From ea20786bf3cc8bc632ba0ec83fd4ce0cb4253381 Mon Sep 17 00:00:00 2001 From: Jia Xu Date: Mon, 15 Apr 2024 12:12:54 -0700 Subject: [PATCH 1/7] just for test --- pay-api/tests/utilities/base_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pay-api/tests/utilities/base_test.py b/pay-api/tests/utilities/base_test.py index 0c322bce6..25b537c00 100644 --- a/pay-api/tests/utilities/base_test.py +++ b/pay-api/tests/utilities/base_test.py @@ -379,7 +379,7 @@ def factory_payment_account(payment_system_code: str = 'PAYBC', payment_method_c name=None, branch_name=None): """Return Factory.""" - # Create a payment account + # Create a payment account account = PaymentAccount( auth_account_id=auth_account_id, bcol_user_id=bcol_user_id, From 26db252bb29066a5dd6774daa0acf1243d51f464 Mon Sep 17 00:00:00 2001 From: Jia Xu Date: Fri, 19 Apr 2024 16:17:14 -0700 Subject: [PATCH 2/7] remove extra code --- pay-api/tests/utilities/base_test.py | 2 +- pay-queue/devops/vaults.gcp.env | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/pay-api/tests/utilities/base_test.py b/pay-api/tests/utilities/base_test.py index 25b537c00..0c322bce6 100644 --- a/pay-api/tests/utilities/base_test.py +++ b/pay-api/tests/utilities/base_test.py @@ -379,7 +379,7 @@ def factory_payment_account(payment_system_code: str = 'PAYBC', payment_method_c name=None, branch_name=None): """Return Factory.""" - # Create a payment account + # Create a payment account account = PaymentAccount( auth_account_id=auth_account_id, bcol_user_id=bcol_user_id, diff --git a/pay-queue/devops/vaults.gcp.env b/pay-queue/devops/vaults.gcp.env index 5bfb8a754..18654b952 100644 --- a/pay-queue/devops/vaults.gcp.env +++ b/pay-queue/devops/vaults.gcp.env @@ -25,4 +25,3 @@ SENTRY_DSN="op://sentry/$APP_ENV/relationship-api/SENTRY_DSN" LEGISLATIVE_TIMEZONE="op://relationship/$APP_ENV/pay-api/LEGISLATIVE_TIMEZONE" ACCOUNT_SECRET_KEY="op://relationship/$APP_ENV/pay-api/ACCOUNT_SECRET_KEY" DISABLE_EJV_ERROR_EMAIL="True" -DISABLE_PAD_SUCCESS_EMAIL="False" From 8ad203fe1fa8204e8dbf2fc5d1a36343c9a8c046 Mon Sep 17 00:00:00 2001 From: Jia Xu Date: Fri, 19 Apr 2024 16:18:39 -0700 Subject: [PATCH 3/7] add back DISABLE_PAD_SUCCESS_EMAIL, it deleted by incidence --- pay-queue/devops/vaults.gcp.env | 1 + 1 file changed, 1 insertion(+) diff --git a/pay-queue/devops/vaults.gcp.env b/pay-queue/devops/vaults.gcp.env index 18654b952..5bfb8a754 100644 --- a/pay-queue/devops/vaults.gcp.env +++ b/pay-queue/devops/vaults.gcp.env @@ -25,3 +25,4 @@ SENTRY_DSN="op://sentry/$APP_ENV/relationship-api/SENTRY_DSN" LEGISLATIVE_TIMEZONE="op://relationship/$APP_ENV/pay-api/LEGISLATIVE_TIMEZONE" ACCOUNT_SECRET_KEY="op://relationship/$APP_ENV/pay-api/ACCOUNT_SECRET_KEY" DISABLE_EJV_ERROR_EMAIL="True" +DISABLE_PAD_SUCCESS_EMAIL="False" From 564f3e472ab2aebb7dbaa9cc0a20869b4133e6f1 Mon Sep 17 00:00:00 2001 From: Jia Xu Date: Tue, 23 Apr 2024 16:16:16 -0700 Subject: [PATCH 4/7] add test logs --- pay-queue/devops/vaults.gcp.env | 1 + pay-queue/src/pay_queue/config.py | 3 ++- pay-queue/src/pay_queue/external/gcp_auth.py | 7 +++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/pay-queue/devops/vaults.gcp.env b/pay-queue/devops/vaults.gcp.env index 5bfb8a754..fa6f68780 