Merge pull request #43 from securenative/dev

Dev

Author: inbaltako

README.md

@@ -111,7 +111,6 @@ You can also create request context from requests:
 
 ```python
 from securenative.securenative import SecureNative
-from securenative.context.securenative_context import SecureNativeContext
 from securenative.models.event_options import EventOptions
 from securenative.enums.event_types import EventTypes
 from securenative.models.user_traits import UserTraits
@@ -120,7 +119,7 @@ from securenative.models.user_traits import UserTraits
 def track(request):
     securenative = SecureNative.get_instance()
 
-    context = SecureNativeContext.from_http_request(request)
+    context = securenative.from_http_request(request)
     event_options = EventOptions(event=EventTypes.LOG_IN,
                                 user_id="1234",
                                 user_traits=UserTraits("Your Name", "[email protected]", "+1234567890"),
@@ -137,15 +136,14 @@ def track(request):
 ```python
 from securenative.securenative import SecureNative
 from securenative.models.event_options import EventOptions
-from securenative.context.securenative_context import SecureNativeContext
 from securenative.enums.event_types import EventTypes
 from securenative.models.user_traits import UserTraits
 
 
 def verify(request):
     securenative = SecureNative.get_instance()
 
-    context = SecureNativeContext.from_http_request(request)
+    context = securenative.from_http_request(request)
     event_options = EventOptions(event=EventTypes.LOG_IN,
                                 user_id="1234",
                                 user_traits=UserTraits("Your Name", "[email protected]", "+1234567890"),
@@ -173,3 +171,26 @@ def webhook_endpoint(request):
     is_verified = securenative.verify_request_payload(request)
  ```
 
+## Extract proxy headers from Cloudflare
+
+You can specify custom header keys to allow extraction of client ip from different providers.
+This example demonstrates the usage of proxy headers for ip extraction from Cloudflare.
+
+### Option 1: Using config file
+```ini
+SECURENATIVE_API_KEY: dsbe27fh3437r2yd326fg3fdg36f43
+SECURENATIVE_PROXY_HEADERS: ["CF-Connecting-IP"]
+```
+
+Initialize sdk as shown above.
+
+### Options 2: Using ConfigurationBuilder
+
+```python
+from securenative.securenative import SecureNative
+from securenative.config.securenative_options import SecureNativeOptions
+
+
+options = SecureNativeOptions(api_key="YOUR_API_KEY", max_events=10, log_level="ERROR", proxy_headers=['CF-Connecting-IP'])
+securenative = SecureNative.init_with_options(options)
+```

VERSION

@@ -1 +1 @@
-0.3.1
+0.3.2

securenative/api_manager.py

@@ -23,10 +23,10 @@ def verify(self, event_options):
         Logger.debug("Verify event call")
         event = SDKEvent(event_options, self.options)
         try:
-            res = json.loads(self.event_manager.send_sync(event, ApiRoute.VERIFY.value, False).text)
+            res = json.loads(self.event_manager.send_sync(event, ApiRoute.VERIFY.value).text)
             return VerifyResult(res["riskLevel"], res["score"], res["triggers"])
         except Exception as e:
             Logger.debug("Failed to call verify; {}".format(e))
             if self.options.fail_over_strategy is FailOverStrategy.FAIL_OPEN.value:
-                return VerifyResult(RiskLevel.LOW.value, 0, None)
-            return VerifyResult(RiskLevel.HIGH.value, 1, None)
+                return VerifyResult(RiskLevel.LOW.value, 0, [])
+            return VerifyResult(RiskLevel.HIGH.value, 1, [])

securenative/config/configuration_manager.py

@@ -2,7 +2,7 @@
 from configparser import ConfigParser
 
 from securenative.config.securenative_options import SecureNativeOptions
-from securenative.exceptions.securenative_config_exception import SecureNativeConfigException
+from securenative.logger import Logger
 
 
 class ConfigurationManager(object):
@@ -15,7 +15,7 @@ def read_resource_file(cls, resource_path):
         try:
             cls.config.read(resource_path)
         except Exception as e:
-            raise SecureNativeConfigException("Invalid config file; %s", e)
+            Logger.debug("Invalid config file; {}, using default options".format(e))
 
         properties = {}
         for key, value in cls.config.defaults().items():
@@ -63,4 +63,6 @@ def load_config(cls, resource_path):
                                                                      options.log_level),
                                    fail_over_strategy=cls._get_env_or_default(properties,
                                                                               "SECURENATIVE_FAILOVER_STRATEGY",
-                                                                              options.fail_over_strategy))
+                                                                              options.fail_over_strategy),
+                                   proxy_headers=cls._get_env_or_default(properties, "SECURENATIVE_PROXY_HEADERS",
+                                                                         options.proxy_headers))

securenative/config/securenative_options.py

@@ -5,8 +5,10 @@ class SecureNativeOptions(object):
 
     def __init__(self, api_key=None, api_url="https://api.securenative.com/collector/api/v1", interval=1000,
                  max_events=1000, timeout=1500, auto_send=True, disable=False, log_level="CRITICAL",
-                 fail_over_strategy=FailOverStrategy.FAIL_OPEN.value):
+                 fail_over_strategy=FailOverStrategy.FAIL_OPEN.value, proxy_headers=None):
 
+        if proxy_headers is None:
+            proxy_headers = []
         if fail_over_strategy != FailOverStrategy.FAIL_OPEN.value and \
