copr / copr

Clone

#2304 copr: don't mismatch sessions with tokens
Merged a year ago by praiskup. Opened 2 years ago by praiskup.
Unknown source upload-fix  into  main

file modified
-4 
@@ -13,11 +13,7 @@
 

          """
 

          config = mock.MagicMock()
 

          auth = ApiToken(config)
 

-         assert not auth.auth
 

-         assert not auth.username
 

- 

          # Make sure all auth values are loaded from the config
 

-         auth.make_expensive()
 

          assert auth.auth
 

          assert auth.username

file modified
+1 -1 
@@ -14,7 +14,7 @@
 

      from urlparse import urlparse
 

  

  

- class BaseAuth:
 

+ class BaseAuth(object):
 

      """
 

      Base authentication class
 

      There is a more standard way of implementing custom authentication classes,

file modified
+19 -2 
@@ -7,8 +7,25 @@
 

  

  class ApiToken(BaseAuth):
 

      """
 

-     The standard authentication via `(login, token)` from `~/.config/copr`
 

+     The standard authentication via `(login, token)` from `~/.config/copr`.
 

      """
 

-     def make_expensive(self):
 

+ 

+     def __init__(self, *args, **kwargs):
 

+         super(ApiToken, self).__init__(*args, **kwargs)
 

+         # No need to lazy-login
 

+         self.make()
 

+ 

+     def make(self, reauth=False):
 

+         """
 

+         Override the higher abstraction method BaseAuth.make() because we don't
 

+         need the complicated logic with API tokens at all (working with caches
 

+         or sessions, etc.).  We also don't use make_expensive() at all.
 

+         """
 

          self.auth = self.config["login"], self.config["token"]
 

          self.username = self.config.get("username")
 

+ 

+     def make_expensive(self):
 

+         """
 

+         This is never called.  We have overridden the parent's make() method.
 

+         """
 

+         raise RuntimeError("ApiToken.make_expensive() should never be called")

There's no need to play with session/cookies when using Api token.
It actually caused a mismatch after switching from Kerberos auth to
Token auth for me (leading to 408 Timeout).

Fixes: #2303

Build succeeded.

if you have a minute, please consider the approach @frostyx, I'll can certainly "clean" this approach if acceptable

Metadata Update from @praiskup:
- Pull-request tagged with: wip
2 years ago

I am failing to reproduce the issue and I am genuinely curious how it happens that we one ends up with #2303. The BaseAuth.make and Request code relating reauth looks good to me. I have a guess though - FileRequest overrides _request_params method and unlike the base method, it doesn't call self._update_auth_params(params, auth), that could be the culprit.

Hmm, I don't think so. The FileRequest._request_params() calls the super()._request_params() which should trigger Base._request_params().
But this is hard to follow I must say.

rebased onto 7b330fa335dd8d49cfa63da7054b9b5543ef6a7a
2 years ago

Metadata Update from @praiskup:
- Pull-request untagged with: wip
2 years ago

Please take a look (commit message). There's still some API/server issue that needs further debugging (but I'd prefer a separate PR).

Build succeeded.

rebased onto ebf65b57e1ff9095583dfb7d86110fc01bd97408
2 years ago

Build succeeded.

rebased onto 45eb2ee53fad353f7f147407a951c6de5893ff43
2 years ago

Build succeeded.

@frostyx wdyt?

The make_expensive method is called only from BaseAuth.make which we are overriding. So we IMHO don't need to override make_expensive here.

Just one comment, otherwise LGTM

This also shows us that the Client stores the "auth" object in multiple
instances, per each proxy.  We should ideally fix this in the future.

I am interested in taking a look at this

I mostly silenced Pylint here (about inheriting, but not overriding the abstract method..). I'll try to find something saner :-)

rebased onto e8a8b16
a year ago

I updated the PR with a better comment and exception type :)

+1

Build succeeded.

Pull-Request has been merged by praiskup
a year ago
Metadata
None
No Tags
Changes Summary 3
+0 -4
file changed
python/copr/test/client_v3/test_auth.py
+1 -1
file changed
python/copr/v3/auth/base.py
+19 -2
file changed
python/copr/v3/auth/token.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.