Authentication and Authorisation #227
Conversation
rsnyman
force-pushed
the
registration-page
branch
4 times, most recently
from
2c4077f
to
f06bcca
Compare
|
When trying to sign up for a new account and clicking the "Register" button, I get: In the backend logs I see: |
|
After logging in via Gitlab and trying to view the Run/Results pages, the request fails and I see the following in the backend logs: File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/connexion/decorators/parameter.py", line 115, in wrapper
return function(**kwargs)
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/ibutsu_server/util/query.py", line 41, in query
return function(**kwargs)
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/ibutsu_server/controllers/run_controller.py", line 67, in get_run_list
query = add_user_filter(query, user, Run.project)
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/ibutsu_server/util/projects.py", line 40, in add_user_filter
query = query.filter(or_(project in user.projects, project.owner == user))
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/orm/attributes.py", line 238, in __getattr__
util.raise_(
File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
raise exception
AttributeError: Neither 'InstrumentedAttribute' object nor 'Comparator' object associated with Run.project has an attribute 'owner' |
rsnyman
force-pushed
the
registration-page
branch
from
f06bcca
to
16c4224
Compare
I know this error. Let me see if I can figure out the problem. |
rsnyman
force-pushed
the
registration-page
branch
from
16c4224
to
40b7024
Compare
K, I think I fixed this. |
rsnyman
force-pushed
the
registration-page
branch
from
40b7024
to
7a41236
Compare
|
OK taking another look at this.
so the login works (200 at /login/auth/gitlab) but then the subsequent requests all 401. Perhaps the token isn't being created? I see the
|
rsnyman
force-pushed
the
registration-page
branch
from
7a41236
to
5ca21af
Compare
|
@john-dupuy I've updated the code, and fixed the issues. |
|
From the previous comment
Also I'm still seeing the issue mentioned in a previous comment:
I think this is coming from the |
|
In creating a project, I came across a potential authorization issue:
Also, after creating a project and selecting it via the dropdown, I got the following FE exception: |
I changed that line of code completely, are you seeing the same line still? I cannot reproduce it.
I cannot reproduce this error either. |
This might be related to the 401 issues you were having earlier. I'm not seeing this. |
rsnyman
force-pushed
the
registration-page
branch
4 times, most recently
from
16671f3
to
242bfaf
Compare
|
OK, I've fixed the tests, fixed the linting, and I think I've addressed all your issues (including the potential elevated privilege bug). |
|
Testing in a clean database, I'm not seeing any of the previous issues I mentioned. I noticed now that the I will test with an "unclean" database on Monday. |
|
I manually added my user to an existing project and a new project by performing an I then installed ibutsu/ibutsu-client-python#19 and ibutsu/pytest-ibutsu#26 locally to try to push up some data with the pytest-plugin. I tried:
I think this is fine, but it'd be nice if the pytest-plugin printed out a more helpful message.
Again, I think this is ok, but it may be helpful to have a note about the token.
However, when I tried to view the run on the run details page, I see the following exception in the BE and the FE crashes: I'm pretty sure this is the same error we were hitting earlier - passing that query = add_user_filter(query, user, Result.project)EDIT: yup that was it, making the change to query = add_user_filter(query, user)Fixed the issue. |
|
Another issue I noticed is that the pagination on the "Results" tab of the run details page looks like it is an estimate. EDIT: I actually don't think estimation is the issue - But the backend is returning 74 as the count. I'll do a bit more investigation. Printed query: print(query)
SELECT results.id AS results_id, results.component AS results_component, results.data AS results_data, results.duration AS results_duration, results.env AS results_env, results.params AS results_params, results.project_id AS results_project_id, results.result AS results_result, results.run_id AS results_run_id, results.source AS results_source, results.start_time AS results_start_time, results.test_id AS results_test_id
FROM results, projects
WHERE ((EXISTS (SELECT 1
FROM users_projects, users
WHERE projects.id = users_projects.project_id AND users.id = users_projects.user_id AND users.id = %(id_1)s)) OR %(param_1)s = projects.owner_id) AND results.run_id = %(run_id_1)sI think it might be the |
The query looks OK -- by my logic, anyway. I'm going to poke around a bit more and see if I can figure out what's going wrong. |
rsnyman
force-pushed
the
registration-page
branch
from
a8e66da
to
bfecb33
Compare
- Add a login page - Add a login controller - Use JWT authentication - Make HttpClient service object that transparently auths requests - Add OAuth2 login to Ibutsu - Add tests for the login controller - Add Keycloak integration - Add authorisation, users can only see resources for projects they are part of - Use the 'from_file' method if it exists - Add support for running the dev servers under TLS - Add signup, reset password pages - Add creating and deleting tokens - Update the db updates
rsnyman
force-pushed
the
registration-page
branch
from
bfecb33
to
589e5b8
Compare
|
Giving this another look, I noticed the following:
However, I am ok with fixing this and the other 403 issue I mentioned in a followup. If you want to merge these before your break. |
|
Why is the close button so close to the comment button?? 😆 |
|
Yes, let's address them in a follow-up. |
Add authentication and authorisation to Ibutsu