-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication and Authorisation #227
Conversation
2c4077f
to
f06bcca
Compare
After logging in via Gitlab and trying to view the Run/Results pages, the request fails and I see the following in the backend logs: File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/connexion/decorators/parameter.py", line 115, in wrapper
return function(**kwargs)
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/ibutsu_server/util/query.py", line 41, in query
return function(**kwargs)
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/ibutsu_server/controllers/run_controller.py", line 67, in get_run_list
query = add_user_filter(query, user, Run.project)
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/ibutsu_server/util/projects.py", line 40, in add_user_filter
query = query.filter(or_(project in user.projects, project.owner == user))
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/orm/attributes.py", line 238, in __getattr__
util.raise_(
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
raise exception
AttributeError: Neither 'InstrumentedAttribute' object nor 'Comparator' object associated with Run.project has an attribute 'owner' |
f06bcca
to
16c4224
Compare
I know this error. Let me see if I can figure out the problem. |
16c4224
to
40b7024
Compare
K, I think I fixed this. |
40b7024
to
7a41236
Compare
OK taking another look at this.
so the login works (200 at /login/auth/gitlab) but then the subsequent requests all 401. Perhaps the token isn't being created? I see the
|
7a41236
to
5ca21af
Compare
@john-dupuy I've updated the code, and fixed the issues. |
From the previous comment
Also I'm still seeing the issue mentioned in a previous comment:
I think this is coming from the |
In creating a project, I came across a potential authorization issue:
Also, after creating a project and selecting it via the dropdown, I got the following FE exception:
|
I changed that line of code completely, are you seeing the same line still? I cannot reproduce it.
I cannot reproduce this error either. |
This might be related to the 401 issues you were having earlier. I'm not seeing this. |
16671f3
to
242bfaf
Compare
OK, I've fixed the tests, fixed the linting, and I think I've addressed all your issues (including the potential elevated privilege bug). |
Testing in a clean database, I'm not seeing any of the previous issues I mentioned. I noticed now that the I will test with an "unclean" database on Monday. |
I manually added my user to an existing project and a new project by performing an I then installed ibutsu/ibutsu-client-python#19 and ibutsu/pytest-ibutsu#26 locally to try to push up some data with the pytest-plugin. I tried:
I think this is fine, but it'd be nice if the pytest-plugin printed out a more helpful message.
Again, I think this is ok, but it may be helpful to have a note about the token.
However, when I tried to view the run on the run details page, I see the following exception in the BE and the FE crashes:
I'm pretty sure this is the same error we were hitting earlier - passing that query = add_user_filter(query, user, Result.project) EDIT: yup that was it, making the change to query = add_user_filter(query, user) Fixed the issue. |
Another issue I noticed is that the pagination on the "Results" tab of the run details page looks like it is an estimate. EDIT: I actually don't think estimation is the issue -
But the backend is returning 74 as the count. I'll do a bit more investigation. Printed query: print(query)
SELECT results.id AS results_id, results.component AS results_component, results.data AS results_data, results.duration AS results_duration, results.env AS results_env, results.params AS results_params, results.project_id AS results_project_id, results.result AS results_result, results.run_id AS results_run_id, results.source AS results_source, results.start_time AS results_start_time, results.test_id AS results_test_id
FROM results, projects
WHERE ((EXISTS (SELECT 1
FROM users_projects, users
WHERE projects.id = users_projects.project_id AND users.id = users_projects.user_id AND users.id = %(id_1)s)) OR %(param_1)s = projects.owner_id) AND results.run_id = %(run_id_1)s I think it might be the |
The query looks OK -- by my logic, anyway. I'm going to poke around a bit more and see if I can figure out what's going wrong. |
a8e66da
to
bfecb33
Compare
- Add a login page - Add a login controller - Use JWT authentication - Make HttpClient service object that transparently auths requests - Add OAuth2 login to Ibutsu - Add tests for the login controller - Add Keycloak integration - Add authorisation, users can only see resources for projects they are part of - Use the 'from_file' method if it exists - Add support for running the dev servers under TLS - Add signup, reset password pages - Add creating and deleting tokens - Update the db updates
bfecb33
to
589e5b8
Compare
Giving this another look, I noticed the following:
However, I am ok with fixing this and the other 403 issue I mentioned in a followup. If you want to merge these before your break. |
Why is the close button so close to the comment button?? 😆 |
Yes, let's address them in a follow-up. |
Add authentication and authorisation to Ibutsu