From 3e5d2aea484b0ff72c0310129e98ec85e32523e2 Mon Sep 17 00:00:00 2001 From: Colton Leekley-Winslow Date: Sat, 3 Sep 2016 11:02:06 -0500 Subject: [PATCH] Remove insecure mode --- api/api.py | 1 + api/base.py | 5 --- api/config.py | 3 +- api/debuginfo.py | 55 ------------------------------ api/handlers/collectionshandler.py | 17 --------- api/handlers/containerhandler.py | 7 ---- api/handlers/grouphandler.py | 3 -- api/root.py | 13 +------ 8 files changed, 3 insertions(+), 101 deletions(-) delete mode 100644 api/debuginfo.py diff --git a/api/api.py b/api/api.py index 72850246c..84b5d858a 100644 --- a/api/api.py +++ b/api/api.py @@ -1,6 +1,7 @@ import json import sys import traceback + import webapp2 import webapp2_extras.routes diff --git a/api/base.py b/api/base.py index 95a12e1fc..32471fdb5 100644 --- a/api/base.py +++ b/api/base.py @@ -23,7 +23,6 @@ class RequestHandler(webapp2.RequestHandler): def __init__(self, request=None, response=None): # pylint: disable=super-init-not-called self.initialize(request, response) - self.debug = config.get_item('core', 'insecure') # set uid, source_site, public_request, and superuser self.uid = None @@ -53,10 +52,6 @@ def __init__(self, request=None, response=None): # pylint: disable=super-init-no # User (oAuth) authentication self.uid = self.authenticate_user(access_token) - # 'Debug' (insecure) setting: allow request to act as requested user - elif self.debug and self.get_param('user'): - self.uid = self.get_param('user') - # Drone shared secret authentication elif drone_secret is not None: if drone_method is None or drone_name is None: diff --git a/api/config.py b/api/config.py index c001a10f8..303cd03ea 100644 --- a/api/config.py +++ b/api/config.py @@ -23,9 +23,8 @@ # NOTE: Keep in sync with environment variables in sample.config file. DEFAULT_CONFIG = { 'core': { - 'log_level': 'info', 'debug': False, - 'insecure': False, + 'log_level': 'info', 'newrelic': None, 'drone_secret': None, }, diff --git a/api/debuginfo.py b/api/debuginfo.py deleted file mode 100644 index f2f616c01..000000000 --- a/api/debuginfo.py +++ /dev/null @@ -1,55 +0,0 @@ -from . import config - -log = config.log - -child_containers = { - 'projects': 'sessions', - 'sessions': 'acquisitions', - 'groups': 'projects' -} - -def add_debuginfo(handler, cont_name, response): - if type(response) == list: - _add_di_list(handler, cont_name, response) - else: - _add_di(handler, cont_name, response) - -def _add_di_list(handler, cont_name, response): - for elem in response: - _add_di(handler, cont_name, elem) - if cont_name == 'groups': - elem['debug']['details'] = handler.uri_for( - 'group_details' if cont_name == 'groups' else 'cont_details', - _id=elem['_id'], - _full=True) + '?' + handler.request.query_string - else: - elem['debug']['details'] = handler.uri_for( - 'cont_details', - cont_name=cont_name, - cid=elem['_id'], - _full=True) + '?' + handler.request.query_string - - -def _add_di(handler, cont_name, response): - response['debug'] = {} - if child_containers.get(cont_name): - child_cont_name = child_containers[cont_name] - - response['debug'][child_cont_name] = handler.uri_for( - 'cont_sublist_groups' if cont_name == 'groups' else 'cont_sublist', - par_cont_name=cont_name, - par_id=response['_id'], - cont_name=child_cont_name, - _full=True) + '?' + handler.request.query_string - if response.get('project'): - response['debug']['project'] = handler.uri_for( - 'cont_details', - cont_name='projects', - cid=response['project'], - _full=True) + '?' + handler.request.query_string - if response.get('group'): - response['debug']['group'] = handler.uri_for( - 'group_details', - _id=response['group'], - _full=True) + '?' + handler.request.query_string - diff --git a/api/handlers/collectionshandler.py b/api/handlers/collectionshandler.py index 03a5aa02b..c814609bf 100644 --- a/api/handlers/collectionshandler.py +++ b/api/handlers/collectionshandler.py @@ -114,13 +114,6 @@ def get_all(self): self._filter_all_permissions(results, self.uid, self.user_site) if self.is_true('counts'): self._add_results_counts(results) - if self.debug: - for coll in results: - coll['debug'] = {} - cid = str(coll['_id']) - coll['debug']['details'] = self.uri_for('coll_details', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '') - coll['debug']['acquisitions'] = self.uri_for('coll_acq', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '') - coll['debug']['sessions'] = self.uri_for('coll_ses', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '') return