expose ADAL_SSL_NO_VERIFY to skip cert verification (#33)

AzureAD · Jul 27, 2016 · 4b92529 · 4b92529
1 parent 9b98487
commit 4b92529
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -129,3 +129,6 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
 ### Installation
 
 ``` $ pip install adal ```
+
+### http tracing/proxy
+If need to bypass self-signed certificates, turn on the environment variable of `ADAL_PYTHON_SSL_NO_VERIFY`
diff --git a/adal/authentication_context.py b/adal/authentication_context.py
@@ -24,7 +24,7 @@
 # THE SOFTWARE.
 #
 #------------------------------------------------------------------------------
-
+import os
 import threading
 
 from .authority import Authority
@@ -66,7 +66,11 @@ def __init__(self, authority, validate_authority=None, cache=None):
         self.authority = Authority(authority, validate_authority is None or validate_authority)
         self._oauth2client = None
         self.correlation_id = None
-        self._call_context = {'options': GLOBAL_ADAL_OPTIONS}
+        env_value = os.environ.get('ADAL_PYTHON_SSL_NO_VERIFY')
+        self._call_context = {
+            'options': GLOBAL_ADAL_OPTIONS,
+            'verify_ssl': None if env_value is None else not env_value # mainly for tracing through proxy
+            }
         self._token_requests_with_user_code = {}
         self.cache = cache or TokenCache()
         self._lock = threading.RLock()

diff --git a/adal/authority.py b/adal/authority.py
@@ -113,7 +113,8 @@ def _perform_dynamic_instance_discovery(self):
         self._log.debug("Attempting instance discover at: %s", discovery_endpoint.geturl())
 
         try:
-            resp = requests.get(discovery_endpoint.geturl(), headers=get_options['headers'])
+            resp = requests.get(discovery_endpoint.geturl(), headers=get_options['headers'],
+                                verify=self._call_context.get('verify_ssl', None))
             util.log_return_correlation_id(self._log, operation, resp)
         except Exception:
             self._log.info("%s request failed", operation)

diff --git a/adal/mex.py b/adal/mex.py
@@ -78,7 +78,8 @@ def discover(self):
 
         try:
             operation = "Mex Get"
-            resp = requests.get(self._url, headers=options['headers'])
+            resp = requests.get(self._url, headers=options['headers'],
+                                verify=self._call_context.get('verify_ssl', None))
             util.log_return_correlation_id(self._log, operation, resp)
         except Exception:
             self._log.info("%s request failed", operation)

diff --git a/adal/oauth2_client.py b/adal/oauth2_client.py
@@ -256,7 +256,8 @@ def get_token(self, oauth_parameters):
         try:
             resp = requests.post(token_url.geturl(), 
                                  data=url_encoded_token_request, 
-                                 headers=post_options['headers'])
+                                 headers=post_options['headers'],
+                                 verify=self._call_context.get('verify_ssl', None))
 
             util.log_return_correlation_id(self._log, operation, resp)
         except Exception:
@@ -285,7 +286,8 @@ def get_user_code_info(self, oauth_parameters):
         try:
             resp = requests.post(device_code_url.geturl(), 
                                  data=url_encoded_code_request, 
-                                 headers=post_options['headers'])
+                                 headers=post_options['headers'],
+                                 verify=self._call_context.get('verify_ssl', None))
             util.log_return_correlation_id(self._log, operation, resp)
         except Exception:
             self._log.info("%s request failed", operation)
@@ -320,7 +322,8 @@ def get_token_with_polling(self, oauth_parameters, refresh_internal, expires_in)
 
             resp = requests.post(
                 token_url.geturl(), 
-                data=url_encoded_code_request, headers=post_options['headers'])
+                data=url_encoded_code_request, headers=post_options['headers'],
+                verify=self._call_context.get('verify_ssl', None))
 
             util.log_return_correlation_id(self._log, operation, resp)
 

diff --git a/adal/user_realm.py b/adal/user_realm.py
@@ -134,7 +134,8 @@ def discover(self):
                         user_realm_url.geturl())
 
         operation = 'User Realm Discovery'
-        resp = requests.get(user_realm_url.geturl(), headers=options['headers'])
+        resp = requests.get(user_realm_url.geturl(), headers=options['headers'],
+                            verify=self._call_context.get('verify_ssl', None))
         util.log_return_correlation_id(self._log, operation, resp)
 
         if not util.is_http_success(resp.status_code):

diff --git a/adal/wstrust_request.py b/adal/wstrust_request.py
@@ -142,7 +142,8 @@ def acquire_token(self, username, password):
         self._log.debug("Sending RST to: %s", self._wstrust_endpoint_url)
 
         operation = "WS-Trust RST"
-        resp = requests.post(self._wstrust_endpoint_url, headers=options['headers'], data=rst, allow_redirects=True)
+        resp = requests.post(self._wstrust_endpoint_url, headers=options['headers'], data=rst,
+                             allow_redirects=True, verify=self._call_context.get('verify_ssl', None))
 
         util.log_return_correlation_id(self._log, operation, resp)