Python 3 + NTLM + Sharepoint

ntlmpythonsharepointsharepoint-2013

I am attempting to create a tool for interfacing with Sharepoint to start transitioning a number of old processes away from using Sharepoint as a relational database and move that data into an actual database and automate several manual tasks among other things.

The environment I am working with is a Sharepoint 2013 server using NTLM authentication. I need to use python3 to be able to use a set of libraries that will later be used to consume the data. Python is running via Anaconda 64 bit. I have no administrative power over the sharepoint server at all, just the ability to read and change information of certain pages.

The problem I am running into is authenticating using NTLM and the Sharepoint module together. The following snippet works just fine for pulling the HTML from the site as if it were a browser:

from <<password management library>> import KEY
from requests_ntlm import HttpNtlmAuth
import requests,getpass

#Configuration
domain='domain'
srv="sharepoint.company.com"
creds=KEY(srv,getpass.getuser()) #Secure credential retrieval
user='{0}\\{1}'.format(domain,creds.USERNAME).upper()
srvaddr='https://{0}'.format(srv)
site='/sites/path/to/site/'
site_url='{0}{1}'.format(srvaddr,site)

#Auth via Requests_NTLM
opener=HttpNtlmAuth(user,creds.getpass())

#Interface via Requests
s = sharepoint.SharePointSite(site_url, opener)
r = requests.get(srvaddr, auth=opener)

Using the documentation, source code provided in the sharepoint library's documentation and a few Stackoverflow posts (that refer to python 2 libraries), I attempted to replicate this using the sharepoint module. While the above is able to successfully authenticate, the following snippet gets a 401 Unauthorized Error:

import sharepoint,requests,getpass,urllib
from ntlm3.HTTPNtlmAuthHandler import HTTPNtlmAuthHandler
from <<password management library>> import KEY
from requests_ntlm import HttpNtlmAuth
from urllib.request import BaseHandler, HTTPPasswordMgrWithDefaultRealm, build_opener

#Configuration
domain='domain'
srv="sharepoint.company.com"
creds=KEY(srv,getpass.getuser()) #Secure credential retrieval
user='{0}\\{1}'.format(domain,creds.USERNAME).upper()
srvaddr='https://{0}'.format(srv)
site='/sites/path/to/site/'
site_url='{0}{1}'.format(srvaddr,site)

#Auth via urllib Opener
def basic_auth_opener(url, username, password):
    password_manager = HTTPPasswordMgrWithDefaultRealm()
    password_manager.add_password(None, url, username, password)
    auth_handler = HTTPNtlmAuthHandler(password_manager) #PreemptiveBasicAuthHandler(password_manager)
    opener = build_opener(auth_handler)
    return opener

print('Auth as {0}@{1}'.format(user,srvaddr))

opener = basic_auth_opener(srvaddr, user, creds.getpass())
#urllib.request.install_opener(opener)
print('Open {0}'.format(site_url))

#Interface via Sharepoint module
s = sharepoint.SharePointSite(site_url, opener)
for sp_list in s.lists:
    print (sp_list.id, sp_list.meta['Title'])

I know that the credentials work and are authorized to access the site since the first snippet works just fine. The second simply gets a 401 error and I have been diving into the inner workings of urllib, requests, python-ntlm, and requests-ntlm all day trying to understand why one works but the other does not.

Error stack for reference:

HTTPErrorTraceback (most recent call last)
<ipython-input-41-af721d5620e7> in <module>()
     31 #Interface via Sharepoint module
     32 s = sharepoint.SharePointSite(site_url, opener)
---> 33 for sp_list in s.lists:
     34     print (sp_list.id, sp_list.meta['Title'])

C:\Anaconda3\lib\site-packages\sharepoint\lists\__init__.py in __iter__(self)
     78 
     79     def __iter__(self):
---> 80         return iter(self.all_lists)
     81 
     82     def __getitem__(self, key):

C:\Anaconda3\lib\site-packages\sharepoint\lists\__init__.py in all_lists(self)
     34         if not hasattr(self, '_all_lists'):
     35             xml = SP.GetListCollection()
---> 36             result = self.opener.post_soap(LIST_WEBSERVICE, xml)
     37 
     38             self._all_lists = []

