Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-PyFxA for openSUSE:Factory checked in at 2026-05-26 16:34:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-PyFxA (Old) and /work/SRC/openSUSE:Factory/.python-PyFxA.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyFxA" Tue May 26 16:34:16 2026 rev:16 rq:1355107 version:0.8.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-PyFxA/python-PyFxA.changes 2025-11-18 15:43:22.848404295 +0100 +++ /work/SRC/openSUSE:Factory/.python-PyFxA.new.2084/python-PyFxA.changes 2026-05-26 16:34:27.217043614 +0200 @@ -1,0 +2,9 @@ +Mon May 25 20:11:30 UTC 2026 - Dirk Müller <[email protected]> + +- update to 0.8.2: + * Add CI WAF bypass header injection via ``CI_WAF_TOKEN`` env + var + * Skip live integration tests by default (opt-in via + ``FXA_RUN_LIVE_TESTS=1``) + +------------------------------------------------------------------- Old: ---- pyfxa-0.8.1.tar.gz New: ---- pyfxa-0.8.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-PyFxA.spec ++++++ --- /var/tmp/diff_new_pack.UJE4wG/_old 2026-05-26 16:34:28.101080189 +0200 +++ /var/tmp/diff_new_pack.UJE4wG/_new 2026-05-26 16:34:28.105080354 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-PyFxA # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2017-2018 The openSUSE Project. # # All modifications and additions to the file contributed by third parties @@ -16,6 +16,7 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %if 0%{?suse_version} > 1500 %bcond_without libalternatives %else @@ -23,7 +24,7 @@ %endif %{?sle15_python_module_pythons} Name: python-PyFxA -Version: 0.8.1 +Version: 0.8.2 Release: 0 Summary: Firefox Accounts client library for Python License: MPL-2.0 @@ -53,7 +54,7 @@ BuildRequires: alts %else Requires(post): update-alternatives -Requires(postun):update-alternatives +Requires(postun): update-alternatives %endif BuildArch: noarch %python_subpackages @@ -91,6 +92,7 @@ %pre %python_libalternatives_reset_alternative fxa-client %else + %post %python_install_alternative fxa-client @@ -99,6 +101,7 @@ %endif %files %{python_files} +%license LICENSE.txt %doc CHANGES.txt README.rst %python_alternative %{_bindir}/fxa-client %{python_sitelib}/fxa ++++++ pyfxa-0.8.1.tar.gz -> pyfxa-0.8.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pyfxa-0.8.1/CHANGES.txt new/pyfxa-0.8.2/CHANGES.txt --- old/pyfxa-0.8.1/CHANGES.txt 2020-02-02 01:00:00.000000000 +0100 +++ new/pyfxa-0.8.2/CHANGES.txt 2020-02-02 01:00:00.000000000 +0100 @@ -3,6 +3,12 @@ This document describes changes between each past release. +0.8.2 (2026-05-14) +================== + +- Add CI WAF bypass header injection via ``CI_WAF_TOKEN`` env var +- Skip live integration tests by default (opt-in via ``FXA_RUN_LIVE_TESTS=1``) + 0.8.1 (2025-05-01) ================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pyfxa-0.8.1/PKG-INFO new/pyfxa-0.8.2/PKG-INFO --- old/pyfxa-0.8.1/PKG-INFO 2020-02-02 01:00:00.000000000 +0100 +++ new/pyfxa-0.8.2/PKG-INFO 2020-02-02 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.4 Name: pyfxa -Version: 0.8.1 +Version: 0.8.2 Summary: Firefox Accounts client library for Python Project-URL: Homepage, https://github.com/mozilla/PyFxA Author-email: Mozilla Services <[email protected]> @@ -114,6 +114,19 @@ client.destroy_account(acct.email, "MySecretPassword") +CI WAF bypass +============= + +When running CI tests against a Mozilla Accounts environment protected by +WAF, requests may be subject to challenge rules. +To bypass them, set the ``CI_WAF_TOKEN`` environment variable:: + + export CI_WAF_TOKEN=<token> + +When this variable is set, PyFxA automatically includes the ``fxa-ci: <token>`` +header on every outgoing request. When it is absent, no such header is sent. + + Passing tokens to other applications =================================================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pyfxa-0.8.1/README.rst new/pyfxa-0.8.2/README.rst --- old/pyfxa-0.8.1/README.rst 2020-02-02 01:00:00.000000000 +0100 +++ new/pyfxa-0.8.2/README.rst 2020-02-02 01:00:00.000000000 +0100 @@ -89,6 +89,19 @@ client.destroy_account(acct.email, "MySecretPassword") +CI