Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(google_update): updated Flask and deps, also don't fail early with Google errors PXP-10900 #1086

Merged
merged 16 commits into from
May 4, 2023
Merged

feat(google_update): updated Flask and deps, also don't fail early with Google errors PXP-10900 #1086

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
24b3f7b
fix(google_update): don't fail early with Google errors (try to conti…
Avantol13 Apr 14, 2023
551cad6
feat(prometheus): start removing prometheus logic, metrics should be …
Avantol13 Apr 18, 2023
8bb3937
feat(flask upgrade): upgrade many deps, replace deprecated session ma…
Avantol13 Apr 18, 2023
0838caa
Merge branch 'master' into fix/google_update
Avantol13 Apr 18, 2023
69fe261
chore(deps): use pinned versions
Avantol13 Apr 18, 2023
af27033
Merge branch 'master' into fix/google_update
Avantol13 Apr 25, 2023
3628796
fix(warnings): fix deprecation warnings
Avantol13 Apr 25, 2023
cb8a80b
Merge branch 'master' into fix/google_update
Avantol13 Apr 26, 2023
fa3f085
Update pyproject.toml
Avantol13 Apr 27, 2023
215b90f
fix(test): re-add removed test
Avantol13 Apr 28, 2023
14c7446
Merge branch 'master' into fix/google_update
Avantol13 Apr 28, 2023
0585939
Merge branch 'master' into fix/google_update
Avantol13 May 3, 2023
af1da74
feat(deps): update flask to latest b/c of another high severity flag
Avantol13 May 3, 2023
35d961f
fix(dep): update deprecated werkzeug cookie attribute to new attribute
Avantol13 May 3, 2023
57b5b5d
fix(travis): upgrade pip before install
Avantol13 May 3, 2023
f5f5b25
fix(tests): remove debugging
Avantol13 May 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ addons:
postgresql: "9.6"

install:
- pip install --upgrade pip
- pip install poetry
- poetry install -vv --no-interaction
- poetry install --all-extras -vv --no-interaction
- poetry show -vv
- psql -c 'SELECT version();' -U postgres
- psql -U postgres -c "create database fence_test_tmp"
Expand Down
45 changes: 30 additions & 15 deletions fence/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
from urllib.parse import urljoin
import flask
from flask_cors import CORS
from flask_sqlalchemy_session import flask_scoped_session, current_session
from sqlalchemy.orm import scoped_session
from flask import _app_ctx_stack, current_app
from werkzeug.local import LocalProxy

from authutils.oauth2.client import OAuthClient
from cdislogging import get_logger
Expand Down Expand Up @@ -112,7 +114,24 @@ def app_sessions(app):
SQLAlchemyDriver.setup_db = lambda _: None
app.db = SQLAlchemyDriver(config["DB"])

session = flask_scoped_session(app.db.Session, app) # noqa
# app.db.Session is from SQLAlchemyDriver and uses
# SQLAlchemy's sessionmaker. Using scoped_session here ensures
# a thread-local db session is created. Effectively the below is expanded to:
# app.scoped_session = scoped_session(
# sessionmaker(
# bind=sqlalchemy.create_engine(config["DB"]),
# expire_on_commit=False,
# )
# )
#
# From the sqlalchemy docs: "The scoped_session object by default uses
# [Python's threading.local() construct] as
# storage, so that a single Session is maintained for all who call upon the
# scoped_session registry, but only within the scope of a single thread.
# Callers who call upon the registry in a different thread get a Session
# instance that is local to that other thread."
app.scoped_session = scoped_session(app.db.Session)

app.session_interface = UserSessionInterface()


Expand Down Expand Up @@ -509,28 +528,15 @@ def _setup_prometheus(app):
multiprocess,
make_wsgi_app,
)
from prometheus_flask_exporter import Counter
from prometheus_flask_exporter.multiprocess import (
UWsgiPrometheusMetrics,
)

app.prometheus_registry = CollectorRegistry()
multiprocess.MultiProcessCollector(app.prometheus_registry)