C:\Anaconda3\lib\site-packages\sharepoint\site.py in post_soap(self, url, xml, soapaction)
     30         if soapaction:
     31             request.add_header('Soapaction', soapaction)
---> 32         response = self.opener.open(request, timeout=self.timeout)
     33         return etree.parse(response).xpath('/soap:Envelope/soap:Body/*', namespaces=namespaces)[0]
     34 

C:\Anaconda3\lib\urllib\request.py in open(self, fullurl, data, timeout)
    470         for processor in self.process_response.get(protocol, []):
    471             meth = getattr(processor, meth_name)
--> 472             response = meth(req, response)
    473 
    474         return response

C:\Anaconda3\lib\urllib\request.py in http_response(self, request, response)
    580         if not (200 <= code < 300):
    581             response = self.parent.error(
--> 582                 'http', request, response, code, msg, hdrs)
    583 
    584         return response

C:\Anaconda3\lib\urllib\request.py in error(self, proto, *args)
    508         if http_err:
    509             args = (dict, 'default', 'http_error_default') + orig_args
--> 510             return self._call_chain(*args)
    511 
    512 # XXX probably also want an abstract factory that knows when it makes

C:\Anaconda3\lib\urllib\request.py in _call_chain(self, chain, kind, meth_name, *args)
    442         for handler in handlers:
    443             func = getattr(handler, meth_name)
--> 444             result = func(*args)
    445             if result is not None:
    446                 return result

C:\Anaconda3\lib\urllib\request.py in http_error_default(self, req, fp, code, msg, hdrs)
    588 class HTTPDefaultErrorHandler(BaseHandler):
    589     def http_error_default(self, req, fp, code, msg, hdrs):
--> 590         raise HTTPError(req.full_url, code, msg, hdrs, fp)
    591 
    592 class HTTPRedirectHandler(BaseHandler):

HTTPError: HTTP Error 401: Unauthorized

Best Answer

Shareplum ended up working great, with some exceptions due to the way it imported some data. Here's some rough code I ended up using to test it and later expand, censored, but enough to get someone started if they stumble across this:

from <<DATABASE LIBRARY>> import KEY,ORACLESQL
from requests_ntlm import HttpNtlmAuth
import requests,getpass,datetime,re,json
import shareplum

def date_handler(obj):
    return obj.isoformat() if hasattr(obj, 'isoformat') else obj

def ppJSON(inDict):
    return (json.dumps(inDict,sort_keys=True, indent=4, default=date_handler))


####### BEGIN: Monkey Patch to Shareplum ###################
def _python_type(self, key, value):
    """Returns proper type from the schema"""
    try:
        field_type = self._sp_cols[key]['type']
        if field_type in ['Number', 'Currency']:
            return float(value)
        elif field_type == 'DateTime':
            # Need to round datetime object
            return datetime.datetime.strptime(value, '%Y-%m-%d %H:%M:%S')#.date()
        elif field_type == 'Boolean':
            if value == '1':
                return 'Y'
            elif value == '0':
                return 'N'
            else:
                return ''
        elif field_type == 'User':
            # Sometimes the User no longer exists or
            # has a diffrent ID number so we just remove the "123;#"
            # from the beginning of their name
            if value in self.users['sp']:
                return self.users['sp'][value]
            else:
                return value.split('#')[1]
        else:
            return value.encode('ascii','replace').decode('ascii')
    except AttributeError as e:
        print(e)
        return value

#Monkey Patching the datetime import to avoid truncation of data
shareplum.shareplum._List._python_type=_python_type
####### END: Monkey Patch to Shareplum ###################


class SPSite(object):
    def __init__(self,username,password,server,site,listname=None,viewname=None,domain='sensenet'):
        self.domain=domain
        self.server=server
        self.site=site
        self.listname=listname
        self.viewname=viewname
        self.user='{0}\\{1}'.format(self.domain,username).upper()
        self.opener=HttpNtlmAuth(self.user,password)
        self.s=None
        self.l=None
        self.sql=None
        self.updateMetaData()
    def updateMetaData(self):
        self.srvaddr='https://{0}'.format(self.server)
        self.site_url='{0}{1}'.format(self.srvaddr,self.site)
        self.s=shareplum.Site(self.site_url,self.opener)
        if self.listname:
            self.l=self.s.List(self.listname)
    def showSampleData(self,view=None,*args,**kwargs):
        s=self.s
        #theview=view
        #if not theview and not fields: theview=self.viewname
        #Display Data
        print('Lists in {0}'.format(self.site_url))
        for i in s.GetListCollection():
            print(i['Title'])
        if self.listname:
            l=s.List(self.listname)
            print('\nViews in List {0}'.format(self.listname))
            for i in l.views:
                print(i)
            if self.viewname:
                print('\nView Fields for {0}'.format(viewname))
                for i in l.GetView(viewname)['fields']:
                    print (i)
                print('\nData in View {0}'.format(self.viewname))
                for i in l.GetListItems(rowlimit=10,*args,**kwargs):
                    print(ppJSON(i))