100644 --- a/pay-queue/devops/vaults.gcp.env +++ b/pay-queue/devops/vaults.gcp.env @@ -19,6 +19,7 @@ PUBLISHER_AUDIENCE="op://gcp-queue/$APP_ENV/base/PUBLISHER_AUDIENCE" PAY_SUB_AUDIENCE="op://gcp-queue/$APP_ENV/base/PAY_SUB_AUDIENCE" VERIFY_PUBSUB_EMAIL="op://gcp-queue/$APP_ENV/base/VERIFY_PUBSUB_EMAIL" VERIFY_PUBSUB_VIA_JWT="op://gcp-queue/$APP_ENV/base/VERIFY_PUBSUB_VIA_JWT" +DEBUG_REQUEST="op://gcp-queue/$APP_ENV/base/DEBUG_REQUEST" ACCOUNT_MAILER_TOPIC="op://gcp-queue/$APP_ENV/topics/ACCOUNT_MAILER_TOPIC" SENTRY_ENABLE="op://sentry/$APP_ENV/relationship-api/SENTRY_ENABLE" SENTRY_DSN="op://sentry/$APP_ENV/relationship-api/SENTRY_DSN" diff --git a/pay-queue/src/pay_queue/config.py b/pay-queue/src/pay_queue/config.py index 2b2a07ab4..ab0b8ccb0 100644 --- a/pay-queue/src/pay_queue/config.py +++ b/pay-queue/src/pay_queue/config.py @@ -109,7 +109,8 @@ class _Config(): # pylint: disable=too-few-public-methods ACCOUNT_MAILER_TOPIC = os.getenv('ACCOUNT_MAILER_TOPIC', None) PAY_SUB_AUDIENCE = os.getenv('PAY_SUB_AUDIENCE', None) VERIFY_PUBSUB_EMAIL = os.getenv('VERIFY_PUBSUB_EMAIL', None) - VERIFY_PUBSUB_VIA_JWT = os.getenv('VERIFY_PUBSUB_VIA_JWT', None) + VERIFY_PUBSUB_VIA_JWT = os.getenv('VERIFY_PUBSUB_VIA_JWT', 'true') + DEBUG_REQUEST = os.getenv('DEBUG_REQUEST', 'false') class DevConfig(_Config): # pylint: disable=too-few-public-methods diff --git a/pay-queue/src/pay_queue/external/gcp_auth.py b/pay-queue/src/pay_queue/external/gcp_auth.py index e6e180f9f..24fe5af9e 100644 --- a/pay-queue/src/pay_queue/external/gcp_auth.py +++ b/pay-queue/src/pay_queue/external/gcp_auth.py @@ -35,8 +35,11 @@ def ensure_authorized_queue_user(f): @functools.wraps(f) def decorated_function(*args, **kwargs): # Use CacheControl to avoid re-fetching certificates for every request. - config_value = current_app.config.get('VERIFY_PUBSUB_VIA_JWT', True) - if config_value is True: + if current_app.config.get("DEBUG_REQUEST"): + current_app.logger.info(request, "INFO", f"Headers: {request.headers}") + verifyJWT = current_app.config.get('VERIFY_PUBSUB_VIA_JWT', True) + current_app.logger.info(request, "INFO", f"verifyJWT: verifyJWT") + if verifyJWT is True: if message := verify_jwt(CacheControl(Session())): abort(HTTPStatus.UNAUTHORIZED) return f(*args, **kwargs) From 07aca074c9636ccd3f4781a1d526b7b866d786cf Mon Sep 17 00:00:00 2001 From: Jia Xu Date: Tue, 23 Apr 2024 16:18:43 -0700 Subject: [PATCH 5/7] text change --- pay-queue/src/pay_queue/external/gcp_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pay-queue/src/pay_queue/external/gcp_auth.py b/pay-queue/src/pay_queue/external/gcp_auth.py index 24fe5af9e..e1b07e891 100644 --- a/pay-queue/src/pay_queue/external/gcp_auth.py +++ b/pay-queue/src/pay_queue/external/gcp_auth.py @@ -38,7 +38,7 @@ def decorated_function(*args, **kwargs): if current_app.config.get("DEBUG_REQUEST"): current_app.logger.info(request, "INFO", f"Headers: {request.headers}") verifyJWT = current_app.config.get('VERIFY_PUBSUB_VIA_JWT', True) - current_app.logger.info(request, "INFO", f"verifyJWT: verifyJWT") + current_app.logger.info(request, "INFO", f"verifyJWT:", verifyJWT) if verifyJWT is True: if message := verify_jwt(CacheControl(Session())): abort(HTTPStatus.UNAUTHORIZED) From ba121fc3e502c9e2474224654dc30942fe09893d Mon Sep 17 00:00:00 2001 From: Jia Xu Date: Tue, 23 Apr 2024 19:43:19 -0700 Subject: [PATCH 6/7] unit test fix --- pay-queue/src/pay_queue/external/gcp_auth.