Add verify and proxies to context

adal/authentication_context.py

@@ -47,7 +47,7 @@ class AuthenticationContext(object):
 
     def __init__(
             self, authority, validate_authority=None, cache=None,
-            api_version='1.0', timeout=None, enable_pii=False):
+            api_version='1.0', timeout=None, enable_pii=False, verify_ssl=None, proxies=None):
         '''Creates a new AuthenticationContext object.
 
         By default the authority will be checked against a list of known Azure
@@ -75,11 +75,20 @@ def __init__(
             read timeout) <timeouts>` tuple.
         :param enable_pii: (optional) Unless this is set to True,
             there will be no Personally Identifiable Information (PII) written in log.
+        :param verify_ssl: (optional) requests verify. Either a boolean, in which case it 
+            controls whether we verify the server's TLS certificate, or a string, in which 
+            case it must be a path to a CA bundle to use. If this value is not provided, and 
+            ADAL_PYTHON_SSL_NO_VERIFY env varaible is set, behavior is equivalent to 
+            verify_ssl=False.
+        :param proxies: (optional) requests proxies. Dictionary mapping protocol to the URL 
+            of the proxy. See http://docs.python-requests.org/en/master/user/advanced/#proxies
+            for details.
         '''
         self.authority = Authority(authority, validate_authority is None or validate_authority)
         self._oauth2client = None
         self.correlation_id = None
-        env_value = os.environ.get('ADAL_PYTHON_SSL_NO_VERIFY')
+        env_verify = 'ADAL_PYTHON_SSL_NO_VERIFY' not in os.environ
+        verify = verify_ssl if verify_ssl is not None else env_verify
         if api_version is not None:
             warnings.warn(
                 """The default behavior of including api-version=1.0 on the wire
@@ -94,7 +103,8 @@ def __init__(
         self._call_context = {
             'options': GLOBAL_ADAL_OPTIONS,
             'api_version': api_version,
-            'verify_ssl': None if env_value is None else not env_value, # mainly for tracing through proxy
+            'verify_ssl': verify,
+            'proxies':proxies,
             'timeout':timeout,
             "enable_pii": enable_pii,
             }

adal/authority.py

@@ -115,7 +115,8 @@ def _perform_dynamic_instance_discovery(self):
 
         try:
             resp = requests.get(discovery_endpoint.geturl(), headers=get_options['headers'],
-                                verify=self._call_context.get('verify_ssl', None))
+                                verify=self._call_context.get('verify_ssl', None),
+                                proxies=self._call_context.get('proxies', None))
             util.log_return_correlation_id(self._log, operation, resp)
         except Exception:
             self._log.exception("%(operation)s request failed",

adal/mex.py

@@ -79,7 +79,8 @@ def discover(self):
         try:
             operation = "Mex Get"
             resp = requests.get(self._url, headers=options['headers'],
-                                verify=self._call_context.get('verify_ssl', None))
+                                verify=self._call_context.get('verify_ssl', None),
+                                proxies=self._call_context.get('proxies', None))
             util.log_return_correlation_id(self._log, operation, resp)
         except Exception:
             self._log.exception(

adal/oauth2_client.py

@@ -264,6 +264,7 @@ def get_token(self, oauth_parameters):
                                  data=url_encoded_token_request, 
                                  headers=post_options['headers'],
                                  verify=self._call_context.get('verify_ssl', None),
+                                 proxies=self._call_context.get('proxies', None),
                                  timeout=self._call_context.get('timeout', None))
 
             util.log_return_correlation_id(self._log, operation, resp)
@@ -298,6 +299,7 @@ def get_user_code_info(self, oauth_parameters):
                                  data=url_encoded_code_request, 
                                  headers=post_options['headers'],
                                  verify=self._call_context.get('verify_ssl', None),
+                                 proxies=self._call_context.get('proxies', None),
                                  timeout=self._call_context.get('timeout', None))
             util.log_return_correlation_id(self._log, operation, resp)
         except Exception:
@@ -339,6 +341,7 @@ def get_token_with_polling(self, oauth_parameters, refresh_internal, expires_in)
             resp = requests.post(
                 token_url.geturl(), 
                 data=url_encoded_code_request, headers=post_options['headers'],
+                proxies=self._call_context.get('proxies', None),
                 verify=self._call_context.get('verify_ssl', None))
             if resp.status_code == 429:
                 resp.raise_for_status()  # Will raise requests.exceptions.HTTPError

adal/user_realm.py

@@ -143,6 +143,7 @@ def discover(self):
 
         operation = 'User Realm Discovery'
         resp = requests.get(user_realm_url.geturl(), headers=options['headers'],
+                            proxies=self._call_context.get('proxies', None),
                             verify=self._call_context.get('verify_ssl', None))
         util.log_return_correlation_id(self._log, operation, resp)
 

adal/wstrust_request.py

@@ -147,6 +147,7 @@ def acquire_token(self, username, password):
         resp = requests.post(self._wstrust_endpoint_url, headers=options['headers'], data=rst,
                              allow_redirects=True,
                              verify=self._call_context.get('verify_ssl', None),
+                             proxies=self._call_context.get('proxies', None),
                              timeout=self._call_context.get('timeout', None))
 
         util.log_return_correlation_id(self._log, operation, resp)