Example:

#Configuration
domain='DomainName'
srv="sharepoint.site.com"
creds=KEY(srv,getpass.getuser()) #Secure credential retrieval
site='/sites/path/to/site'
listname='Some List'
viewname='Some View I Want to ETL'

tablename='SP_{0}_STG'.format(to_oracle(listname))

#Show Sample Data
s=SPSite(creds.USERNAME,creds.getpass(),srv,site,listname,viewname)

s.showSampleData(viewname)

Classes as objects

Before understanding metaclasses, you need to master classes in Python. And Python has a very peculiar idea of what classes are, borrowed from the Smalltalk language.

In most languages, classes are just pieces of code that describe how to produce an object. That's kinda true in Python too:

>>> class ObjectCreator(object):
...       pass
...

>>> my_object = ObjectCreator()
>>> print(my_object)
<__main__.ObjectCreator object at 0x8974f2c>

But classes are more than that in Python. Classes are objects too.

Yes, objects.

As soon as you use the keyword class, Python executes it and creates an object. The instruction

>>> class ObjectCreator(object):
...       pass
...

creates in memory an object with the name ObjectCreator.

This object (the class) is itself capable of creating objects (the instances), and this is why it's a class.

But still, it's an object, and therefore:

you can assign it to a variable
you can copy it
you can add attributes to it
you can pass it as a function parameter

e.g.:

>>> print(ObjectCreator) # you can print a class because it's an object
<class '__main__.ObjectCreator'>
>>> def echo(o):
...       print(o)
...
>>> echo(ObjectCreator) # you can pass a class as a parameter
<class '__main__.ObjectCreator'>
>>> print(hasattr(ObjectCreator, 'new_attribute'))
False
>>> ObjectCreator.new_attribute = 'foo' # you can add attributes to a class
>>> print(hasattr(ObjectCreator, 'new_attribute'))
True
>>> print(ObjectCreator.new_attribute)
foo
>>> ObjectCreatorMirror = ObjectCreator # you can assign a class to a variable
>>> print(ObjectCreatorMirror.new_attribute)
foo
>>> print(ObjectCreatorMirror())
<__main__.ObjectCreator object at 0x8997b4c>

Creating classes dynamically

Since classes are objects, you can create them on the fly, like any object.

First, you can create a class in a function using class:

>>> def choose_class(name):
...     if name == 'foo':
...         class Foo(object):
...             pass
...         return Foo # return the class, not an instance
...     else:
...         class Bar(object):
...             pass
...         return Bar
...
>>> MyClass = choose_class('foo')
>>> print(MyClass) # the function returns a class, not an instance
<class '__main__.Foo'>
>>> print(MyClass()) # you can create an object from this class
<__main__.Foo object at 0x89c6d4c>

But it's not so dynamic, since you still have to write the whole class yourself.

Since classes are objects, they must be generated by something.

When you use the class keyword, Python creates this object automatically. But as with most things in Python, it gives you a way to do it manually.

Remember the function type? The good old function that lets you know what type an object is:

>>> print(type(1))
<type 'int'>
>>> print(type("1"))
<type 'str'>
>>> print(type(ObjectCreator))
<type 'type'>
>>> print(type(ObjectCreator()))
<class '__main__.ObjectCreator'>

Well, type has a completely different ability, it can also create classes on the fly. type can take the description of a class as parameters, and return a class.

