Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PXP-7539): Fix/populate idp for user info #877

Merged
merged 8 commits into from
Mar 2, 2021
Merged

(PXP-7539): Fix/populate idp for user info #877

merged 8 commits into from
Mar 2, 2021

Conversation

johnfrancismccann
Copy link
Contributor

@johnfrancismccann johnfrancismccann commented Feb 25, 2021
edited
Loading

PXP-7539

So that the /user endpoint is populated with idp info, make modifications to login_user function.

Please see ticket above for more details.

Bug Fixes

  • Fix /user endpoint so that idp field is populated for the user.

Improvements

  • Add a docstring for login_user function

@github-actions
Copy link

The style in this PR agrees with black. ✔️

This formatting comment was generated automatically by a script in uc-cdis/wool.

@coveralls
Copy link

coveralls commented Feb 25, 2021
edited
Loading

Pull Request Test Coverage Report for Build 10506

  • 23 of 27 (85.19%) changed or added relevant lines in 4 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.02%) to 69.585%
Changes Missing Coverage Covered Lines Changed/Added Lines %
fence/blueprints/login/fence_login.py 0 1 0.0%
fence/blueprints/login/shib.py 0 1 0.0%
fence/auth.py 22 24 91.67%
Totals Coverage Status
Change from base Build 10496: 0.02%
Covered Lines: 5722
Relevant Lines: 8223
💛 - Coveralls

johnfrancismccann
johnfrancismccann commented Feb 25, 2021
View reviewed changes
fence/auth.py Outdated

Args:
request (flask.request): not currently used by this function, TODO
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was wondering if there were any thoughts on removing request from the args? It’s not used in login_user, but somehow I’d still be cautious removing it given the number of places that supply it (I counted 7 across all of Fence).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'd definitely remove it to clean up the codebase - if something breaks, Jenkins will let us know

Avantol13
Avantol13 reviewed Feb 25, 2021
View reviewed changes
fence/auth.py
idp = IdentityProvider(name=provider)
user.identity_provider = idp
current_session.add(user)
current_session.commit()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we only need to do this commit if a) the user is completely new OR B) the user existed but the idp was not previously there. e.g. doing it every time like this I don't think is necessary and will be a bit of a performance hit

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should now be addressed above by

if user.identity_provider and user.identity_provider.name == provider:
    set_flask_session_values(user)
    return

Avantol13
Avantol13 reviewed Mar 2, 2021
View reviewed changes
fence/auth.py
if user.identity_provider and user.identity_provider.name == provider:
set_flask_session_values(user)
return
else:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can actually remove this else statement and un-indent the next line, b/c you're doing an early return above

Copy link
Contributor Author

@johnfrancismccann johnfrancismccann Mar 2, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This else is paired with if user:, so imagine a flow where a user does exist but doesn't have an identity provider. In that case we wouldn't necessarily want to overwrite the existing user with the un-indented user = User(username=username).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦 you're right, I didn't look closely enough

@johnfrancismccann johnfrancismccann merged commit 2e6abe0 into master Mar 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Avantol13 Avantol13 Avantol13 approved these changes

@paulineribeyre paulineribeyre paulineribeyre approved these changes

@BinamB BinamB Awaiting requested review from BinamB

Assignees
No one assigned
Labels
test-google-googleDataAccessTest setting label to retry specific feature test-google-googleServiceAccountKeyTest test-google-googleServiceAccountRemovalTest test-google-googleServiceAccountTest
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnfrancismccann @coveralls @paulineribeyre @Avantol13