Zeep: Struggling to add mustunderstand=1 to WSE header

发布于 2020-10-26 10:22:45

When I view the raw request in SOAPUI i get = wsse:Security soapenv:mustUnderstand="1" in the <soapenv:Header> section. When doing it with zeep and python i do not see this in the request sent to the server - and i'm getting securuty issues in the application logs

from zeep import Client
from zeep.transports import Transport
from zeep import xsd
from zeep.wsse.username import UsernameToken
from zeep.wsse.utils import get_security_header
from requests import Session

request_data = {
        'idNumber': 'someID',
        'encryptedPin': 'encPin0101='
}
header_value = {
    "wsse":{
        "mustUnderstand":'1'
    }
}
wsdl = 'http://someURL/AuthenticationWS?WSDL'
# session = Session()
# session.verify = True
# transport = Transport(session=session,
#                       operation_timeout=10)
cl = Client(wsdl=wsdl,
            wsse=UsernameToken('username', 'password', use_digest=True))

def send_request(client, data):
    return client.service.authenticateCustomer(data)

node = cl.create_message(cl.service, 'authenticateCustomer',
                         idNumber='someID',
                         encryptedPin='encPin=')

from lxml import etree

print('###########')
print(etree.tostring(node))
print('###########')
print(send_request(cl, request_data))

The first print out works, i see the information i need except the mustunderstand=1 The second print bugs out - i get 'fault occurred' and the app log gives security related errors making me think this is the mustunderstand thing and i've tried different things

I've tried to do this with soapheader as explained in these locations without success:

How do I add attributes to header authentication in Zeep?

Adding session\transport stuff didnt popup that header i required. I'm busy looking thru

https://pydoc.net/zeep/2.5.0/zeep.wsse.signature/

in order to understand the `get_security_header` thing but i'm not winning with this :( other resources ive looked at:

https://stackoverflow.com/questions/62924433/zeep-with-complex-header

https://docs.python-zeep.org/en/master/headers.html

https://stackoverflow.com/questions/44330748/how-to-comply-with-policy-defined-in-wsdl

Questioner

MistaWizard

Viewed

Original

security = Security() token = UsernameToken('username', 'password') token.setnonce() token.setcreated() token.setnonceencoding(True) token.setpassworddigest('digest') security.tokens.append(token) client = Client('http://someURL/AuthenticationWS?WSDL') client.set_options(wsse=security) client.service.logCustomerInNoAuth('id_number', id_number))

Pynchia 2021-01-28 08:45:48

suds is very slow, not maintained (use suds-py3 instead) and most of all it is very lengthy to create/customise the layout of the message (zeep allows you to pass it a nested dict)

MistaWizard 2021-02-04 15:19:27

@Pynchia - suds-community was last updated this past Jan, but thank you - i was looking for python3 alternative too

Zeep: Struggling to add mustunderstand=1 to WSE header

热门帖子

热门github