(I know, it's silly that the same function can have two completely different uses according to the parameters you pass to it. It's an issue due to backward compatibility in Python)

type works this way:

type(name, bases, attrs)

Where:

name: name of the class
bases: tuple of the parent class (for inheritance, can be empty)
attrs: dictionary containing attributes names and values

e.g.:

>>> class MyShinyClass(object):
...       pass

can be created manually this way:

>>> MyShinyClass = type('MyShinyClass', (), {}) # returns a class object
>>> print(MyShinyClass)
<class '__main__.MyShinyClass'>
>>> print(MyShinyClass()) # create an instance with the class
<__main__.MyShinyClass object at 0x8997cec>

You'll notice that we use MyShinyClass as the name of the class and as the variable to hold the class reference. They can be different, but there is no reason to complicate things.

type accepts a dictionary to define the attributes of the class. So:

>>> class Foo(object):
...       bar = True

Can be translated to:

>>> Foo = type('Foo', (), {'bar':True})

And used as a normal class:

>>> print(Foo)
<class '__main__.Foo'>
>>> print(Foo.bar)
True
>>> f = Foo()
>>> print(f)
<__main__.Foo object at 0x8a9b84c>
>>> print(f.bar)
True

And of course, you can inherit from it, so:

>>>   class FooChild(Foo):
...         pass

would be:

>>> FooChild = type('FooChild', (Foo,), {})
>>> print(FooChild)
<class '__main__.FooChild'>
>>> print(FooChild.bar) # bar is inherited from Foo
True

Eventually, you'll want to add methods to your class. Just define a function with the proper signature and assign it as an attribute.

>>> def echo_bar(self):
...       print(self.bar)
...
>>> FooChild = type('FooChild', (Foo,), {'echo_bar': echo_bar})
>>> hasattr(Foo, 'echo_bar')
False
>>> hasattr(FooChild, 'echo_bar')
True
>>> my_foo = FooChild()
>>> my_foo.echo_bar()
True

And you can add even more methods after you dynamically create the class, just like adding methods to a normally created class object.

>>> def echo_bar_more(self):
...       print('yet another method')
...
>>> FooChild.echo_bar_more = echo_bar_more
>>> hasattr(FooChild, 'echo_bar_more')
True

You see where we are going: in Python, classes are objects, and you can create a class on the fly, dynamically.

This is what Python does when you use the keyword class, and it does so by using a metaclass.

What are metaclasses (finally)

Metaclasses are the 'stuff' that creates classes.

You define classes in order to create objects, right?

But we learned that Python classes are objects.

Well, metaclasses are what create these objects. They are the classes' classes, you can picture them this way:

MyClass = MetaClass()
my_object = MyClass()

You've seen that type lets you do something like this:

MyClass = type('MyClass', (), {})

It's because the function type is in fact a metaclass. type is the metaclass Python uses to create all classes behind the scenes.

Now you wonder "why the heck is it written in lowercase, and not Type?"

Well, I guess it's a matter of consistency with str, the class that creates strings objects, and int the class that creates integer objects. type is just the class that creates class objects.

You see that by checking the __class__ attribute.

Everything, and I mean everything, is an object in Python. That includes integers, strings, functions and classes. All of them are objects. And all of them have been created from a class:

>>> age = 35
>>> age.__class__
<type 'int'>
>>> name = 'bob'
>>> name.__class__
<type 'str'>
>>> def foo(): pass
>>> foo.__class__
<type 'function'>
>>> class Bar(object): pass
>>> b = Bar()
>>> b.__class__
<class '__main__.Bar'>

Now, what is the __class__ of any __class__ ?

>>> age.__class__.__class__
<type 'type'>
>>> name.__class__.__class__
<type 'type'>
>>> foo.__class__.__class__
<type 'type'>
>>> b.__class__.__class__
<type 'type'>

So, a metaclass is just the stuff that creates class objects.

You can call it a 'class factory' if you wish.

type is the built-in metaclass Python uses, but of course, you can create your own metaclass.

The `metaclass` attribute

In Python 2, you can add a __metaclass__ attribute when you write a class (see next section for the Python 3 syntax):

class Foo(object):
    __metaclass__ = something...
    [...]

If you do so, Python will use the metaclass to create the class Foo.

Careful, it's tricky.

You write class Foo(object) first, but the class object Foo is not created in memory yet.

Python will look for __metaclass__ in the class definition. If it finds it, it will use it to create the object class Foo. If it doesn't, it will use type to create the class.