                 fail_over_strategy != FailOverStrategy.FAIL_CLOSED.value:
             self.fail_over_strategy = FailOverStrategy.FAIL_OPEN.value
@@ -21,3 +23,4 @@ def __init__(self, api_key=None, api_url="https://api.securenative.com/collector
         self.auto_send = auto_send
         self.disable = disable
         self.log_level = log_level
+        self.proxy_headers = proxy_headers

securenative/context/securenative_context.py

@@ -14,7 +14,7 @@ def __init__(self, client_token=None, ip=None, remote_ip=None, headers=None, url
         self.body = body
 
     @staticmethod
-    def from_http_request(request):
+    def from_http_request(request, options):
         try:
             client_token = request.cookies[RequestUtils.SECURENATIVE_COOKIE]
         except Exception:
@@ -28,6 +28,6 @@ def from_http_request(request):
         if Utils.is_null_or_empty(client_token):
             client_token = RequestUtils.get_secure_header_from_request(headers)
 
-        return SecureNativeContext(client_token, RequestUtils.get_client_ip_from_request(request),
+        return SecureNativeContext(client_token, RequestUtils.get_client_ip_from_request(request, options),
                                    RequestUtils.get_remote_ip_from_request(request), headers, request.url,
                                    request.method, None)

securenative/event_manager.py

@@ -54,7 +54,7 @@ def flush(self):
         for item in self.queue:
             self.http_client.post(item.url, item.body)
 
-    def send_sync(self, event, resource_path, retry):
+    def send_sync(self, event, resource_path):
         if self.options.disable:
             Logger.warning("SDK is disabled. no operation will be performed")
             return
@@ -64,17 +64,9 @@ def send_sync(self, event, resource_path, retry):
             resource_path,
             json.dumps(EventManager.serialize(event))
         )
-        if res.status_code != 200:
-            Logger.info("SecureNative failed to call endpoint {} with event {}. adding back to queue".format(
-                resource_path, event))
-            item = QueueItem(
-                resource_path,
-                json.dumps(EventManager.serialize(event)),
-                retry
-            )
-            self.queue.append(item)
-            if self._is_queue_full():
-                self.queue = self.queue[:len(self.queue - 1)]
+        if res is None or res.status_code != 200:
+            Logger.info("SecureNative failed to call endpoint {} with event {}.".format(resource_path, event))
+
         return res
 
     def _is_queue_full(self):

securenative/http/securenative_http_client.py

@@ -1,4 +1,5 @@
 import requests
+from requests import Timeout
 
 from securenative.utils.version_utils import VersionUtils
 
@@ -24,4 +25,8 @@ def _headers(self):
 
     def post(self, path, body):
         url = "{}/{}".format(self.options.api_url, path)
-        return requests.post(url=url, data=body, headers=self._headers())
+        try:
+            res = requests.post(url=url, data=body, headers=self._headers(), timeout=self.options.timeout / 1000)
+            return res
+        except Timeout:
+            return None

securenative/securenative.py

@@ -1,6 +1,7 @@
 from securenative.api_manager import ApiManager
 from securenative.config.configuration_manager import ConfigurationManager
 from securenative.config.securenative_options import SecureNativeOptions
+from securenative.context.securenative_context import SecureNativeContext
 from securenative.event_manager import EventManager
 from securenative.exceptions.securenative_config_exception import SecureNativeConfigException
 from securenative.exceptions.securenative_sdk_Illegal_state_exception import SecureNativeSDKIllegalStateException
@@ -75,6 +76,9 @@ def verify(self, event_options):
     def _flush(cls):
         cls._securenative = None
 
+    def from_http_request(self, request):
+        return SecureNativeContext.from_http_request(request, self._options)
+
     def verify_request_payload(self, request):
         request_signature = request.header[SignatureUtils.SignatureHeader]
         body = request.body

securenative/utils/request_utils.py

@@ -10,16 +10,34 @@ def get_secure_header_from_request(headers):
             return ""
 
     @staticmethod
-    def get_client_ip_from_request(request):
+    def get_client_ip_from_request(request, options):
+        if options and len(options.proxy_headers) > 0:
+            for header in options.proxy_headers:
+                try:
+                    if request.environ.get(header) is not None:
+                        return request.environ.get(header)
+                    if request.headers[header] is not None:
+                        return request.headers[header]
+                except Exception:
+                    try:
+                        if request.headers[header] is not None:
+                            return request.headers[header]
+                    except Exception:
+                        continue
+
         try:
             x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
             if x_forwarded_for:
                 ip = x_forwarded_for.split(',')[-1].strip()
             else:
                 ip = request.META.get('REMOTE_ADDR')
+
+            if ip is None or ip == "":
+                ip = request.environ.get('HTTP_X_FORWARDED_FOR', request.environ.get('REMOTE_ADDR', ""))
+
             return ip
         except Exception:
-            return request.environ.get('HTTP_X_FORWARDED_FOR', request.environ.get('REMOTE_ADDR', ""))
+            return ""
 
     @staticmethod
     def get_remote_ip_from_request(request):