UWsgiPrometheusMetrics(app)

# Add prometheus wsgi middleware to route /metrics requests
app.wsgi_app = DispatcherMiddleware(
app.wsgi_app, {"/metrics": make_wsgi_app(registry=app.prometheus_registry)}
)

# set up counters
app.prometheus_counters["pre_signed_url_req"] = Counter(
"pre_signed_url_req",
"tracking presigned url requests",
["requested_protocol"],
)


@app.errorhandler(Exception)
def handle_error(error):
Expand Down Expand Up @@ -569,3 +575,12 @@ def check_csrf():
logger.debug("HTTP REFERER " + str(referer))
except Exception as e:
raise UserError("CSRF verification failed: {}. Request aborted".format(e))


@app.teardown_appcontext
def remove_scoped_session(*args, **kwargs):
if hasattr(app, "scoped_session"):
try:
app.scoped_session.remove()
except Exception as exc:
logger.warning(f"could not remove app.scoped_session. Error: {exc}")
34 changes: 21 additions & 13 deletions fence/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import flask
from flask_sqlalchemy_session import current_session
from flask import current_app
from datetime import datetime
from functools import wraps
import urllib.request, urllib.parse, urllib.error
Expand Down Expand Up @@ -95,7 +95,7 @@ def set_flask_session_values(user):
flask.g.scopes = ["_all"]
flask.g.token = None

user = query_for_user(session=current_session, username=username)
user = query_for_user(session=current_app.scoped_session(), username=username)
if user:
_update_users_email(user, email)
_update_users_id_from_idp(user, id_from_idp)
Expand All @@ -120,16 +120,17 @@ def set_flask_session_values(user):

# setup idp connection for new user (or existing user w/o it setup)
idp = (
current_session.query(IdentityProvider)
current_app.scoped_session()
.query(IdentityProvider)
.filter(IdentityProvider.name == provider)
.first()
)
if not idp:
idp = IdentityProvider(name=provider)

user.identity_provider = idp
current_session.add(user)
current_session.commit()
current_app.scoped_session().add(user)
current_app.scoped_session().commit()

set_flask_session_values(user)

Expand Down Expand Up @@ -238,7 +239,9 @@ def has_oauth(scope=None):
raise Unauthorized("failed to validate token: {}".format(e))
if "sub" in access_token_claims:
user_id = access_token_claims["sub"]
user = current_session.query(User).filter_by(id=int(user_id)).first()
user = (
current_app.scoped_session().query(User).filter_by(id=int(user_id)).first()
)
if not user:
raise Unauthorized("no user found with id: {}".format(user_id))
# set some application context for current user
Expand All @@ -250,7 +253,12 @@ def has_oauth(scope=None):


def get_user_from_claims(claims):
return current_session.query(User).filter(User.id == claims["sub"]).first()
return (
current_app.scoped_session()
.query(User)
.filter(User.id == claims["sub"])
.first()
)


def admin_required(f):
Expand Down Expand Up @@ -284,8 +292,8 @@ def _update_users_email(user, email):
)
user.email = email

current_session.add(user)
current_session.commit()
current_app.scoped_session().add(user)
current_app.scoped_session().commit()


def _update_users_id_from_idp(user, id_from_idp):
Expand All @@ -298,8 +306,8 @@ def _update_users_id_from_idp(user, id_from_idp):
)
user.id_from_idp = id_from_idp

current_session.add(user)
current_session.commit()
current_app.scoped_session().add(user)
current_app.scoped_session().commit()


def _update_users_last_auth(user):
Expand All @@ -309,5 +317,5 @@ def _update_users_last_auth(user):
logger.info(f"Updating username {user.username}'s _last_auth.")
user._last_auth = datetime.now()

current_session.add(user)
current_session.commit()
current_app.scoped_session().add(user)
current_app.scoped_session().commit()
Loading