Read that several times.

When you do:

class Foo(Bar):
    pass

Python does the following:

Is there a __metaclass__ attribute in Foo?

If yes, create in-memory a class object (I said a class object, stay with me here), with the name Foo by using what is in __metaclass__.

If Python can't find __metaclass__, it will look for a __metaclass__ at the MODULE level, and try to do the same (but only for classes that don't inherit anything, basically old-style classes).

Then if it can't find any __metaclass__ at all, it will use the Bar's (the first parent) own metaclass (which might be the default type) to create the class object.

Be careful here that the __metaclass__ attribute will not be inherited, the metaclass of the parent (Bar.__class__) will be. If Bar used a __metaclass__ attribute that created Bar with type() (and not type.__new__()), the subclasses will not inherit that behavior.

Now the big question is, what can you put in __metaclass__?

The answer is something that can create a class.

And what can create a class? type, or anything that subclasses or uses it.

Metaclasses in Python 3

The syntax to set the metaclass has been changed in Python 3:

class Foo(object, metaclass=something):
    ...

i.e. the __metaclass__ attribute is no longer used, in favor of a keyword argument in the list of base classes.

The behavior of metaclasses however stays largely the same.

One thing added to metaclasses in Python 3 is that you can also pass attributes as keyword-arguments into a metaclass, like so:

class Foo(object, metaclass=something, kwarg1=value1, kwarg2=value2):
    ...

Read the section below for how Python handles this.

Custom metaclasses

The main purpose of a metaclass is to change the class automatically, when it's created.

You usually do this for APIs, where you want to create classes matching the current context.

Imagine a stupid example, where you decide that all classes in your module should have their attributes written in uppercase. There are several ways to do this, but one way is to set __metaclass__ at the module level.

This way, all classes of this module will be created using this metaclass, and we just have to tell the metaclass to turn all attributes to uppercase.

Luckily, __metaclass__ can actually be any callable, it doesn't need to be a formal class (I know, something with 'class' in its name doesn't need to be a class, go figure... but it's helpful).

So we will start with a simple example, by using a function.

# the metaclass will automatically get passed the same argument
# that you usually pass to `type`
def upper_attr(future_class_name, future_class_parents, future_class_attrs):
    """
      Return a class object, with the list of its attribute turned
      into uppercase.
    """
    # pick up any attribute that doesn't start with '__' and uppercase it
    uppercase_attrs = {
        attr if attr.startswith("__") else attr.upper(): v
        for attr, v in future_class_attrs.items()
    }

    # let `type` do the class creation
    return type(future_class_name, future_class_parents, uppercase_attrs)

__metaclass__ = upper_attr # this will affect all classes in the module

class Foo(): # global __metaclass__ won't work with "object" though
    # but we can define __metaclass__ here instead to affect only this class
    # and this will work with "object" children
    bar = 'bip'

Let's check:

>>> hasattr(Foo, 'bar')
False
>>> hasattr(Foo, 'BAR')
True
>>> Foo.BAR
'bip'

Now, let's do exactly the same, but using a real class for a metaclass:

# remember that `type` is actually a class like `str` and `int`
# so you can inherit from it
class UpperAttrMetaclass(type):
    # __new__ is the method called before __init__
    # it's the method that creates the object and returns it
    # while __init__ just initializes the object passed as parameter
    # you rarely use __new__, except when you want to control how the object
    # is created.
    # here the created object is the class, and we want to customize it
    # so we override __new__
    # you can do some stuff in __init__ too if you wish
    # some advanced use involves overriding __call__ as well, but we won't
    # see this
    def __new__(upperattr_metaclass, future_class_name,
                future_class_parents, future_class_attrs):
        uppercase_attrs = {
            attr if attr.startswith("__") else attr.upper(): v
            for attr, v in future_class_attrs.items()
        }
        return type(future_class_name, future_class_parents, uppercase_attrs)

Let's rewrite the above, but with shorter and more realistic variable names now that we know what they mean:

class UpperAttrMetaclass(type):
    def __new__(cls, clsname, bases, attrs):
        uppercase_attrs = {
            attr if attr.startswith("__") else attr.upper(): v
            for attr, v in attrs.items()
        }
        return type(clsname, bases, uppercase_attrs)

You may have noticed the extra argument cls. There is nothing special about it: __new__ always receives the class it's defined in, as the first parameter. Just like you have self for ordinary methods which receive the instance as the first parameter, or the defining class for class methods.

