Merge pull request #34 from jnwhiteh/certificate-auth

Add support for certificate-based authentication

Author: gtaylor

paypal/interface.py

@@ -106,12 +106,20 @@ def _call(self, method, **kwargs):
             'VERSION': self.config.API_VERSION,
         }
 
+        # This dict holds kwarg parameters to pass to the requests API.
+        requests_kwargs = dict()
+
         if self.config.API_AUTHENTICATION_MODE == "3TOKEN":
             url_values['USER'] = self.config.API_USERNAME
             url_values['PWD'] = self.config.API_PASSWORD
             url_values['SIGNATURE'] = self.config.API_SIGNATURE
         elif self.config.API_AUTHENTICATION_MODE == "UNIPAY":
             url_values['SUBJECT'] = self.config.UNIPAY_SUBJECT
+        elif self.config.API_AUTHENTICATION_MODE == "CERTIFICATE":
+            url_values['USER'] = self.config.API_USERNAME
+            url_values['PWD'] = self.config.API_PASSWORD
+            requests_kwargs['cert'] = (self.config.API_CERTIFICATE_FILENAME,
+                                       self.config.API_KEY_FILENAME)
 
         # All values passed to PayPal API must be uppercase.
         for key, value in kwargs.items():
@@ -126,6 +134,7 @@ def _call(self, method, **kwargs):
             data=url_values,
             timeout=self.config.HTTP_TIMEOUT,
             verify=self.config.API_CA_CERTS,
+            **requests_kwargs
         )
 
         # Call paypal API

paypal/settings.py

@@ -31,12 +31,15 @@ class PayPalConfig(object):
     # Various API servers.
     _API_ENDPOINTS = {
         # In most cases, you want 3-Token. There's also Certificate-based
-        # authentication, which uses different servers, but that's not
-        # implemented.
+        # authentication, which uses different servers.
         '3TOKEN': {
             'SANDBOX': 'https://api-3t.sandbox.paypal.com/nvp',
             'PRODUCTION': 'https://api-3t.paypal.com/nvp',
-        }
+        },
+        'CERTIFICATE': {
+            'SANDBOX': 'https://api.sandbox.paypal.com/nvp',
+            'PRODUCTION': 'https://api.paypal.com/nvp',
+        },
     }
 
     _PAYPAL_URL_BASE = {
@@ -55,6 +58,10 @@ class PayPalConfig(object):
     API_PASSWORD = None
     API_SIGNATURE = None
 
+    # CERTIFICATE credentials
+    API_CERTIFICATE_FILENAME = None
+    API_KEY_FILENAME = None
+
     # API Endpoints are just API server addresses.
     API_ENDPOINT = None
     PAYPAL_URL_BASE = None
@@ -116,9 +123,15 @@ def __init__(self, **kwargs):
                 # A CA Cert path was specified, but it's invalid.
                 raise PayPalConfigError('Invalid API_CA_CERTS')
 
-        # set the 3TOKEN required fields
-        if self.API_AUTHENTICATION_MODE == '3TOKEN':
-            for arg in ('API_USERNAME', 'API_PASSWORD', 'API_SIGNATURE'):
+        # check authentication fields
+        if self.API_AUTHENTICATION_MODE in ('3TOKEN', 'CERTIFICATE'):
+            auth_args = ['API_USERNAME', 'API_PASSWORD']
+            if self.API_AUTHENTICATION_MODE == '3TOKEN':
+                auth_args.append('API_SIGNATURE')
+            elif self.API_AUTHENTICATION_MODE == 'CERTIFICATE':
+                auth_args.extend(['API_CERTIFICATE_FILENAME', 'API_KEY_FILENAME'])
+
+            for arg in auth_args:
                 if arg not in kwargs:
                     raise PayPalConfigError('Missing in PayPalConfig: %s ' % arg)
                 setattr(self, arg, kwargs[arg])