Skip to content

Commit

Permalink
Use server-side session storage
Browse files Browse the repository at this point in the history 
Avoids storing large cookies/tokens on client-side.
  • Loading branch information
@hluk
hluk committed Jan 6, 2023
1 parent bc61205 commit afe0e4d
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 3 deletions.
30 changes: 29 additions & 1 deletion poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ Flask-Pydantic = "^0.11.0"
email-validator = "^1.3.0"
python-ldap = "^3.4.3"
Flask-pyoidc = "^3.11.0"
Flask-Session = "^0.4.0"

[tool.poetry.extras]
test = [
Expand Down
4 changes: 4 additions & 0 deletions resultsdb/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
ProviderMetadata,
)
from flask_pyoidc.user_session import UserSession
from flask_session import Session

from resultsdb.proxy import ReverseProxied
from resultsdb.controllers.main import main
Expand Down Expand Up @@ -103,6 +104,9 @@ def create_app(config_obj=None):

db.init_app(app)

app.config["SESSION_SQLALCHEMY"] = db
app.server_session = Session(app)

register_handlers(app)

if app.config["AUTH_MODULE"] == "oidc":
Expand Down
6 changes: 6 additions & 0 deletions resultsdb/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,12 @@ class Config(object):
OIDC_SESSION_PERMANENT = False
PERMANENT_SESSION_LIFETIME = 300

SESSION_TYPE = "sqlalchemy"
SESSION_PERMANENT = True
SESSION_USE_SIGNER = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_SAMESITE = "Lax"

FEDMENU_URL = "https://apps.fedoraproject.org/fedmenu"
FEDMENU_DATA_URL = "https://apps.fedoraproject.org/js/data.js"

Expand Down
6 changes: 4 additions & 2 deletions testing/functest_api_v20.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import os
import copy
from unittest import TestCase
from unittest.mock import patch

from flask import current_app as app

Expand Down Expand Up @@ -1178,8 +1179,9 @@ def test_healthcheck_success(self):
assert data.get("message") == "Health check OK"

def test_healthcheck_fail(self):
db.drop_all()
r = self.app.get("/api/v2.0/healthcheck")
with patch("resultsdb.controllers.api_v2.db") as db:
db.session.execute.side_effect = RuntimeError("Testing DB outage")
r = self.app.get("/api/v2.0/healthcheck")
assert r.status_code == 503

data = json.loads(r.data)
Expand Down

0 comments on commit afe0e4d

Please sign in to comment.