Support various auth policies for aggregate calls as well #801
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fixes e-mission/e-mission-docs#408 It is also a partial fix for e-mission/e-mission-docs#628 We support 3 basic policies: - `no_auth`: full public access (backwards compatible behavior) - `user_only`: access only to existing users (new functionality, consistent with e-mission/e-mission-docs#408) - `never`: disable completely Other sophisticated access control for certain users only is out of the scope at this time Testing done: - set the policy to `no_auth` - aggregate call works ``` 2021-03-16 16:25:32,859:DEBUG:123145663979520:START POST /result/metrics/timestamp 2021-03-16 16:25:32,859:DEBUG:123145663979520:Aggregate call, checking {aggregate_call_support} policy 2021-03-16 16:25:32,859:DEBUG:123145663979520:metric_list = ['duration', 'median_speed', 'count', 'distance'] 2021-03-16 16:25:32,859:DEBUG:123145663979520:['duration -> <function get_duration at 0x7ffe61347cb0>', 'median_speed -> <function get_median_speed at 0x7ffe61347d40>', 'count -> <function get_count at 0x7ffe61347b90>', 'distance -> <function get_distance at 0x7ffe61347c20>'] 2021-03-16 16:25:32,859:DEBUG:123145663979520:for user None, returning timeseries <emission.storage.timeseries.aggregate_timeseries.AggregateTimeSeries object at 0x7ffe8052d790> 2021-03-16 16:25:32,867:DEBUG:123145663979520:END POST /result/metrics/timestamp 0.008590936660766602 ``` - user call works ``` 2021-03-16 16:25:32,866:DEBUG:123145669234688:START POST /result/metrics/timestamp 2021-03-16 16:25:32,867:DEBUG:123145669234688:User specific call, returning UUID 2021-03-16 16:25:32,868:DEBUG:123145669234688:methodName = skip, returning <class 'emission.net.auth.skip.SkipMethod'> 2021-03-16 16:25:32,868:DEBUG:123145669234688:Using the skip method to verify id token REPLACEMEkVVdF9rT of length 17 2021-03-16 16:25:32,870:DEBUG:123145669234688:retUUID = cf8ccb7b-84d7-40e4-a726-7691e614b042 2021-03-16 16:25:32,876:DEBUG:123145669234688:END POST /result/metrics/timestamp cf8ccb7b-84d7-40e4-a726-7691e614b042 0.009974002838134766 ``` - switch the policy to `user_only` - user call works ``` 2021-03-16 16:25:32,866:DEBUG:123145669234688:START POST /result/metrics/timestamp 2021-03-16 16:25:32,867:DEBUG:123145669234688:User specific call, returning UUID 2021-03-16 16:25:32,868:DEBUG:123145669234688:methodName = skip, returning <class 'emission.net.auth.skip.SkipMethod'> 2021-03-16 16:25:32,868:DEBUG:123145669234688:Using the skip method to verify id token REPLACEMEkVVdF9rT of length 17 2021-03-16 16:25:32,870:DEBUG:123145669234688:retUUID = cf8ccb7b-84d7-40e4-a726-7691e614b042 2021-03-16 16:25:32,876:DEBUG:123145669234688:END POST /result/metrics/timestamp cf8ccb7b-84d7-40e4-a726-7691e614b042 0.009974002838134766 ``` - aggregate call fails ``` 2021-03-16 16:59:25,517:DEBUG:123145504403456:START POST /result/metrics/timestamp 2021-03-16 16:59:25,517:DEBUG:123145504403456:Aggregate call, checking user_only policy 2021-03-16 16:59:25,518:DEBUG:123145504403456:END POST /result/metrics/timestamp 0.00035881996154785156 ``` with error ``` 2021-03-16 16:58:42.465 23394-23394/edu.berkeley.eecs.emission.devapp I/chromium: [INFO:CONSOLE(145)] "ERROR:Error loading aggregate data, averages not available{"status":403,"url":"http://10.0.2.2:8080/result/metrics/timestamp","headers":{"date":"Tue, 16 Mar 2021 23:59:25 GMT","content-length":"761","server":"Cheroot/8.4.2","x-android-selected-protocol":"http/1.1","x-android-response-source":"NETWORK 403","x-android-received-millis":"1615939122220","x-android-sent-millis":"1615939122206","content-type":"text/html; charset=UTF-8"},"error":"\n <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n <html>\n <head>\n <title>Error: 403 Forbidden</title>\n <style type=\"text/css\">\n html {background-color: #eee; font-family: sans-serif;}\n body {background-color: #fff; border: 1px solid #ddd;\n padding: 15px; margin: 15px;}\n pre {background-color: #eee; border: 1px solid #ddd; padding: 5px;}\n </style>\n </head>\n <body>\n <h1>Error: 403 Forbidden</h1>\n <p>Sorry, the requested URL <tt>&e-mission#39;http://10.0.2.2:8080/result/metrics/timestamp'</tt>\n caused an error:</p>\n <pre>aggregations only available to users</pre>\n </body>\n </html>\n"}", source: http://localhost/_app_file_/data/user/0/edu.berkeley.eecs.emission.devapp/files/phonegapdevapp/www/index.html (145) ``` - switch the policy to `never`, fails with error ``` 2021-03-16 17:13:20.422 23394-23394/edu.berkeley.eecs.emission.devapp I/chromium: [INFO:CONSOLE(145)] "Error loading aggregate data, averages not available{"status":404,"url":"http://10.0.2.2:8080/result/metrics/timestamp","headers":{"date":"Wed, 17 Mar 2021 00:14:03 