results def _add_results_counts(self, results): @@ -159,11 +152,6 @@ def get_sessions(self, cid): self._add_session_measurements(sessions) for sess in sessions: sess = self.handle_origin(sess) - if self.debug: - sess['debug'] = {} - sid = str(sess['_id']) - sess['debug']['details'] = self.uri_for('cont_details', cont_name='sessions', cid=sid, _full=True) + '?user=' + self.get_param('user', '') - sess['debug']['acquisitions'] = self.uri_for('coll_acq', cont_name='collections', cid=cid, _full=True) + '?session=%s&user=%s' % (sid, self.get_param('user', '')) return sessions def get_acquisitions(self, cid): @@ -184,11 +172,6 @@ def get_acquisitions(self, cid): self._filter_all_permissions(acquisitions, self.uid, self.user_site) for acq in acquisitions: acq.setdefault('timestamp', datetime.datetime.utcnow()) - if self.debug: - for acq in acquisitions: - acq['debug'] = {} - aid = str(acq['_id']) - acq['debug']['details'] = self.uri_for('cont_details', cont_name='acquisitions', cid=aid, _full=True) + '?user=' + self.get_param('user', '') for acquisition in acquisitions: acquisition = self.handle_origin(acquisition) return acquisitions diff --git a/api/handlers/containerhandler.py b/api/handlers/containerhandler.py index 346eb9aa0..2ea4c7111 100644 --- a/api/handlers/containerhandler.py +++ b/api/handlers/containerhandler.py @@ -5,7 +5,6 @@ from .. import base from .. import util from .. import config -from .. import debuginfo from .. import validators from ..auth import containerauth, always_ok from ..dao import APIStorageException, containerstorage, containerutil, noop, hierarchy @@ -104,8 +103,6 @@ def get(self, cont_name, **kwargs): if self.is_true('paths'): for fileinfo in result['files']: fileinfo['path'] = util.path_from_hash(fileinfo['hash']) - if self.debug: - debuginfo.add_debuginfo(self, cont_name, result) if cont_name == 'sessions': result = self.handle_analyses(result) @@ -299,8 +296,6 @@ def get_all(self, cont_name, par_cont_name=None, par_id=None): # and add a list of the measurements in the child acquisitions if cont_name == 'sessions' and self.is_true('measurements'): self._add_session_measurements(results) - if self.debug: - debuginfo.add_debuginfo(self, cont_name, results) for result in results: result = self.handle_origin(result) @@ -359,8 +354,6 @@ def get_all_for_user(self, cont_name, uid): if results is None: self.abort(404, 'Element not found in container {} {}'.format(self.storage.cont_name, uid)) self._filter_all_permissions(results, uid, user['site']) - if self.debug: - debuginfo.add_debuginfo(self, cont_name, results) return results def post(self, cont_name): diff --git a/api/handlers/grouphandler.py b/api/handlers/grouphandler.py index 07f568936..d997cef83 100644 --- a/api/handlers/grouphandler.py +++ b/api/handlers/grouphandler.py @@ -3,7 +3,6 @@ from .. import base from .. import util from .. import config -from .. import debuginfo from .. import validators from ..auth import groupauth from ..dao import containerstorage @@ -49,8 +48,6 @@ def get_all(self, uid=None): self.abort(404, 'Not found') if not self.superuser_request: self._filter_roles(results, self.uid, self.user_site) - if self.debug: - debuginfo.add_debuginfo(self, 'groups', results) return results def put(self, _id): diff --git a/api/root.py b/api/root.py index 65f13818b..428917c8d 100644 --- a/api/root.py +++ b/api/root.py @@ -142,12 +142,7 @@ def get(self): [(/schema/group)] | group schema [(/schema/user)] | user schema """ - - if self.debug and self.uid: - resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1?user=%s&root=%r)' % (self.uid, self.superuser_request), resources) - resources = re.sub(r'(\(.*)\*\*(.*\))', r'\1%s\2' % self.uid, resources) - else: - resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1)', resources) + resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1)', resources) resources = resources.replace('<', '<').replace('>', '>').strip() self.response.headers['Content-Type'] = 'text/html; charset=utf-8' @@ -168,12 +163,6 @@ def get(self): self.response.write('\n') self.response.write('\n') self.response.write('\n') - if self.debug and not self.get_param('user'): - self.response.write('
\n') - self.response.write('Username: \n') - self.response.write('Root: \n') - self.response.write('\n') - self.response.write('
\n') self.response.write(markdown.markdown(resources, ['extra'])) self.response.write('\n') self.response.write('\n')