Merge pull request #29 from arXiv/develop

Pre-release merge for v0.2.4

.travis.yml

@@ -16,8 +16,6 @@ before_install:
 script:
   - pipenv install ./users
   - ./lintstats.sh
-  - docker run -d -p 7000:7000 -p 7001:7001 -p 7002:7002 -p 7003:7003 -p 7004:7004 -p 7005:7005 -p 7006:7006 -e "IP=0.0.0.0" --hostname=server grokzen/redis-cluster:4.0.9
-  - sleep 10
-  - WITH_INTEGRATION=1 REDIS_CLUSTER=1 REDIS_PORT=7000 pipenv run pytest --cov=accounts --cov=users/arxiv --cov=registry --cov=authenticator --cov-report=term-missing accounts users/arxiv registry authenticator
+  - WITH_INTEGRATION=1 pipenv run pytest --cov=accounts --cov=users/arxiv --cov=registry --cov=authenticator --cov-report=term-missing accounts users/arxiv registry authenticator
 after_success:
   - coveralls

Pipfile

@@ -8,7 +8,8 @@ pycountry = "*"
 mysqlclient = "*"
 python-dateutil = "*"
 captcha = "*"
-redis = "*"
+redis = "==2.10.6"
+"redis-py-cluster" = "==1.3.6"
 celery = "*"
 flask = "*"
 jsonschema = "*"
@@ -19,8 +20,8 @@ uwsgi = "*"
 wtforms = "*"
 arxiv-base = "==0.12.1"
 authlib = "*"
-redis-py-cluster = "*"
 openapi-spec-validator = "*"
+"4010dd8" = {path = "./users"}
 
 [dev-packages]
 mimesis = "==2.1.0"

accounts/accounts/config.py

@@ -43,14 +43,13 @@
     'tapir_permanent'
 )
 CLASSIC_TRACKING_COOKIE = os.environ.get('CLASSIC_TRACKING_COOKIE', 'browser')
-CLASSIC_COOKIE_TIMEOUT = os.environ.get('CLASSIC_COOKIE_TIMEOUT', '86400')
 CLASSIC_TOKEN_RECOVERY_TIMEOUT = os.environ.get(
     'CLASSIC_TOKEN_RECOVERY_TIMEOUT',
     '86400'
 )
 CLASSIC_SESSION_HASH = os.environ.get('CLASSIC_SESSION_HASH', 'foosecret')
-CLASSIC_SESSION_TIMEOUT = os.environ.get(
-    'CLASSIC_SESSION_TIMEOUT',
+SESSION_DURATION = os.environ.get(
+    'SESSION_DURATION',
     '36000'
 )
 

accounts/accounts/controllers/tests/test_authentication.py

@@ -2,7 +2,7 @@
 
 from unittest import TestCase, mock
 from datetime import datetime
-from pytz import timezone
+from pytz import timezone, UTC
 
 from werkzeug import MultiDict
 from werkzeug.exceptions import BadRequest
@@ -115,7 +115,7 @@ def test_post_great(self, mock_legacy, mock_sessions, mock_users):
         form_data = MultiDict({'username': 'foouser', 'password': 'bazpass'})
         ip = '123.45.67.89'
         next_page = '/foo'
-        start_time = datetime.now(tz=EASTERN)
+        start_time = datetime.now(tz=UTC)
         user = domain.User(
             user_id=42,
             username='foouser',
@@ -173,7 +173,7 @@ def test_post_not_verified(self, mock_legacy, mock_sessions, mock_users):
         form_data = MultiDict({'username': 'foouser', 'password': 'bazpass'})
         ip = '123.45.67.89'
         next_page = '/foo'
-        start_time = datetime.now(tz=EASTERN)
+        start_time = datetime.now(tz=UTC)
         user = domain.User(
             user_id=42,
             username='foouser',

accounts/accounts/routes/ui.py

@@ -3,7 +3,7 @@
 from typing import Any, Callable
 from datetime import datetime, timedelta
 from functools import wraps
-from pytz import timezone
+from pytz import timezone, UTC
 from flask import Blueprint, render_template, url_for, abort, request, \
     make_response, redirect, current_app, send_file, Response
 from arxiv import status

accounts/accounts/stateless_captcha/__init__.py

@@ -26,7 +26,7 @@
 import io
 from typing import Dict, Mapping, Any, Optional
 from datetime import datetime, timedelta
-from pytz import timezone
+from pytz import timezone, UTC
 import dateutil.parser
 import string
 import jwt
@@ -98,12 +98,13 @@ def unpack(token: str, secret: str, ip_address: str) -> str:
     logger.debug('Unpack captcha token, %s', token)
     try:
         claims: Mapping[str, Any] = jwt.decode(token.encode('ascii'),
-                                               _secret(secret, ip_address))
+                                               _secret(secret, ip_address),
+                                               algorithms=['HS256'])
         logger.debug('Unpacked captcha token: %s', claims)
     except jwt.exceptions.DecodeError:  # type: ignore
         raise InvalidCaptchaToken('Could not decode token')
     try:
-        now = datetime.now(tz=EASTERN)
+        now = datetime.now(tz=UTC)
         if dateutil.parser.parse(claims['expires']) <= now:
             logger.debug('captcha token expired: %s', claims['expires'])
             raise InvalidCaptchaToken('Expired token')
@@ -136,7 +137,7 @@ def new(secret: str, ip_address: str, expires: int = 300) -> str:
     """
     claims = {
         'value': _generate_random_string(),
-        'expires': (datetime.now(tz=EASTERN) + timedelta(seconds=300)).isoformat()
+        'expires': (datetime.now(tz=UTC) + timedelta(seconds=300)).isoformat()
     }
     return jwt.encode(claims, _secret(secret, ip_address)).decode('ascii')
 

accounts/accounts/stateless_captcha/tests.py

@@ -3,7 +3,7 @@
 from unittest import TestCase
 import io
 from datetime import datetime, timedelta
-from pytz import timezone
+from pytz import timezone, UTC
 import jwt
 from . import new, unpack, render, check, InvalidCaptchaToken, \
     InvalidCaptchaValue
@@ -50,7 +50,7 @@ def test_forged_captcha(self):
 
         forged_token = jwt.encode({
             'value': 'foo',
-            'expires': (datetime.now(tz=EASTERN) + timedelta(seconds=3600)).isoformat()
+            'expires': (datetime.now(tz=UTC) + timedelta(seconds=3600)).isoformat()
         }, 'notthesecret').decode('ascii')
 
         with self.assertRaises(InvalidCaptchaToken):
@@ -71,7 +71,7 @@ def test_malformed_captcha(self):
         ip_address = '127.0.0.1'
 
         malformed_token = jwt.encode({
-            'expires': (datetime.now(tz=EASTERN) + timedelta(seconds=3600)).isoformat()
+            'expires': (datetime.now(tz=UTC) + timedelta(seconds=3600)).isoformat()
         }, secret).decode('ascii')
 
         with self.assertRaises(InvalidCaptchaToken):