Allow requests.post(verify=) to be controlled

Jc2k · Jc2k · commit 42dceeb1fe1c · 2018-01-15T08:41:21.000Z
diff --git a/README.md b/README.md
@@ -116,6 +116,7 @@ The backend to connect to is controlled by these settings:
  * `TINYAUTH_ENDPOINT`: The `https://` endpoint to access to authorize a HTTP request.
  * `TINYAUTH_ACCESS_KEY_ID`: Access key for a tinyauth user with permission to authorize requests for this service.
  * `TINYAUTH_SECRET_ACCESS_KEY`: Secret key for this user
+ * `TINYAUTH_ENDPOINT_VERIFY`: Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use. Defaults to True.
 
 Each permission check is for a permission and an `arn` that globally identifies an instance of a resource. An arn is constructed in the following form:
 
diff --git a/flask_tinyauth/api.py b/flask_tinyauth/api.py
@@ -42,6 +42,7 @@ def call(api, request):
                 'Content-Type': 'application/json',
             },
             json=request,
+            verify=current_app.config.get('TINYAUTH_VERIFY', True),
         )
     except requests.exceptions.ConnectionError as e:
         logger.critical('Unable to connect to authentication backend', exc_info=e)

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@ def call(api, request):`
`42`	`42`	`'Content-Type': 'application/json',`
`43`	`43`	`},`
`44`	`44`	`json=request,`
	`45`	`+ verify=current_app.config.get('TINYAUTH_VERIFY', True),`
`45`	`46`	`)`
`46`	`47`	`except requests.exceptions.ConnectionError as e:`
`47`	`48`	`logger.critical('Unable to connect to authentication backend', exc_info=e)`