From 76863157521bb22a1d5a24fae1dc814422aeeb52 Mon Sep 17 00:00:00 2001
From: Luke Hagar <luke.hagar@sailpoint.com>
Date: Thu, 5 Mar 2026 11:55:58 -0600
Subject: [PATCH] Fix 7 bugs in configuration.py

- Fix verify_ssl=False impossible to set (falsy check + unconditional overwrite)
- Narrow exception catch to urllib3.exceptions.HTTPError so auth errors propagate
- Use dict.get() to prevent KeyError on malformed config.json
- Fix @classmethod methods using self instead of cls
- Guard token_url construction against None base_url
- Remove bare string no-op ("File is present")
- Remove duplicate userAuth block in auth_settings()

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 sailpoint/configuration.py | 33 ++++++++++++---------------------
 1 file changed, 12 insertions(+), 21 deletions(-)

diff --git a/sailpoint/configuration.py b/sailpoint/configuration.py
index 571a772de..fb346d0d8 100644
--- a/sailpoint/configuration.py
+++ b/sailpoint/configuration.py
@@ -44,7 +44,7 @@ def __init__(self, configurationParams: ConfigurationParams = None) -> None:
         self.access_token = configurationParams.access_token if configurationParams and configurationParams.access_token else defaultConfiguration.access_token
         self.proxy = configurationParams.proxy if configurationParams and configurationParams.proxy else None
         self.proxy_headers = configurationParams.proxy_headers if configurationParams and configurationParams.proxy_headers else None
-        self.verify_ssl = configurationParams.verify_ssl if configurationParams and configurationParams.verify_ssl else True
+        self.verify_ssl = configurationParams.verify_ssl if configurationParams and configurationParams.verify_ssl is not None else True
 
         url = f"{self.token_url}"
         if self.access_token == None:
@@ -82,7 +82,6 @@ def __init__(self, configurationParams: ConfigurationParams = None) -> None:
         """Debug switch
         """
 
-        self.verify_ssl = True
         """SSL/TLS verification
            Set this to false to skip verifying SSL certificate when calling API
            from https server.
@@ -134,19 +133,19 @@ def __init__(self, configurationParams: ConfigurationParams = None) -> None:
         """
 
     @classmethod
-    def get_configuration_params(self):
-        envConfiguration = self.get_environment_params()
+    def get_configuration_params(cls):
+        envConfiguration = cls.get_environment_params()
         if envConfiguration.base_url:
             return envConfiguration
 
-        localConfiguration = self.get_local_params()
+        localConfiguration = cls.get_local_params()
         if localConfiguration.base_url:
             return localConfiguration
 
         return ConfigurationParams()
 
     @classmethod
-    def get_environment_params(self) -> ConfigurationParams:
+    def get_environment_params(cls) -> ConfigurationParams:
         config = ConfigurationParams()
 
         config.base_url = (
@@ -162,26 +161,25 @@ def get_environment_params(self) -> ConfigurationParams:
             if os.environ.get("SAIL_CLIENT_SECRET")
             else None
         )
-        config.token_url = str(config.base_url) + "/oauth/token"
+        config.token_url = (config.base_url + "/oauth/token") if config.base_url else None
 
         return config
 
     @classmethod
-    def get_local_params(self) -> ConfigurationParams:
+    def get_local_params(cls) -> ConfigurationParams:
         config = ConfigurationParams()
         if os.path.exists("./config.json"):
-            ("File is present")
             with open("./config.json") as file:
                 data = json.load(file)
-                config.base_url = data["BaseURL"]
-                config.client_id = data["ClientId"]
-                config.client_secret = data["ClientSecret"]
+                config.base_url = data.get("BaseURL")
+                config.client_id = data.get("ClientId")
+                config.client_secret = data.get("ClientSecret")
                 config.token_url = config.base_url + "/oauth/token"
         
         return config
 
     @classmethod
-    def get_access_token(self, url: str, client_id: str, client_secret: str, proxy: str, proxy_headers: dict, verify_ssl: bool) -> str:
+    def get_access_token(cls, url: str, client_id: str, client_secret: str, proxy: str, proxy_headers: dict, verify_ssl: bool) -> str:
 
         http = urllib3.PoolManager()
         pool_args = {}
@@ -218,7 +216,7 @@ def get_access_token(self, url: str, client_id: str, client_secret: str, proxy:
                     "There was an error while trying to fetch access token: "
                     + str(response.data)
                 )
-        except Exception as e:
+        except urllib3.exceptions.HTTPError as e:
             print("Unable to fetch access token. %s" % e)
 
     def auth_settings(self):
@@ -227,13 +225,6 @@ def auth_settings(self):
         :return: The Auth Settings information dict.
         """
         auth = {}
-        if self.access_token is not None:
-            auth["userAuth"] = {
-                "type": "oauth2",
-                "in": "header",
-                "key": "Authorization",
-                "value": "Bearer " + self.access_token,
-            }
         if self.access_token is not None:
             auth["userAuth"] = {
                 "type": "oauth2",