Remove insecure mode

api/base.py

@@ -23,7 +23,7 @@ class RequestHandler(webapp2.RequestHandler):
     def __init__(self, request=None, response=None): # pylint: disable=super-init-not-called
         """Set uid, source_site, public_request, and superuser"""
         self.initialize(request, response)
-        self.debug = config.get_item('core', 'insecure')
+
         self.uid = None
         self.source_site = None
 
@@ -51,10 +51,6 @@ def __init__(self, request=None, response=None): # pylint: disable=super-init-no
                 # User (oAuth) authentication
                 self.uid = self.authenticate_user(access_token)
 
-        # 'Debug' (insecure) setting: allow request to act as requested user
-        elif self.debug and self.get_param('user'):
-            self.uid = self.get_param('user')
-
         # Drone shared secret authentication
         elif drone_secret is not None:
             if drone_method is None or drone_name is None:

api/config.py

@@ -23,9 +23,8 @@
 # NOTE: Keep in sync with environment variables in sample.config file.
 DEFAULT_CONFIG = {
     'core': {
-        'log_level': 'info',
         'debug': False,
-        'insecure': False,
+        'log_level': 'info',
         'newrelic': None,
         'drone_secret': None,
     },

api/handlers/collectionshandler.py

@@ -114,13 +114,6 @@ def get_all(self):
         self._filter_all_permissions(results, self.uid, self.user_site)
         if self.is_true('counts'):
             self._add_results_counts(results)
-        if self.debug:
-            for coll in results:
-                coll['debug'] = {}
-                cid = str(coll['_id'])
-                coll['debug']['details'] =  self.uri_for('coll_details', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '')
-                coll['debug']['acquisitions'] = self.uri_for('coll_acq', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '')
-                coll['debug']['sessions'] =     self.uri_for('coll_ses', cont_name='collections', cid=cid, _full=True) + '?user=' + self.get_param('user', '')
         return results
 
     def _add_results_counts(self, results):
@@ -159,11 +152,6 @@ def get_sessions(self, cid):
             self._add_session_measurements(sessions)
         for sess in sessions:
             sess = self.handle_origin(sess)
-            if self.debug:
-                sess['debug'] = {}
-                sid = str(sess['_id'])
-                sess['debug']['details'] = self.uri_for('cont_details', cont_name='sessions', cid=sid, _full=True) + '?user=' + self.get_param('user', '')
-                sess['debug']['acquisitions'] = self.uri_for('coll_acq', cont_name='collections', cid=cid, _full=True) + '?session=%s&user=%s' % (sid, self.get_param('user', ''))
         return sessions
 
     def get_acquisitions(self, cid):
@@ -184,11 +172,6 @@ def get_acquisitions(self, cid):
         self._filter_all_permissions(acquisitions, self.uid, self.user_site)
         for acq in acquisitions:
             acq.setdefault('timestamp', datetime.datetime.utcnow())
-        if self.debug:
-            for acq in acquisitions:
-                acq['debug'] = {}
-                aid = str(acq['_id'])
-                acq['debug']['details'] = self.uri_for('cont_details', cont_name='acquisitions', cid=aid, _full=True) + '?user=' + self.get_param('user', '')
         for acquisition in acquisitions:
             acquisition = self.handle_origin(acquisition)
         return acquisitions

api/handlers/containerhandler.py

@@ -5,7 +5,6 @@
 from .. import base
 from .. import util
 from .. import config
-from .. import debuginfo
 from .. import validators
 from ..auth import containerauth, always_ok
 from ..dao import APIStorageException, containerstorage, containerutil, noop, hierarchy
@@ -104,8 +103,6 @@ def get(self, cont_name, **kwargs):
         if self.is_true('paths'):
             for fileinfo in result['files']:
                 fileinfo['path'] = util.path_from_hash(fileinfo['hash'])
-        if self.debug:
-            debuginfo.add_debuginfo(self, cont_name, result)
 
         if cont_name == 'sessions':
             result = self.handle_analyses(result)
@@ -299,8 +296,6 @@ def get_all(self, cont_name, par_cont_name=None, par_id=None):
         # and add a list of the measurements in the child acquisitions
         if cont_name == 'sessions' and self.is_true('measurements'):
             self._add_session_measurements(results)
-        if self.debug:
-            debuginfo.add_debuginfo(self, cont_name, results)
 
         for result in results:
             result = self.handle_origin(result)
@@ -359,8 +354,6 @@ def get_all_for_user(self, cont_name, uid):
         if results is None:
             self.abort(404, 'Element not found in container {} {}'.format(self.storage.cont_name, uid))
         self._filter_all_permissions(results, uid, user['site'])
-        if self.debug:
-            debuginfo.add_debuginfo(self, cont_name, results)
         return results
 
     def post(self, cont_name):

api/handlers/grouphandler.py

@@ -2,7 +2,6 @@
 
 from .. import base
 from .. import util
-from .. import debuginfo
 from .. import validators
 from ..auth import groupauth
 from ..dao import containerstorage
@@ -46,8 +45,6 @@ def get_all(self, uid=None):
             self.abort(404, 'Not found')
         if not self.superuser_request:
             self._filter_roles(results, self.uid, self.user_site)
-        if self.debug:
-            debuginfo.add_debuginfo(self, 'groups', results)
         return results
 
     def put(self, _id):

api/root.py

@@ -139,12 +139,7 @@ def get(self):
             [(/schema/group)]                   | group schema
             [(/schema/user)]                    | user schema
             """
-
-        if self.debug and self.uid:
-            resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1?user=%s&root=%r)' % (self.uid, self.superuser_request), resources)
-            resources = re.sub(r'(\(.*)\*<uid>\*(.*\))', r'\1%s\2' % self.uid, resources)
-        else:
-            resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1)', resources)
+        resources = re.sub(r'\[\((.*)\)\]', r'[\1](/api\1)', resources)
         resources = resources.replace('<', '&lt;').replace('>', '&gt;').strip()
 
         self.response.headers['Content-Type'] = 'text/html; charset=utf-8'
@@ -165,12 +160,6 @@ def get(self):
         self.response.write('</style>\n')
         self.response.write('</head>\n')
         self.response.write('<body style="min-width:900px">\n')
-        if self.debug and not self.get_param('user'):
-            self.response.write('<form name="username" action="" method="get">\n')
-            self.response.write('Username: <input type="text" name="user">\n')
-            self.response.write('Root: <input type="checkbox" name="root" value="1">\n')
-            self.response.write('<input type="submit" value="Generate Custom Links">\n')
-            self.response.write('</form>\n')
         self.response.write(markdown.markdown(resources, ['extra']))
         self.response.write('</body>\n')
         self.response.write('</html>\n')