Skip to content

Commit

Permalink
[auth] Dont load session_id in the UserData dict (#13618)
Browse files Browse the repository at this point in the history
The `UserData` dict is loaded from the `auth` database and passed around
to different services, but mostly to look at the current user's username
or some other metadata. Because it's in so many places I'm a little
worried about it getting logged, which we can't do because it contains
the user's `session_id`. But `userdata['session_id']` is used in so few
places that I removed `session_id` from the dict and retrieve it
explicitly where it's needed.
  • Loading branch information
daniel-goldstein authored Sep 19, 2023
1 parent b699870 commit 05521f0
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 10 deletions.
15 changes: 8 additions & 7 deletions auth/auth/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -467,8 +467,8 @@ async def get_copy_paste_token(request: web.Request, userdata: UserData) -> web.

@routes.post('/api/v1alpha/copy-paste-token')
@authenticated_users_only
async def get_copy_paste_token_api(request: web.Request, userdata: UserData) -> web.Response:
session_id = userdata['session_id']
async def get_copy_paste_token_api(request: web.Request, _) -> web.Response:
session_id = await get_session_id(request)
db = request.app['db']
copy_paste_token = await create_copy_paste_token(db, session_id)
return web.Response(body=copy_paste_token)
Expand All @@ -481,7 +481,7 @@ async def logout(request: web.Request, userdata: Optional[UserData]) -> NoReturn
raise web.HTTPFound(deploy_config.external_url('auth', ''))

db = request.app['db']
session_id = userdata['session_id']
session_id = await get_session_id(request)
await db.just_execute('DELETE FROM sessions WHERE session_id = %s;', session_id)

session = await aiohttp_session.get_session(request)
Expand Down Expand Up @@ -725,8 +725,8 @@ async def maybe_pop_token(tx):

@routes.post('/api/v1alpha/logout')
@authenticated_users_only
async def rest_logout(request: web.Request, userdata: UserData) -> web.Response:
session_id = userdata['session_id']
async def rest_logout(request: web.Request, _) -> web.Response:
session_id = await get_session_id(request)
db = request.app['db']
await db.just_execute('DELETE FROM sessions WHERE session_id = %s;', session_id)

Expand Down Expand Up @@ -784,9 +784,10 @@ async def get_userinfo_from_hail_session_id(request: web.Request, session_id: st
x
async for x in db.select_and_fetchall(
'''
SELECT users.*, sessions.session_id FROM users
SELECT users.*
FROM users
INNER JOIN sessions ON users.id = sessions.user_id
WHERE users.state = 'active' AND (sessions.session_id = %s) AND (ISNULL(sessions.max_age_secs) OR (NOW() < TIMESTAMPADD(SECOND, sessions.max_age_secs, sessions.created)));
WHERE users.state = 'active' AND sessions.session_id = %s AND (ISNULL(sessions.max_age_secs) OR (NOW() < TIMESTAMPADD(SECOND, sessions.max_age_secs, sessions.created)));
''',
session_id,
'get_userinfo',
Expand Down
3 changes: 1 addition & 2 deletions batch/batch/front_end/front_end.py
Original file line number Diff line number Diff line change
Expand Up @@ -718,8 +718,7 @@ async def _create_jobs(
file_store: FileStore = app['file_store']
user = userdata['username']

# restrict to what's necessary; in particular, drop the session
# which is sensitive
# restrict to what's necessary
userdata = {
'username': user,
'hail_credentials_secret_name': userdata['hail_credentials_secret_name'],
Expand Down
1 change: 0 additions & 1 deletion gear/gear/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ class UserData(TypedDict):
is_service_account: bool
hail_credentials_secret_name: str
tokens_secret_name: str
session_id: str


def maybe_parse_bearer_header(value: str) -> Optional[str]:
Expand Down

0 comments on commit 05521f0

Please sign in to comment.