Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix session handling for ICAT backend #156

Merged
merged 6 commits into from
Nov 2, 2020
Merged

Fix session handling for ICAT backend #156

merged 6 commits into from
Nov 2, 2020

Conversation

MRichards99
Copy link
Collaborator

This PR will close #135. See the comment on that issue to understand why it was reopened (also discussed on Slack today).

Essentially, before this change, a user would have to send a request to /login to get a session ID, and then use that session ID in future requests. It wouldn't matter if the user already had a valid session ID from elsewhere, because the client object wasn't being logged in until a request to /login was sent.

Really, this is quite a simple change; the session ID was being assigned to the client object in the wrong place. But it'll make dev manual testing a lot nicer (I'm all for things that make my life easier 😃) and will mean users that use session IDs from places like scigateway-auth can do so without having to create another session ID using this API.

I've done the same Apache jMeter testing that I did back in #149 and it works (50 concurrent users over a 2 second ramp up period). All unit tests pass - I fixed one which failed because some of the session test data was being set as null.

@MRichards99
#135: Fix session handling
662fc3c 
- This will mean a valid session ID can be used straight away, instead of having to use the login endpoint to create a new session ID and use the API using that. This will help when prod users use session IDs which have come from other auth services
@MRichards99
#135: Fix failing unit test
e662c48 
- Unit test was failing due to null session data being entered to the database
@MRichards99
#135: Make client objects bound to an endpoint, not a backend
853b0a1 
- This will prevent the same client object being used across different endpoints, which could be a security concern. This means that for each request, the client object is built with the session ID assigned each time, so each request checks that the user has a valid, active session ID
@MRichards99
Merge branch 'master' into feature/fix-session-handling-#135
f4a06ce
@MRichards99 MRichards99 force-pushed the feature/fix-session-handling-#135 branch from def14c7 to f4a06ce Compare August 17, 2020 15:09
@MRichards99
Copy link
Collaborator Author

Force push was to remove a commit (to impose Black on the repo) which I'd already done on a different branch. Cleans up this PR a bit.

louise-davies
louise-davies reviewed Aug 25, 2020
View reviewed changes
common/python_icat_backend.py Outdated
Comment on lines 50 to 53
if kwargs["client"]:
client = kwargs["client"]
else:
client = create_client()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if using the ternary operator here makes this shorter & more readable - thoughts?

client = kwargs["client"] if kwargs["client"] else create_client()

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've just pushed a change to make use of the ternary operator, and I've read online about some of its other uses (definitely a useful thing). :)

@louise-davies
Copy link
Member

Just something I've noticed during testing the API - if you login to the API via the session endpoints, then you restart the server, the session ID you previously were using is no longer valid. I presume this is to do with Python-ICAT? Or the expire time on the sessions?

@MRichards99
Copy link
Collaborator Author

@louise-davies:

Just something I've noticed during testing the API - if you login to the API via the session endpoints, then you restart the server, the session ID you previously were using is no longer valid. I presume this is to do with Python-ICAT? Or the expire time on the sessions?

I've just been testing this and can't recreate what you're describing, but I'm pretty sure I've experienced it on this branch before I submitted this PR. I remember looking at the SESSION_ table with my instance of icatdb and it seemed like Python ICAT would remove/overwrite (I can't remember which) session IDs every so often. I couldn't figure out why, it just seemed like a quirk with Python ICAT. Sessions created within Python ICAT last for two hours, so your experiences shouldn't be related to that.

That being said, this change should allow you to use the session ID between server restarts of a few minutes (like when you're testing changes as you develop) so I'd hope you can see that within your testing, as that was part of the motivation of reopening the issue.

@MRichards99 MRichards99 mentioned this pull request Oct 15, 2020
Merged
@MRichards99 MRichards99 merged commit bf64e9b into master Nov 2, 2020
@MRichards99 MRichards99 deleted the feature/fix-session-handling-#135 branch November 2, 2020 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stuartpullinger stuartpullinger stuartpullinger approved these changes

@louise-davies louise-davies Awaiting requested review from louise-davies

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement login-related endpoints using python-icat
3 participants
@MRichards99 @louise-davies @stuartpullinger