But this is not proper OOP. We are calling type directly and we aren't overriding or calling the parent's __new__. Let's do that instead:

class UpperAttrMetaclass(type):
    def __new__(cls, clsname, bases, attrs):
        uppercase_attrs = {
            attr if attr.startswith("__") else attr.upper(): v
            for attr, v in attrs.items()
        }
        return type.__new__(cls, clsname, bases, uppercase_attrs)

We can make it even cleaner by using super, which will ease inheritance (because yes, you can have metaclasses, inheriting from metaclasses, inheriting from type):

class UpperAttrMetaclass(type):
    def __new__(cls, clsname, bases, attrs):
        uppercase_attrs = {
            attr if attr.startswith("__") else attr.upper(): v
            for attr, v in attrs.items()
        }
        return super(UpperAttrMetaclass, cls).__new__(
            cls, clsname, bases, uppercase_attrs)

Oh, and in Python 3 if you do this call with keyword arguments, like this:

class Foo(object, metaclass=MyMetaclass, kwarg1=value1):
    ...

It translates to this in the metaclass to use it:

class MyMetaclass(type):
    def __new__(cls, clsname, bases, dct, kwargs1=default):
        ...

That's it. There is really nothing more about metaclasses.

The reason behind the complexity of the code using metaclasses is not because of metaclasses, it's because you usually use metaclasses to do twisted stuff relying on introspection, manipulating inheritance, vars such as __dict__, etc.

Indeed, metaclasses are especially useful to do black magic, and therefore complicated stuff. But by themselves, they are simple:

intercept a class creation
modify the class
return the modified class

Why would you use metaclasses classes instead of functions?

Since __metaclass__ can accept any callable, why would you use a class since it's obviously more complicated?

There are several reasons to do so:

The intention is clear. When you read UpperAttrMetaclass(type), you know what's going to follow
You can use OOP. Metaclass can inherit from metaclass, override parent methods. Metaclasses can even use metaclasses.
Subclasses of a class will be instances of its metaclass if you specified a metaclass-class, but not with a metaclass-function.
You can structure your code better. You never use metaclasses for something as trivial as the above example. It's usually for something complicated. Having the ability to make several methods and group them in one class is very useful to make the code easier to read.
You can hook on __new__, __init__ and __call__. Which will allow you to do different stuff, Even if usually you can do it all in __new__, some people are just more comfortable using __init__.
These are called metaclasses, damn it! It must mean something!

Why would you use metaclasses?

Now the big question. Why would you use some obscure error-prone feature?

Well, usually you don't:

Metaclasses are deeper magic that 99% of users should never worry about it. If you wonder whether you need them, you don't (the people who actually need them to know with certainty that they need them and don't need an explanation about why).

Python Guru Tim Peters

The main use case for a metaclass is creating an API. A typical example of this is the Django ORM. It allows you to define something like this:

class Person(models.Model):
    name = models.CharField(max_length=30)
    age = models.IntegerField()

But if you do this:

person = Person(name='bob', age='35')
print(person.age)

It won't return an IntegerField object. It will return an int, and can even take it directly from the database.

This is possible because models.Model defines __metaclass__ and it uses some magic that will turn the Person you just defined with simple statements into a complex hook to a database field.

Django makes something complex look simple by exposing a simple API and using metaclasses, recreating code from this API to do the real job behind the scenes.

The last word

First, you know that classes are objects that can create instances.

Well, in fact, classes are themselves instances. Of metaclasses.

>>> class Foo(object): pass
>>> id(Foo)
142630324

Everything is an object in Python, and they are all either instance of classes or instances of metaclasses.

Except for type.

type is actually its own metaclass. This is not something you could reproduce in pure Python, and is done by cheating a little bit at the implementation level.

Secondly, metaclasses are complicated. You may not want to use them for very simple class alterations. You can change classes by using two different techniques:

monkey patching
class decorators

99% of the time you need class alteration, you are better off using these.

But 98% of the time, you don't need class alteration at all.

Best Answer

Related Solutions

Python – How to execute a program or call a system command

Python – What are metaclasses in Python