Replacing urllib2 with python-requests. Correcting a UniPay bug. Cleanup of the interface initialization. Removed the old SSL cert validation code, as python-requests now does that for us.

Greg Taylor · Greg Taylor · commit e6256e71abf3 · 2012-05-18T16:57:03.000-04:00
diff --git a/CHANGES b/CHANGES
@@ -3,12 +3,18 @@ Changes introduced with each version.
 1.2.0
 -----
 
+* Replacing urllib2 with python-requests. Greatly simplifies things, and
+  improves SSL certificate validation.
+* SSL certificate validation is now enabled by default. The old behvaior of
+  being able to specify a private cert to validate against still remains.
 * Tests are now ran via nose. The old test runner is no more. See the README
   in the ``tests`` directory for details.
 * Added the ``bm_create_button`` method, which maps to BMCreateButton.
+* UniPay should be working again.
 
 1.1.0
 -----
+
 This version addresses compatibility with the newer versions of the PayPal API
 by backing off on pre-query validation. PayPal's API error messages are
 the safest bet, as bad as they can be at times.
@@ -29,15 +35,18 @@ changes are prefixed with 'BIC'.
 
 1.0.3
 -----
+
 * Python 2.5 compatibility. (Manik)
 
 1.0.2
 -----
+
 * Documentation updates. (gtaylor)
 * We now distribute with a copy of the Apache License. (gtaylor)
 
 1.0.1
 -----
+
 * Misc. more specific imports to avoid import errors. (grigouze)
 * Fixes to country test suite. (grigouze)
 * Added a countries module that has all of the countries PayPal supports. (gtaylor)
diff --git a/paypal/__init__.py b/paypal/__init__.py
@@ -1,7 +1,14 @@
 # coding=utf-8
+#noinspection PyUnresolvedReferences
 from paypal.interface import PayPalInterface
+#noinspection PyUnresolvedReferences
 from paypal.settings import PayPalConfig
+#noinspection PyUnresolvedReferences
 from paypal.exceptions import PayPalError, PayPalConfigError, PayPalAPIResponseError
+#noinspection PyUnresolvedReferences
 import paypal.countries
+import logging
+
+logging.basicConfig()
 
 VERSION = '1.2.0'
diff --git a/paypal/https_connection.py b/paypal/https_connection.py
diff --git a/paypal/interface.py b/paypal/interface.py
@@ -6,16 +6,15 @@
 """
 
 import types
-import socket
 import urllib
-import urllib2
 import logging
 from pprint import pformat
 
+import requests
+
 from paypal.settings import PayPalConfig
 from paypal.response import PayPalResponse
 from paypal.exceptions import PayPalError, PayPalAPIResponseError
-from paypal.https_connection import CertValidatingHTTPSHandler
 
 logger = logging.getLogger('paypal.interface')
    
@@ -73,21 +72,18 @@ def _call(self, method, **kwargs):
     
         ``kwargs`` will be a hash of
         """
-        # Beware, this is a global setting.
-        socket.setdefaulttimeout(self.config.HTTP_TIMEOUT)
-
         # This dict holds the key/value pairs to pass to the PayPal API.
         url_values = {
             'METHOD': method,
             'VERSION': self.config.API_VERSION,
         }
     
-        if(self.config.API_AUTHENTICATION_MODE == "3TOKEN"):
+        if self.config.API_AUTHENTICATION_MODE == "3TOKEN":
             url_values['USER'] = self.config.API_USERNAME
             url_values['PWD'] = self.config.API_PASSWORD
             url_values['SIGNATURE'] = self.config.API_SIGNATURE
-        elif(self.config.API_AUTHENTICATION_MODE == "UNIPAY"):
-            url_values['SUBJECT'] = self.config.SUBJECT
+        elif self.config.API_AUTHENTICATION_MODE == "UNIPAY":
+            url_values['SUBJECT'] = self.config.UNIPAY_SUBJECT
 
         # All values passed to PayPal API must be uppercase.
         for key, value in kwargs.iteritems():
@@ -97,24 +93,15 @@ def _call(self, method, **kwargs):
         if logger.isEnabledFor(logging.DEBUG):
             logger.debug('PayPal NVP Query Key/Vals:\n%s' % pformat(url_values))
 
-        url = self._encode_utf8(**url_values)
-        data = urllib.urlencode(url).encode('utf-8')
-        req = urllib2.Request(self.config.API_ENDPOINT, data)
-
-        # If certificate provided build an opener that will validate PayPal server cert
-        if self.config.API_CA_CERTS:
-            handler = CertValidatingHTTPSHandler(ca_certs=self.config.API_CA_CERTS)
-            opener = urllib2.build_opener(handler)
-            if logger.isEnabledFor(logging.DEBUG):
-                logger.debug('Validating PayPal server with certificate:\n%s\n' % self.config.API_CA_CERTS)
-        else:
-            opener = urllib2.build_opener()
-            if logger.isEnabledFor(logging.DEBUG):
-                logger.debug('Skipping PayPal server certificate validation')
+        req = requests.get(
+            self.config.API_ENDPOINT,
+            params=url_values,
+            timeout=self.config.HTTP_TIMEOUT,
+            verify=self.config.API_CA_CERTS,
+        )
 
         # Call paypal API
-        response = PayPalResponse(opener.open(req).read().decode('utf-8'),
-                                  self.config)
+        response = PayPalResponse(req.text, self.config)
 
         logger.debug('PayPal NVP API Endpoint: %s'% self.config.API_ENDPOINT)
     
diff --git a/paypal/settings.py b/paypal/settings.py
@@ -8,7 +8,7 @@
 import os
 from pprint import pformat
 