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pay-queue/src/pay_queue/external/gcp_auth.py b/pay-queue/src/pay_queue/external/gcp_auth.py index e1b07e891..72fb6d96c 100644 --- a/pay-queue/src/pay_queue/external/gcp_auth.py +++ b/pay-queue/src/pay_queue/external/gcp_auth.py @@ -35,10 +35,10 @@ def ensure_authorized_queue_user(f): @functools.wraps(f) def decorated_function(*args, **kwargs): # Use CacheControl to avoid re-fetching certificates for every request. - if current_app.config.get("DEBUG_REQUEST"): - current_app.logger.info(request, "INFO", f"Headers: {request.headers}") + if current_app.config.get('DEBUG_REQUEST') is True: + current_app.logger.info('INFO - Headers: %s', request.headers) verifyJWT = current_app.config.get('VERIFY_PUBSUB_VIA_JWT', True) - current_app.logger.info(request, "INFO", f"verifyJWT:", verifyJWT) + current_app.logger.info('INFO - verifyJWT: %s', verifyJWT) if verifyJWT is True: if message := verify_jwt(CacheControl(Session())): abort(HTTPStatus.UNAUTHORIZED) From 764aa508854884dc70bab2a30d5bfa23eda75da2 Mon Sep 17 00:00:00 2001 From: Jia Xu Date: Tue, 23 Apr 2024 20:19:29 -0700 Subject: [PATCH 7/7] code review fixing --- pay-queue/src/pay_queue/config.py | 5 +++-- pay-queue/src/pay_queue/external/gcp_auth.py | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pay-queue/src/pay_queue/config.py b/pay-queue/src/pay_queue/config.py index ab0b8ccb0..cbceb71f4 100644 --- a/pay-queue/src/pay_queue/config.py +++ b/pay-queue/src/pay_queue/config.py @@ -109,8 +109,9 @@ class _Config(): # pylint: disable=too-few-public-methods ACCOUNT_MAILER_TOPIC = os.getenv('ACCOUNT_MAILER_TOPIC', None) PAY_SUB_AUDIENCE = os.getenv('PAY_SUB_AUDIENCE', None) VERIFY_PUBSUB_EMAIL = os.getenv('VERIFY_PUBSUB_EMAIL', None) - VERIFY_PUBSUB_VIA_JWT = os.getenv('VERIFY_PUBSUB_VIA_JWT', 'true') - DEBUG_REQUEST = os.getenv('DEBUG_REQUEST', 'false') + + VERIFY_PUBSUB_VIA_JWT = os.getenv('VERIFY_PUBSUB_VIA_JWT', 'true').lower() == 'true' + VERIFY_PUBSUB_VIA_JWT = os.getenv('DEBUG_REQUEST', 'true').lower() == 'true' class DevConfig(_Config): # pylint: disable=too-few-public-methods diff --git a/pay-queue/src/pay_queue/external/gcp_auth.py b/pay-queue/src/pay_queue/external/gcp_auth.py index 72fb6d96c..31f575ac6 100644 --- a/pay-queue/src/pay_queue/external/gcp_auth.py +++ b/pay-queue/src/pay_queue/external/gcp_auth.py @@ -36,9 +36,9 @@ def ensure_authorized_queue_user(f): def decorated_function(*args, **kwargs): # Use CacheControl to avoid re-fetching certificates for every request. if current_app.config.get('DEBUG_REQUEST') is True: - current_app.logger.info('INFO - Headers: %s', request.headers) + current_app.logger.info(f'Headers: {request.headers}') verifyJWT = current_app.config.get('VERIFY_PUBSUB_VIA_JWT', True) - current_app.logger.info('INFO - verifyJWT: %s', verifyJWT) + current_app.logger.info(f'verifyJWT: {verifyJWT}') if verifyJWT is True: if message := verify_jwt(CacheControl(Session())): abort(HTTPStatus.UNAUTHORIZED)