1

When I view the raw request in SOAPUI i get = wsse:Security soapenv:mustUnderstand="1" in the <soapenv:Header> section. When doing it with zeep and python i do not see this in the request sent to the server - and i'm getting securuty issues in the application logs

from zeep import Client
from zeep.transports import Transport
from zeep import xsd
from zeep.wsse.username import UsernameToken
from zeep.wsse.utils import get_security_header
from requests import Session

request_data = {
        'idNumber': 'someID',
        'encryptedPin': 'encPin0101='
}
header_value = {
    "wsse":{
        "mustUnderstand":'1'
    }
}
wsdl = 'http://someURL/AuthenticationWS?WSDL'
# session = Session()
# session.verify = True
# transport = Transport(session=session,
#                       operation_timeout=10)
cl = Client(wsdl=wsdl,
            wsse=UsernameToken('username', 'password', use_digest=True))

def send_request(client, data):
    return client.service.authenticateCustomer(data)

node = cl.create_message(cl.service, 'authenticateCustomer',
                         idNumber='someID',
                         encryptedPin='encPin=')

from lxml import etree

print('###########')
print(etree.tostring(node))
print('###########')
print(send_request(cl, request_data))

The first print out works, i see the information i need except the mustunderstand=1 The second print bugs out - i get 'fault occurred' and the app log gives security related errors making me think this is the mustunderstand thing and i've tried different things

I've tried to do this with soapheader as explained in these locations without success:

How do I add attributes to header authentication in Zeep?

Adding session\transport stuff didnt popup that header i required. I'm busy looking thru

https://pydoc.net/zeep/2.5.0/zeep.wsse.signature/

in order to understand the `get_security_header` thing but i'm not winning with this :( other resources ive looked at:

https://stackoverflow.com/questions/62924433/zeep-with-complex-header

https://docs.python-zeep.org/en/master/headers.html

https://stackoverflow.com/questions/44330748/how-to-comply-with-policy-defined-in-wsdl

imp
  • 435
  • 6
  • 20

2 Answers2

0

I used https://github.com/suds-community/suds instead which has simple methods to add these security tokens:

security = Security()
token = UsernameToken('username', 'password')
token.setnonce()
token.setcreated()
token.setnonceencoding(True)
token.setpassworddigest('digest')
security.tokens.append(token)
client = Client('http://someURL/AuthenticationWS?WSDL')
client.set_options(wsse=security)
client.service.logCustomerInNoAuth('id_number', id_number))

So much easier

imp
  • 435
  • 6
  • 20
  • suds is *very* slow, not maintained (use suds-py3 instead) and most of all it is very lengthy to create/customise the layout of the message (zeep allows you to pass it a nested dict) – Pynchia Jan 28 '21 at 08:45
  • @Pynchia - suds-community was last updated this past Jan, but thank you - i was looking for python3 alternative too – imp Feb 04 '21 at 15:19
0

Busy right now, but here is a snippet:

class UsernameToken2(UsernameToken):

    def apply(self, envelope, headers):
        from zeep.wsse import utils
        from lxml.etree import QName
        envelope, headers = super().apply(envelope, headers)
        security = utils.get_security_header(envelope)
        security.set(QName('http://schemas.xmlsoap.org/soap/envelope/', 'mustUnderstand'), '1')
        return envelope, headers
Jose E. Carrillo
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 16 '21 at 22:08
  • Thanks. Albeit i agree with the community bot, it is a little simpler to implement than my code and i wish i could test it. On the other hand, i do not recommend zeep. suds-py3 as per @Pyncia comment is faster than zeep (at least in that environment it was) – imp Nov 22 '21 at 06:46