Remove insecure mode

scitran · Sep 7, 2016 · 2fb5d5a · 2fb5d5a
1 parent 7727e13
commit 2fb5d5a
Show file tree

Hide file tree

Showing 8 changed files with 2 additions and 106 deletions.
diff --git a/api/api.py b/api/api.py
@@ -1,6 +1,5 @@
 import json
 import sys
-import traceback
 import webapp2
 import webapp2_extras.routes
 
@@ -198,10 +197,7 @@ def dispatcher(router, request, response):
     except webapp2.HTTPException as e:
         util.send_json_http_exception(response, str(e), e.code)
     except Exception as e: # pylint: disable=broad-except
-        if config.get_item('core', 'debug'):
-            message = traceback.format_exc()
-        else:
-            message = 'Internal Server Error'
+        message = 'Internal Server Error'
         util.send_json_http_exception(response, message, 500)
 
 def app_factory(*_, **__):

diff --git a/api/base.py b/api/base.py
@@ -23,7 +23,6 @@ class RequestHandler(webapp2.RequestHandler):
 
     def __init__(self, request=None, response=None): # pylint: disable=super-init-not-called
         self.initialize(request, response)
-        self.debug = config.get_item('core', 'insecure')
 
         # set uid, source_site, public_request, and superuser
         self.uid = None
@@ -53,10 +52,6 @@ def __init__(self, request=None, response=None): # pylint: disable=super-init-no
                 # User (oAuth) authentication
                 self.uid = self.authenticate_user(access_token)
 
-        # 'Debug' (insecure) setting: allow request to act as requested user
-        elif self.debug and self.get_param('user'):
-            self.uid = self.get_param('user')
-
         # Drone shared secret authentication
         elif drone_secret is not None:
             if drone_method is None or drone_name is None:

diff --git a/api/config.py b/api/config.py
@@ -24,8 +24,6 @@
 DEFAULT_CONFIG = {
     'core': {
         'log_level': 'info',
-        'debug': False,
-        'insecure': False,
         'newrelic': None,
         'drone_secret': None,
     },

diff --git a/api/debuginfo.py b/api/debuginfo.py
diff --git a/api/handlers/collectionshandler.py b/api/handlers/collectionshandler.py
@@ -114,13 +114,6 @@ def get_all(self):
         self._filter_all_permissions(results, self.uid, self.user_site)
         if self.is_true('counts'):
             self._add_results_counts(results)
-        if self.debug:
-            for coll in results:
-                coll['debug'] = {}
-                cid = str(coll['_id'])
-                coll['debug']['details'] =  self.uri_for('coll_details', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '')
-                coll['debug']['acquisitions'] = self.uri_for('coll_acq', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '')
-                coll['debug']['sessions'] =     self.uri_for('coll_ses', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '')
         return results
 
     def _add_results_counts(self, results):
@@ -159,11 +152,6 @@ def get_sessions(self, cid):
             self._add_session_measurements(sessions)
         for sess in sessions:
             sess = self.handle_origin(sess)
-            if self.debug:
-                sess['debug'] = {}
-                sid = str(sess['_id'])
-                sess['debug']['details'] = self.uri_for('cont_details', cont_name='sessions', cid=sid, _full=True) + '?user=' + self.get_param('user', '')
-                sess['debug']['acquisitions'] = self.uri_for('coll_acq', cont_name='collections', cid=cid, _full=True) + '?session=%s&user=%s' % (sid, self.get_param('user', ''))
         return sessions
 
     def get_acquisitions(self, cid):
@@ -184,11 +172,6 @@ def get_acquisitions(self, cid):
         self._filter_all_permissions(acquisitions, self.uid, self.user_site)
         for acq in acquisitions:
             acq.setdefault('timestamp', datetime.datetime.utcnow())
-        if self.debug:
-            for acq in acquisitions:
-                acq['debug'] = {}
-                aid = str(acq['_id'])
-                acq['debug']['details'] = self.uri_for('cont_details', cont_name='acquisitions', cid=aid, _full=True) + '?user=' + self.get_param('user', '')
         for acquisition in acquisitions:
             acquisition = self.handle_origin(acquisition)
         return acquisitions
diff --git a/api/handlers/containerhandler.py b/api/handlers/containerhandler.py
@@ -5,7 +5,6 @@
 from .. import base
 from .. import util
 from .. import config
-from .. import debuginfo
 from .. import validators
 from ..auth import containerauth, always_ok
 from ..dao import APIStorageException, containerstorage, containerutil, noop, hierarchy
@@ -104,8 +103,6 @@ def get(self, cont_name, **kwargs):
         if self.is_true('paths'):
             for fileinfo in result['files']:
                 fileinfo['path'] = util.path_from_hash(fileinfo['hash'])
-        if self.debug:
-            debuginfo.add_debuginfo(self, cont_name, result)
 
         if cont_name == 'sessions':
             result = self.handle_analyses(result)
@@ -299,8 +296,6 @@ def get_all(self, cont_name, par_cont_name=None, par_id=None):
         # and add a list of the measurements in the child acquisitions
         if cont_name == 'sessions' and self.is_true('measurements'):
             self._add_session_measurements(results)
-        if self.debug:
-            debuginfo.add_debuginfo(self, cont_name, results)
 
         for result in results:
             result = self.handle_origin(result)
@@ -359,8 +354,6 @@ def get_all_for_user(self, cont_name, uid):
         if results is None:
             self.abort(404, 'Element not found in container {} {}'.format(self.storage.cont_name, uid))
         self._filter_all_permissions(results, uid, user['site'])
-        if self.debug:
-            debuginfo.add_debuginfo(self, cont_name, results)
         return results
 
     def post(self, cont_name):

diff --git a/api/handlers/grouphandler.py b/api/handlers/grouphandler.py
@@ -3,7 +3,6 @@
 from .. import base
 from .. import util
 from .. import config
-from .. import debuginfo
 from .. import validators
 from ..auth import groupauth
 from ..dao import containerstorage
@@ -49,8 +48,6 @@ def get_all(self, uid=None):
             self.abort(404, 'Not found')
         if not self.superuser_request:
             self._filter_roles(results, self.uid, self.user_site)
-        if self.debug:
-            debuginfo.add_debuginfo(self, 'groups', results)
         return results
 
     def put(self, _id):

diff --git a/api/root.py b/api/root.py
@@ -142,12 +142,7 @@ def get(self):
             [(/schema/group)]                   | group schema
             [(/schema/user)]                    | user schema
             """
-
-        if self.debug and self.uid:
-            resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1?user=%s&root=%r)' % (self.uid, self.superuser_request), resources)
-            resources = re.sub(r'(\(.*)\*<uid>\*(.*\))', r'\1%s\2' % self.uid, resources)
-        else:
-            resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1)', resources)
+        resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1)', resources)
         resources = resources.replace('<', '&lt;').replace('>', '&gt;').strip()
 
         self.response.headers['Content-Type'] = 'text/html; charset=utf-8'
@@ -168,12 +163,6 @@ def get(self):
         self.response.write('</style>\n')
         self.response.write('</head>\n')
         self.response.write('<body style="min-width:900px">\n')
-        if self.debug and not self.get_param('user'):
-            self.response.write('<form name="username" action="" method="get">\n')
-            self.response.write('Username: <input type="text" name="user">\n')
-            self.response.write('Root: <input type="checkbox" name="root" value="1">\n')
-            self.response.write('<input type="submit" value="Generate Custom Links">\n')
-            self.response.write('</form>\n')
         self.response.write(markdown.markdown(resources, ['extra']))
         self.response.write('</body>\n')
         self.response.write('</html>\n')