_timeout=10)
cl = Client(wsdl=wsdl,
wsse=UsernameToken('username', 'password', use_digest=True))
def send_request(client, data):
return client.service.authenticateCustomer(data)
node = cl.create_message(cl.service, 'authenticateCustomer',
idNumber='someID',
encryptedPin='encPin=')
from lxml import etree
print('###########')
print(etree.tostring(node))
print('###########')
print(send_request(cl, request_data))
第一次打印成功,我看到了我需要的信息except mustunderstand=1 第二个打印错误 - 我得到 'fault occurred' 并且应用程序日志给出了与安全相关的错误让我认为这是必须理解的事情并且我尝试了不同的事情
我已尝试使用 soapheader 执行此操作,但未成功:
How do I add attributes to header authentication in Zeep?
添加 session\transport 东西没有弹出 header 我需要的东西。我正忙着浏览
https://pydoc.net/zeep/2.5.0/zeep.wsse.signature/
以了解“get_security_header”,但是我没有因此而获胜 :( 我看过的其他资源:
https://docs.python-zeep.org/en/master/headers.html
我改用了 https://github.com/suds-community/suds,它具有添加这些安全令牌的简单方法:
security = Security()
token = UsernameToken('username', 'password')
token.setnonce()
token.setcreated()
token.setnonceencoding(True)
token.setpassworddigest('digest')
security.tokens.append(token)
client = Client('http://someURL/AuthenticationWS?WSDL')
client.set_options(wsse=security)
client.service.logCustomerInNoAuth('id_number', id_number))
轻松多了
现在很忙,但这里有一个片段:
class UsernameToken2(UsernameToken):
def apply(self, envelope, headers):
from zeep.wsse import utils
from lxml.etree import QName
envelope, headers = super().apply(envelope, headers)
security = utils.get_security_header(envelope)
security.set(QName('http://schemas.xmlsoap.org/soap/envelope/', 'mustUnderstand'), '1')
return envelope, headers