Skip to content
This repository has been archived by the owner on Jan 7, 2024. It is now read-only.

Adds APIProxy class to use securedrop-proxy #21

Merged
merged 14 commits into from Oct 16, 2018
Merged

Adds APIProxy class to use securedrop-proxy #21

merged 14 commits into from Oct 16, 2018

Conversation

kushaldas
Copy link
Contributor

@kushaldas kushaldas commented Oct 11, 2018
edited

The APIProxy class can now use securedrop-proxy service in the QubesOS. By default sd-journalist is the proxy name, but, we can override it using a configuration file at /etc/sd-sdk.conf file.

[proxy]
name = proxy-debian

How to test?

pipenv run python -m unittest discover -v tests

We also found freedomofpress/securedrop-proxy#131 while working on this.

Fixes freedomofpress/securedrop-proxy#16.

@kushaldas
Initial code for APIProxy
4b18c3c 
We can now use the securedrop-proxy to fetch data from the server.
This has the initial authentication and get_source* methods.
@kushaldas
Adds all methods except download files for APIProxy class
8ee421f 
The methods have same calling signature as in ``API`` class,
thus will help the developers to use the either as required.
@kushaldas
Fixes the typo in proxyapi filename
ed5e468
@kushaldas
Adds a new decorator for testing qrexec service
e3a7bbd 
We now have a decorator dastollervey_datasaver which can help
to mock out qrexec calls to securedrop-proxy service.
This saves the mock input/output into data/ directory.
@kushaldas
Adds tests for the APIProxy class
86a19e8 
Uses dastollervey_datasaver decorator to save the mock data.
@kushaldas
Updates the proxy vmname based on a configuration file
208530a 
The default proxy vmname is sd-journalist. If you want to override
it, add a file at ``/etc/sd-sdk.conf`` with the following details:

[proxy]
name = proxy-debian

The above example updates the proxy vmname to be ``proxy-debian``.
@kushaldas
Adds methods and tests for downloading reply and submission
5e9fabd 
We have two methods to download replies and submissions
@kushaldas
Moves two test helper functions into utils
0598e6b
@kushaldas
Fixes the test run using pipenv
3fc56a8
@kushaldas
Copy link
Contributor Author

Blah, now I should test it on my normal box.

@kushaldas
Copy link
Contributor Author

Tests are failing because of the randomness of the dictionary.

@redshiftzero
Copy link
Contributor

hey I started DRYing up the API and APIProxy classes in 218eaac, check it out and let me know what you think (still a few test failures to resolve, but an approach like this should trim down the added non-test code by 650 lines or so)

@kushaldas
Copy link
Contributor Author

hey I started DRYing up the API and APIProxy classes in 218eaac, check it out and let me know what you think (still a few test failures to resolve, but an approach like this should trim down the added non-test code by 650 lines or so)

This is a good start, I will look at the failing tests today.

@kushaldas
Copy link
Contributor Author

Finally managed to fix rest of the API calls and also the test cases. I have to push new test JSON files for the same. c711bd5 has changes. Please let me know what do you think.

@redshiftzero
Copy link
Contributor

c711bd5 looks great, exactly what i was looking for!

@redshiftzero
Temporary fix to workaround server bug #3877
6170a33 
ETags are being stripped from staging/production servers
due to an Apache misconfiguration.

For now we should not use the ETag until this is addressed
server-side.
redshiftzero
redshiftzero approved these changes Oct 15, 2018
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving - diff looks great, thanks for doing the DRYing up :-)

Manual testing done here: I verified that using the SDK in the sd-svs AppVM in Qubes with the securedrop-proxy service worked without issue - I was able to download submissions from sources 🎉 (note that I did not manually test every API endpoint and am relying on unit tests for that).

@redshiftzero
Copy link
Contributor

Hey @ntoll I just want to check prior to my merging this that you're not using etags for the ticket you're currently working on for the client - they are provided by API.download_submission and API.download_reply (reference). If so, we'll need to snip out that logic and drop in a branch until defect freedomofpress/securedrop#3877 is addressed on the server side (the ETag header is present in the development environment but not in staging/production servers, so you probably have not hit any issues accessing that header).

@ntoll
Copy link
Contributor

ntoll commented Oct 16, 2018

@redshiftzero nope... I'm not (knowingly) using etags, I'm consciously trying to do the simplest possible thing via this API layer. :-) I think you're safe to merge, and I'll certainly yelp if something breaks.

@redshiftzero
Copy link
Contributor

ah great, thanks for confirming @ntoll ! mergin'

@redshiftzero redshiftzero merged commit 71e1681 into master Oct 16, 2018
@redshiftzero redshiftzero deleted the forproxy branch October 16, 2018 16:17
This was referenced Oct 18, 2018
Merged
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kushaldas @redshiftzero @ntoll