Separated login and login_info routes #1140
Conversation
marcus-oscarsson
force-pushed
the
mo-login-resource
branch
4 times, most recently
from
cccdd30
to
e2e2c8c
Compare
|
thanks, just few questions (does not qualify as a proper review)
Is there any situation where the user can play around without selecting a proposal? And, I am not so sure if we want to change proposals in the middle of the beamtime without a proper logout. (ping @JieNanMAXIV ) |
marcus-oscarsson
force-pushed
the
mo-login-resource
branch
from
e2e2c8c
to
af90b82
Compare
There was a problem hiding this comment.
I guess we will want to properly test this at MAX IV before this gets merged. That is why I put a provisional negative feedback for now, even though I have not reviewed the code yet. And obviously I understand that it is still a draft.
Rework of the authentication code is definitely welcome, it was not straightforward before, thanks for working on this :)
|
@meguiraun: I don't think that its possible to proceed without selecting a proposal :). The "change" proposal dialog can of-course be made optional. We will need a feature like this for the automated beamlines where you can collect as several proposals during one session. @fabcor-maxiv: Sure, understandable take your time and test it. This is the first step there will be a few more updates at a later moment. I'm actually struggling a bit with the session timeout test, while it works in the browser it fails in the test. Maybe you have an idea of what it could be ? |
| @@ -40,10 +40,6 @@ const mxcubeReducer = combineReducers({ | |||
| }); | |||
|
|
|||
| const rootReducer = (state, action) => { | |||
There was a problem hiding this comment.
This wrapper function is no longer needed I think, you can inline the line below directly.
marcus-oscarsson
force-pushed
the
mo-login-resource
branch
from
643b3bb
to
9dd45d4
Compare
mxcubeweb/routes/login.py
Outdated
| res = deny_access("Could not authenticate") | ||
| res = make_response(jsonify({"msg": "Could not authenticate"}), 200) | ||
| else: | ||
| res = make_response(jsonify({"msg": ""}), 200) | ||
|
|
||
| session.permanent = True |
There was a problem hiding this comment.
I managed to get the tests working by adding back this line which I initially removed, as I thought that setting SESSION_PERMANENT=True would be enough and certainly as we are also using SESSION_PERMANENT_LIFETIME (and the later is taken into account).
However it seems that the configuration value is not taken into account and we need to set it programmatically, have a look at our mockup server config
Documentation even states that its true by default: https://flask-session.readthedocs.io/en/latest/config.html#configuration
Does someone have an idea of what that could be ?
There was a problem hiding this comment.
I recall it not being straightforward to understand. It took me a while to wrap my head around sessions and their expiration. I had written some doc, but obviously this doc is not good enough since reading it back now does not clarify much...
Flask and Flask-session have different behavior, different defaults. Flask does not seem to know about the SESSION_PERMANENT config setting at all.
I made a quick search and I am starting to wonder if flask-session is used at all. I can not seem to find where it is used in the code. Am I missing something?
There was a problem hiding this comment.
Indeed that explains it, so looking at the flask documentation SESSION_PARMANENT is not an option at all, however SESSION_PERMANENT_LIFETIME is and its used when one does session.permanent=True. So I was simply confused by the Flask-session documentation, we were using it in the past but now we are using Flask-Login
There was a problem hiding this comment.
We should probably remove line 29 from mxcubeweb/server.py, line 6 from test/HardwareObjectsMockup.xml/mxcube-web/server.yaml, and finally line 20 from mxcubeweb/core/models/configmodels.py.
There was a problem hiding this comment.
:), Actually I thought if flask does not deal with the SESSION_PERMANENT setting we can :)
There was a problem hiding this comment.
On a second thought, thats just unnecessary ... Ill remove the config option as we are actually relying on this feature, it does not make any sense to set it to false in our case.
There was a problem hiding this comment.
I wonder now if it makes sense (or is needed) to declare the session permanent when authentication failed.
It seems to work as it is so maybe it is fine to leave it like this, but curiosity...
marcus-oscarsson
force-pushed
the
mo-login-resource
branch
from
fb152df
to
34b1f83
Compare
Removed circular dependency on serverIO
marcus-oscarsson
force-pushed
the
mo-login-resource
branch
from
768c638
to
bb5c56d
Compare
|
Just a few last improvements done after some discussions we had between us here, after this I think we are more or less happy with this one. There will as I mentioned before be one or two more PR's to follow up on this.
|
axelboc
force-pushed
the
mo-login-resource
branch
from
f320c70
to
7bd7a66
Compare
|
I've refactored things a bit to make it clearer when/where
In other words, |
|
Would that make sense to add some of these technical details at |
|
For info, I have not been able to work on this these past weeks, but I am planning to test these changes to authentication this week (possibly tomorrow already). |
|
@fabcor-maxiv what I suggest is that we merge this as it is now and we fix anything we/you find while testing. Unless you see a fundamental problem with this PR |
|
False alarm. |
|
I figured out the cause of the behavior I initially reported in the previous message, and it was a "user issue" :D Now it seems to be working fine, comparable to what is demonstrated by the animation in the first post. Nice! :) |
fabcor-maxiv
dismissed
their stale review
I did some preliminary testing and found no obvious issue, so no reason to block. I have not reviewed the code yet though.
| @@ -275,8 +258,10 @@ def login_info(self): | |||
| ) | |||
|
|
|||
| res["selectedProposalID"] = HWR.beamline.session.proposal_id | |||
| else: | |||
| raise Exception("Not logged in") | |||
There was a problem hiding this comment.
Maybe raise a more specific exception type? See mxcubeweb/routes/login.py line 85 where is is caught.
| raise Exception("Not logged in") | |
| raise NotAuthenticated("Not logged in") |
| response = jsonify(res) | ||
| except Exception: |
There was a problem hiding this comment.
What about having a more specific Exception type? See mxcubeweb/core/components/user/usermanager.py line 262 where the exception is raised.
| except Exception: | |
| except NotAuthenticated: |
mxcubeweb/routes/login.py
Outdated
| res = deny_access("Could not authenticate") | ||
| res = make_response(jsonify({"msg": "Could not authenticate"}), 200) | ||
| else: | ||
| res = make_response(jsonify({"msg": ""}), 200) | ||
|
|
||
| session.permanent = True |
There was a problem hiding this comment.
I wonder now if it makes sense (or is needed) to declare the session permanent when authentication failed.
It seems to work as it is so maybe it is fine to leave it like this, but curiosity...
Co-authored-by: fabcor <[email protected]>
Co-authored-by: fabcor <[email protected]>
|
Ok, thanks guys (@axelboc and @fabcor-maxiv). The work on some of the details will continue in followup-PRs, and fairly soon one that also introduces OpenID Connect authentication using KeyCloak. |
|
@axelboc @marcus-oscarsson Seems like we lost the loading animation on the "Sign in" button in this change. I can open a separate ticket if you prefer. P.S.: ticket opened: #1148 |
Separated
loginandlogin_inforoutes. Returning401 - Unauthorizedfrom login_info instead of redirect. Removed the call torequireAuthfrom thePrivateOutletcomponent as it runs during rendering.requireAuthis now executed on page load (useEffectofApp) and on change of route using the loader functionality ofreact-router. The later makes the transition from login to application much smoother, as no reload of the page is needed.The proposal selection dialog was also separated from the Login component and displayed at login when there is no proposal already selected. The user can select a proposal from the menu in the top right corner.