-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix VCF download feature #818
Conversation
is there a test you could add that would have caught this mistake? |
yeah, it should do be doable using one of the test files we have. Let me add that and update the PR. |
Adding a download test was much harder than I expected (due to some magic happening with authentication), but this is done now. On the bright side: we now have support for basic authentication for all pages within Cycledash. |
|
||
def load_user_from_request(request): | ||
"""Support for basic authorization.""" | ||
# first, try to login using the api_key url arg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mind dropping support for this? It's not the most secure (namely because URLs are stored in logs), and I'm not sure it buys us anything?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a strong opinion, though, and if we need it in the future for some reason, then just go for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ihodes: without this one, my requests within helpers.ResourceTest
were not being authorized and being forwarded to the login
page automatically. I realized that all the api
pages work fine with ResourceTest
's get
and post
requests, but none of our pages with @login_required
decorator.
I implemented this out of my ignorance about a better way; happy to hear your thoughts on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah I just meant the url param version of this; keeping the BasicAuth version is 👍
Also, I'm confused a bit: I don't see an api_key urlparam in the download URL--how are you passing authorization though?
Looks great! One minor comment. |
|
||
def test_download(self): | ||
# match the URL with the default download button href | ||
downUrl = ("/runs/" + str(self.run['id']) + "/download?query=" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be clearer if you write the query-string as JSON and then URL encode it in code--must easier to edit that way, too.
Looks good! |
Thanks! |
See #738 for more context.
When clicked on the download, we were getting this error logged:
which was stemming from a simple coding mistake.