Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

Python and API keys


#1

I discovered an issue with using the API keys and TestRail’s python module. The issue was that the method base64.encodestring() inserts newline characters in long encodings, thus causing authenticate with the server to fail. To illustrate:

>>> base64.encodestring('asdf' * 30) YXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGZh\nc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFz\nZGZhc2Rm\n'

Notice the two newline characters that have been inserted into the string. If you print the string, the newlines format the encoded string into a nice rectangular block of text. With base64 encoding, white space is ignored, so this is technically legit. And this usually is not a problem when encoding a username and password, since passwords are usually less than 20 or so characters. But when encoding a username and API key which is 40 chars, the length of the encoded string is such that a newline is inserted in the middle. And this newline causing authentication to fail.

The solution is to use base64.b64encode(), which will not insert the newline characters into the encoded string.

So in testrail.py, change the following line from this:

auth = base64.encodestring('%s:%s' % (self.user, self.password)).strip()

to this:

auth = base64.b64encode('%s:%s' % (self.user, self.password)).strip()

The same error applies to the TestRail’s python3 module.


#2

Hello Rusty,

Thanks for your posting and reporting this issue! Yes, another customer faced this issue as well and we updated the Python bindings on GitHub earlier today:

Kind regards,
Tobias