-from paypal.exceptions import PayPalConfigError, PayPalError
+from paypal.exceptions import PayPalConfigError
 
 logger = logging.getLogger('paypal.settings')
 
@@ -21,8 +21,8 @@ class PayPalConfig(object):
     """
     # Used to validate correct values for certain config directives.
     _valid_= {
-        'API_ENVIRONMENT' : ['sandbox','production'],
-        'API_AUTHENTICATION_MODE' : ['3TOKEN','CERTIFICATE'],
+        'API_ENVIRONMENT' : ['sandbox', 'production'],
+        'API_AUTHENTICATION_MODE' : ['3TOKEN', 'CERTIFICATE'],
     }
 
     # Various API servers.
@@ -56,9 +56,11 @@ class PayPalConfig(object):
     API_ENDPOINT = None
     PAYPAL_URL_BASE = None
 
-    # API Endpoint CA certificate chain
-    # (filename with path e.g. '/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority.pem')
-    API_CA_CERTS = None
+    # API Endpoint CA certificate chain. If this is True, do a simple SSL
+    # certificate check on the endpoint. If it's a full path, verify against
+    # a private cert.
+    # e.g. '/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority.pem'
+    API_CA_CERTS = True
     
     # UNIPAY credentials
     UNIPAY_SUBJECT = None
@@ -67,7 +69,7 @@ class PayPalConfig(object):
     ACK_SUCCESS_WITH_WARNING = "SUCCESSWITHWARNING"
 
     # In seconds. Depending on your setup, this may need to be higher.
-    HTTP_TIMEOUT = 15
+    HTTP_TIMEOUT = 15.0
 
     def __init__(self, **kwargs):
         """
@@ -79,30 +81,38 @@ def __init__(self, **kwargs):
         are applied for certain directives in the absence of
         user-provided values.
         """
-        if 'API_ENVIRONMENT' not in kwargs:
-            kwargs['API_ENVIRONMENT']= self.API_ENVIRONMENT
-        # Make sure the environment is one of the acceptable values.
-        if kwargs['API_ENVIRONMENT'] not in self._valid_['API_ENVIRONMENT']:
-            raise PayPalConfigError('Invalid API_ENVIRONMENT')
-        self.API_ENVIRONMENT = kwargs['API_ENVIRONMENT']
-
-        if 'API_AUTHENTICATION_MODE' not in kwargs:
-            kwargs['API_AUTHENTICATION_MODE']= self.API_AUTHENTICATION_MODE
-        # Make sure the auth mode is one of the known/implemented methods.
-        if kwargs['API_AUTHENTICATION_MODE'] not in self._valid_['API_AUTHENTICATION_MODE']:
-            raise PayPalConfigError("Not a supported auth mode. Use one of: %s" % \
-                           ", ".join(self._valid_['API_AUTHENTICATION_MODE']))
+        if kwargs.get('API_ENVIRONMENT'):
+            api_environment = kwargs['API_ENVIRONMENT'].upper()
+            # Make sure the environment is one of the acceptable values.
+            if api_environment not in self._valid_['API_ENVIRONMENT']:
+                raise PayPalConfigError('Invalid API_ENVIRONMENT')
+            else:
+                self.API_ENVIRONMENT = api_environment
+
+        if kwargs.get('API_AUTHENTICATION_MODE'):
+            auth_mode = kwargs['API_AUTHENTICATION_MODE'].upper()
+            # Make sure the auth mode is one of the known/implemented methods.
+            if auth_mode not in self._valid_['API_AUTHENTICATION_MODE']:
+                choices = ", ".join(self._valid_['API_AUTHENTICATION_MODE'])
+                raise PayPalConfigError(
+                    "Not a supported auth mode. Use one of: %s" % choices
+                )
+            else:
+                self.API_AUTHENTICATION_MODE = auth_mode
         
         # Set the API endpoints, which is a cheesy way of saying API servers.
         self.API_ENDPOINT= self._API_ENDPOINTS[self.API_AUTHENTICATION_MODE][self.API_ENVIRONMENT]
         self.PAYPAL_URL_BASE= self._PAYPAL_URL_BASE[self.API_ENVIRONMENT]        
         
-        # Set the CA_CERTS location
-        if 'API_CA_CERTS' not in kwargs:
-            kwargs['API_CA_CERTS']= self.API_CA_CERTS
-        if kwargs['API_CA_CERTS'] and not os.path.exists(kwargs['API_CA_CERTS']):
-            raise PayPalConfigError('Invalid API_CA_CERTS')
-        self.API_CA_CERTS = kwargs['API_CA_CERTS']
+        # Set the CA_CERTS location. This can either be a None, a bool, or a
+        # string path.
+        if kwargs.get('API_CA_CERTS'):
+            self.API_CA_CERTS = kwargs['API_CA_CERTS']
+
+            if isinstance(self.API_CA_CERTS, basestring) and \
+               not os.path.exists(self.API_CA_CERTS):
+                # A CA Cert path was specified, but it's invalid.
+                raise PayPalConfigError('Invalid API_CA_CERTS')
 
         # set the 3TOKEN required fields
         if self.API_AUTHENTICATION_MODE == '3TOKEN':
@@ -115,5 +125,6 @@ def __init__(self, **kwargs):
             if arg in kwargs:
                 setattr(self, arg, kwargs[arg])
 
-        logger.debug('PayPalConfig object instantiated with kwargs: %s' %
-            pformat(kwargs))
+        logger.debug(
+            'PayPalConfig object instantiated with kwargs: %s' % pformat(kwargs)
+        )
diff --git a/requirements.txt b/requirements.txt
@@ -1 +1,2 @@
-nose
+nose
+requests
