ovh · deathiop · Jun 7, 2024 · Jun 7, 2024 · Jun 7, 2024
@@ -228,14 +228,15 @@ def new_consumer_key_request(self):
         """  # noqa:E501
         return ConsumerKeyRequest(self)
 
-    def request_consumerkey(self, access_rules, redirect_url=None):
+    def request_consumerkey(self, access_rules, redirect_url=None, allowedIPs=None):
         """
         Create a new "consumer key" identifying this application's end user. API
         will return a ``consumerKey`` and a ``validationUrl``. The end user must
         visit the ``validationUrl``, authenticate and validate the requested
         ``access_rules`` to link his account to the ``consumerKey``. Once this
         is done, he may optionally be redirected to ``redirect_url`` and the
-        application can start using the ``consumerKey``.
+        application can start using the ``consumerKey``. If adding an ``allowedIPs``
+        parameter, the generated credentials will only be usable from these IPs.
 
         The new ``consumerKey`` is automatically loaded into
         ``self._consumer_key`` and is ready to used as soon as validated.
@@ -270,7 +271,7 @@ def request_consumerkey(self, access_rules, redirect_url=None):
             ]
 
             # Request token
-            validation = client.request_consumerkey(access_rules)
+            validation = client.request_consumerkey(access_rules, redirect_url="https://optional-redirect-url.example.org", allowedIPs=["127.0.0.1/32"])
 
             print("Please visit", validation['validationUrl'], "to authenticate")
             input("and press Enter to continue...")
@@ -280,12 +281,19 @@ def request_consumerkey(self, access_rules, redirect_url=None):
 
 
         :param list access_rules: Mapping specifying requested privileges.
-        :param str redirect_url: Where to redirect end user upon validation.
+        :param str redirect_url: Where to redirect end user upon validation (optional).
+        :param list allowedIPs: CIDRs that will be allowed to use these credentials (optional).
         :raises APIError: When ``self.call`` fails.
         :returns: dict with ``consumerKey`` and ``validationUrl`` keys
         :rtype: dict
-        """
-        res = self.post("/auth/credential", _need_auth=False, accessRules=access_rules, redirection=redirect_url)
+        """  # noqa:E501
+        res = self.post(
+            "/auth/credential",
+            _need_auth=False,
+            accessRules=access_rules,
+            redirection=redirect_url,
+            allowedIPs=allowedIPs,
+        )
         self._consumer_key = res["consumerKey"]
         return res
 

@@ -61,7 +61,7 @@ def __init__(self, client):
         self._client = client
         self._access_rules = []
 
-    def request(self, redirect_url=None):
+    def request(self, redirect_url=None, allowedIPs=None):
         """
         Create the consumer key with the configures autorizations. The user will
         need to validate it before it can be used with the API
@@ -73,7 +73,7 @@ def request(self, redirect_url=None):
             'validationUrl': 'https://eu.api.ovh.com/auth/?credentialToken=now2OOAVO4Wp6t7bemyN9DMWIobhGjFNZSHmixtVJM4S7mzjkN2L5VBfG96Iy1i0'
         }
         """  # noqa: E501
-        return self._client.request_consumerkey(self._access_rules, redirect_url)
+        return self._client.request_consumerkey(self._access_rules, redirect_url, allowedIPs)
 
     def add_rule(self, method, path):
         """

@@ -77,14 +77,15 @@ def test_time_delta(self, m_call, m_time):
     @mock.patch.object(Client, "call", return_value={"consumerKey": "CK"})
     def test_request_consumerkey(self, m_call):
         api = Client("ovh-eu")
-        ret = api.request_consumerkey([{"method": "GET", "path": "/"}], "https://example.com")
+        ret = api.request_consumerkey([{"method": "GET", "path": "/"}], "https://example.com", ["127.0.0.1/32"])
 
         m_call.assert_called_once_with(
             "POST",
             "/auth/credential",
             {
                 "redirection": "https://example.com",
                 "accessRules": [{"method": "GET", "path": "/"}],
+                "allowedIPs": ["127.0.0.1/32"],
             },
             False,
         )

@@ -86,4 +86,4 @@ def test_add_rules(self):
         ck._access_rules = []
         ck.add_recursive_rules(ovh.API_READ_WRITE, "/")
         assert ck.request() is m_client.request_consumerkey.return_value
-        m_client.request_consumerkey.assert_called_once_with(ck._access_rules, None)
+        m_client.request_consumerkey.assert_called_once_with(ck._access_rules, None, None)