Releases: shotgunsoftware/python-api
v3.0.27
Various fixes
- Make sure HTTP proxy authentication works with the @ character in a password.
- Smarter uploading of thumbnails and filmstrips with the upload() method.
- Make sure sudo authentication test works with Shotgun versions after 6.3.10
- Improve Travis build integration of the Python-API to run the full suite of API tests instead of just the unit and client tests.
v3.0.26
Testing Configuration Update
- Updating testing framework to use environment variables in conjunction with existing example_config file so that commits and pull requests are automatically run on travis-ci.
- Fix to prevent stripping out case-sensitivity of a URL if the user passes their credentials to config.server as an authrization header.
v3.0.25
Change in behavior
We are updating our hosted server certificates to more secure ones signed with SHA-2. Some older versions of Python will have issues with this change as they do not support SHA-2 encryption. In order to try and prevent scripts from breaking, when the API encounters a version of Python that is incompatible with SHA-2, it will automatically turn off certificate verification and try the request again. If the validation still fails for some reason, the error will be raised, otherwise the request succeeds and validation will remain off for the remaining life of the connection.
This behavior of having certificate validation off, is actually the default in Python versions < v2.7.9. Up to this point we have been electing to enhance the default level of security. Your connection is still encrypted when certificate validation is off, but the server identity cannot be verified.
Logging warnings
When the connection falls back to not validating the certificate, a warning message is generated in the logs:
Warning: shotgun_api3 : SSLHandshakeError: this Python installation is incompatible with certificates signed with SHA-2. Disabling certificate validation. For more information, see http://blog.shotgunsoftware.com/2016/01/important-ssl-certificate-renewal-and.html
SHOTGUN_FORCE_CERTIFICATE_VALIDATION
environment variable support
There is also support for the SHOTGUN_FORCE_CERTIFICATE_VALIDATION
environment variable which when set (the value does not matter), will prevent disabling certificate verification and will instead raise an exception.
SSL info added to user-agent
Adds info showing the OpenSSL version (if available) and whether certificate validation is enabled or not, to the user-agent string:
ssl OpenSSL 1.0.2d 9 Jul 2015 (no-validate)
when validation is disabled
ssl OpenSSL 1.0.2d 9 Jul 2015 (validate)
when validation is enabled
ssl OpenSSL unknown (validate)
when the ssl version cannot be determined (< Python 2.7)
v3.0.23
Various fixes
- Fix for Python bug on Windows loading mimetypes module (http://bugs.python.org/issue23371) thanks to @patrickwolf.
- Fix for tests on older versions of Python.
- Sanitize authentication values before raising error.
v3.0.22
Added support for activity stream, global search and note thread access
- Added a new method
text_search()
, which allows an API client to access the Shotgun global search and auto completer. - Added a new method
activity_stream_read()
, which allows an API client to access the activity stream for a given Shotgun entity. - Added a new method
note_thread_read()
, which allows an API client to download an entire note conversation, including replies and attachments, using a single API call. - Added an experimental
mockgun
module (in thelib
submodule), which can be used to emulate the Shotgun API, for example inside unit test rigs. - Improved existing docstrings, added some missing docstrings, fixed some spelling and grammar issues.
- Minor adjustments to existing unit tests to improve encapsulation.
v3.0.21
Update bundled httplib2 module to latest v0.9.1
This fixes an issue where a CertificateHostnameMismatch
exception would be thrown incorrectly when creating a secure connection via the API. The bug was not properly iterating through the entire list of valid hostnames to match the request against. Instead, it was only checking the first host in the list.
Other various bug fixes specific to the library are also included. See https://github.com/jcgregorio/httplib2/blob/master/CHANGELOG for the full list.
v3.0.20
🔑 2FA Support
Add authentication support for Shotgun servers with two-factor authentication turned on. (This will be supported in Shotgun as of v6.1.0+).
Adds an additional auth_token
parameter to the Shotgun()
constructor which is required to authenticate to a server with two-factor authentication turned on. If auth_token
is provided, then login
and password
must be as well and neither script_name
nor api_key
can be provided. Note that these tokens can be short lived so a session is established right away if an auth_token is provided. A MissingTwoFactorAuthenticationFault
will be raised if the auth_token
is invalid.
v3.0.19
Session based authentication
Added a new way to instantiate API instances. You can now authenticate your Shotgun connection using a session token:
from shotgun_api3 import Shotgun
sg = Shotgun("https://hostname.shotgunstudio.com", session_token="xxxxxx")
A session token identifies a user and can be requested using the new get_session_token()
method.
Refined exception types
Added a new AuthenticationFault
exception type to more clearly indicate when server communication has failed due to authentication related reasons.
Easier access to proxy information
Improved the way proxy information can be extracted from the Shotgun API. You can now access the raw proxy string used to construct the API instance via the shotgun_obj.config.raw_proxy
member variable.
Improved support for corporate or internal certificates
Added support for reading the SHOTGUN_API_CACERTS
environment variable as a way of specifying the location of an external SSL certificates file. This is particularly useful for organizations that use an internal or corporate SSL certificate. It can now be defined as an environment variable instead of having to provide the ca_certs
parameter each time you instantiate a Shotgun connection.
v3.0.18
Per project visibility settings for schema methods
We've added the ability to query the per-project visibility status for entities, fields and statuses (affecting the methods schema_read()
, schema_entity_read()
and schema_field_read()
). To retrieve the per-project visibility, you need to pass a Project entity that specifies the project against which the visibility status should checked. If it's not provided, then everything is visible. This requires Shotgun server v5.4.4 or above.
v3.0.17
update_project_last_accessed()
This function will update the Project.last_accessed_by_current_user value. This is an internal field which is calculated by finding the last PageHit created by a user for a particular Project. So this new function acts as a convenience method for updating the value with a "ping". We added this function primarily for future Toolkit functionality, but you're welcome to use it as needed. Documentation for update_project_last_accessed()
Additional info in user-agent string
We've added the Python version and platform to the user-agent string that is sent with API requests.
Old user-agent string: shotgun-json (3.0.17)
New user-agent string: shotgun-json (3.0.17); Python 2.6 (Mac)
_Note that Toolkit adds additional info to the user-agent string including version info for apps and engines. This hasn't changed but is now appended to the new default user-agent string._
Fix for Windows Python 2.7 mimetypes bug
There are certain installers on Windows that will (incorrectly) add non-Latin characters to the registry. This usually only happens if you are located in an area where unicode characters are more widely required. The mimetypes library in Python 2.7 chokes on these non-Latin characters causing a UnicodeDecodeError. To work around this error, we have bundled a patched version of the mimetypes library and fall back on that if we encounter this issue during runtime.
More info about the Python bug can be found at http://bugs.python.org/issue9291