WAF bypass +============= + +When running CI tests against a Mozilla Accounts environment protected by +WAF, requests may be subject to challenge rules. +To bypass them, set the ``CI_WAF_TOKEN`` environment variable:: + + export CI_WAF_TOKEN=<token> + +When this variable is set, PyFxA automatically includes the ``fxa-ci: <token>`` +header on every outgoing request. When it is absent, no such header is sent. + + Passing tokens to other applications =================================================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pyfxa-0.8.1/fxa/__init__.py new/pyfxa-0.8.2/fxa/__init__.py --- old/pyfxa-0.8.1/fxa/__init__.py 2020-02-02 01:00:00.000000000 +0100 +++ new/pyfxa-0.8.2/fxa/__init__.py 2020-02-02 01:00:00.000000000 +0100 @@ -7,7 +7,7 @@ """ -__version__ = "0.8.1" +__version__ = "0.8.2" __ver_tuple__ = tuple(__version__.split(".")) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pyfxa-0.8.1/fxa/_utils.py new/pyfxa-0.8.2/fxa/_utils.py --- old/pyfxa-0.8.1/fxa/_utils.py 2020-02-02 01:00:00.000000000 +0100 +++ new/pyfxa-0.8.2/fxa/_utils.py 2020-02-02 01:00:00.000000000 +0100 @@ -147,6 +147,7 @@ * backoff protocol support * sensible request timeouts * timestamp skew tracking with automatic retry on clockskew error + * CI WAF bypass header injection """ @@ -160,6 +161,9 @@ allowed_methods={"DELETE", "GET", "POST", "PUT"}, ) session.mount(server_url, HTTPAdapter(max_retries=retries)) + waf_token = os.environ.get("CI_WAF_TOKEN") + if waf_token: + session.headers["fxa-ci"] = waf_token # Properties that can be customized to change behaviour. self.server_url = server_url self.timeout = 30 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pyfxa-0.8.1/fxa/tests/test_core.py new/pyfxa-0.8.2/fxa/tests/test_core.py --- old/pyfxa-0.8.1/fxa/tests/test_core.py 2020-02-02 01:00:00.000000000 +0100 +++ new/pyfxa-0.8.2/fxa/tests/test_core.py 2020-02-02 01:00:00.000000000 +0100 @@ -1,16 +1,19 @@ # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this file, # You can obtain one at http://mozilla.org/MPL/2.0/. +import os import time from urllib.parse import urlparse import pyotp import pytest +import requests from parameterized import parameterized_class import fxa.errors from fxa.core import Client, StretchedPassword +from fxa._utils import APIClient from fxa.tests.utils import ( unittest, @@ -35,6 +38,8 @@ server_url = TEST_SERVER_URL def setUp(self): + if not os.environ.get("FXA_RUN_LIVE_TESTS"): + self.skipTest("Set FXA_RUN_LIVE_TESTS=1 to run live tests against the stage server") self.client_v1 = Client(self.server_url) self.client_v2 = Client(self.server_url, key_stretch_version=2) if self.key_stretch_version == 2: @@ -282,7 +287,8 @@ server_url = TEST_SERVER_URL def setUp(self): - + if not os.environ.get("FXA_RUN_LIVE_TESTS"): + self.skipTest("Set FXA_RUN_LIVE_TESTS=1 to run live tests against the stage server") self.client_v2 = Client(self.server_url, key_stretch_version=2) self.client_v1 = Client(self.server_url, key_stretch_version=1) if self.key_stretch_version == 2: @@ -395,6 +401,29 @@ self.assertFalse(self.session.totp_exists()) +class TestAPIClientWAFHeader(unittest.TestCase): + """Unit tests for CI_WAF_TOKEN header injection in APIClient.""" + + SERVER_URL = "https://api.example.com/v1/"; + + def test_waf_header_set_when_env_var_present(self): + with unittest.mock.patch.dict("os.environ", {"CI_WAF_TOKEN": "sekrit"}): + client = APIClient(self.SERVER_URL) + self.assertEqual(client.headers.get("fxa-ci"), "sekrit") + + def test_waf_header_absent_when_env_var_not_set(self): + env = {k: v for k, v in os.environ.items() if k != "CI_WAF_TOKEN"} + with unittest.mock.patch.dict("os.environ", env, clear=True): + client = APIClient(self.SERVER_URL) + self.assertNotIn("fxa-ci", client.headers) + + def test_waf_header_set_on_caller_supplied_session(self): + supplied = requests.Session() + with unittest.mock.patch.dict("os.environ", {"CI_WAF_TOKEN": "sekrit"}): + APIClient(self.SERVER_URL, session=supplied) + self.assertEqual(supplied.headers.get("fxa-ci"), "sekrit") + + # helpers def verify_account(acct, client): def wait_for_email(m):