GMT","content-length":"754","server":"Cheroot/8.4.2","x-android-selected-protocol":"http/1.1","x-android-response-source":"NETWORK 404","x-android-received-millis":"1615940000171","x-android-sent-millis":"1615940000159","content-type":"text/html; charset=UTF-8"},"error":"\n <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n <html>\n <head>\n <title>Error: 404 Not Found</title>\n <style type=\"text/css\">\n html {background-color: #eee; font-family: sans-serif;}\n body {background-color: #fff; border: 1px solid #ddd;\n padding: 15px; margin: 15px;}\n pre {background-color: #eee; border: 1px solid #ddd; padding: 5px;}\n </style>\n </head>\n <body>\n <h1>Error: 404 Not Found</h1>\n <p>Sorry, the requested URL <tt>&e-mission#39;http://10.0.2.2:8080/result/metrics/timestamp'</tt>\n caused an error:</p>\n <pre>Aggregate calls not supported</pre>\n </body>\n </html>\n"}", source: http://localhost/_app_file_/data/user/0/edu.berkeley.eecs.emission.devapp/files/phonegapdevapp/www/index.html (145) ``` - switch the policy to an invalid valid, fails with error ``` 2021-03-16 17:14:25.561 23394-23394/edu.berkeley.eecs.emission.devapp I/chromium: [INFO:CONSOLE(145)] "ERROR:Error loading aggregate data, averages not available{"status":500,"url":"http://10.0.2.2:8080/result/metrics/timestamp","headers":{"date":"Wed, 17 Mar 2021 00:15:08 GMT","content-length":"1550","server":"Cheroot/8.4.2","x-android-selected-protocol":"http/1.1","x-android-response-source":"NETWORK 500","x-android-received-millis":"1615940065310","x-android-sent-millis":"1615940065297","content-type":"text/html; charset=UTF-8"},"error":"\n <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n <html>\n <head>\n <title>Error: 500 Internal Server Error</title>\n <style type=\"text/css\">\n html {background-color: #eee; font-family: sans-serif;}\n body {background-color: #fff; border: 1px solid #ddd;\n padding: 15px; margin: 15px;}\n pre {background-color: #eee; border: 1px solid #ddd; padding: 5px;}\n </style>\n </head>\n <body>\n <h1>Error: 500 Internal Server Error</h1>\n <p>Sorry, the requested URL <tt>&e-mission#39;http://10.0.2.2:8080/result/metrics/timestamp'</tt>\n caused an error:</p>\n <pre>Internal Server Error</pre>\n <h2>Exception:</h2>\n <pre>KeyError(&e-mission#39;foobar&e-mission#39;)</pre>\n <h2>Traceback:</h2>\n <pre>Traceback (most recent call last):\n File "/Users/kshankar/e-mission/e-mission-server/emission/net/api/bottle.py", line 997, in _handle\n out = route.call(**args)\n File "/Users/kshankar/e-mission/e-mission-server/emission/net/api/bottle.py", line 1998, in wrapper\n rv = callback(*a, **ka)\n File "emission/net/api/cfc_webapp.py", line 466, in summarize_metrics\n user_uuid = get_user_or_aggregate_auth(request)\n File "emission/net/api/cfc_webapp.py", line 621, in get_user_or_aggregate_auth\n return aggregate_call_map[aggregate_call_support](request)\nKeyError: &e-mission#39;foobar&e-mission#39;\n</pre>\n </body>\n </html>\n"}", source: http://localhost/_app_file_/data/user/0/edu.berkeley.eecs.emission.devapp/files/phonegapdevapp/www/index.html (145) ``` - changed the phone code to send a user token for aggregate calls as well, worked ``` 2021-03-16 18:52:47,214:DEBUG:123145648730112:START POST /result/metrics/timestamp 2021-03-16 18:52:47,214:DEBUG:123145648730112:Aggregate call, checking user_only policy 2021-03-16 18:52:47,214:DEBUG:123145648730112:methodName = skip, returning <class 'emission.net.auth.skip.SkipMethod'> 2021-03-16 18:52:47,215:DEBUG:123145648730112:Using the skip method to verify id token REPLACEMEkVVdF9rT of length 17 2021-03-16 18:52:47,216:DEBUG:123145648730112:retUUID = cf8ccb7b-84d7-40e4-a726-7691e614b042 2021-03-16 18:52:47,223:DEBUG:123145648730112:END POST /result/metrics/timestamp cf8ccb7b-84d7-40e4-a726-7691e614b042 0.009236335754394531 ```
|
Related phone change: |
jf87
pushed a commit
to jf87/e-mission-server
that referenced
this pull request
Jun 21, 2021
…_auth Support various auth policies for aggregate calls as well
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes
e-mission/e-mission-docs#408
It is also a partial fix for
e-mission/e-mission-docs#628
We support 3 basic policies:
no_auth: full public access (backwards compatible behavior)user_only: access only to existing users (new functionality, consistent with Support additional configuration options for aggregate data e-mission-docs#408)never: disable completelyOther sophisticated access control for certain users only is out of the scope at this time
Testing done:
set the policy to
no_authswitch the policy to
user_onlywith error
switch the policy to
never, fails with errorswitch the policy to an invalid valid, fails with error
changed the phone code to send a user token for aggregate calls as well, worked