From 1be32308fbd905af9b090429eacd5ef1f26ccc6d Mon Sep 17 00:00:00 2001 From: yuanzhou Date: Sat, 27 Mar 2021 14:50:03 -0400 Subject: [PATCH 1/6] Add 404 case for file access check --- hubmap-auth/src/app.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hubmap-auth/src/app.py b/hubmap-auth/src/app.py index 24d3f7c..0bb88ed 100644 --- a/hubmap-auth/src/app.py +++ b/hubmap-auth/src/app.py @@ -184,6 +184,7 @@ def file_auth(): response_200 = make_response(jsonify({"message": "OK: Authorized"}), 200) response_401 = make_response(jsonify({"message": "ERROR: Unauthorized"}), 401) response_403 = make_response(jsonify({"message": "ERROR: Forbidden"}), 403) + response_404 = make_response(jsonify({"message": "ERROR: Not Found"}), 404) response_500 = make_response(jsonify({"message": "ERROR: Internal Server Error"}), 500) method = None @@ -233,7 +234,9 @@ def file_auth(): elif code == 401: return response_401 elif code == 403: - return response_403 + return + elif code == 404: + return response_404 elif code == 500: return response_500 else: @@ -457,6 +460,7 @@ def get_file_access(dataset_uuid, token_from_query, request): allowed = 200 authentication_required = 401 authorization_required = 403 + not_found = 404 internal_error = 500 # All lowercase for easy comparision @@ -583,8 +587,10 @@ def get_file_access(dataset_uuid, token_from_query, request): elif response.status_code == 401: logger.error("Couldn't authenticate the request made to " + entity_api_full_url + " with internal token (modified globus app secrect)") return authorization_required + elif response.status_code == 404: + logger.error(f"Dataset with uuid {dataset_uuid} not found") + return not_found # All other cases with 500 response - # E.g., entity-api server down? else: logger.error("The server encountered an unexpected condition that prevented it from getting the access level of this dataset " + dataset_uuid) return internal_error From 87509ebe6c56165dd1bc79ade994e4ea0719248b Mon Sep 17 00:00:00 2001 From: "Zhou (Joe) Yuan" Date: Sat, 27 Mar 2021 14:52:13 -0400 Subject: [PATCH 2/6] Bump version to 2.0.3 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index e9307ca..50ffc5a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0.2 +2.0.3 From 0dce45bad4c885fdab22372672eb2a218e35ddce Mon Sep 17 00:00:00 2001 From: yuanzhou Date: Sat, 27 Mar 2021 14:58:24 -0400 Subject: [PATCH 3/6] Fix indentation --- hubmap-auth/src/app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hubmap-auth/src/app.py b/hubmap-auth/src/app.py index 0bb88ed..65519b3 100644 --- a/hubmap-auth/src/app.py +++ b/hubmap-auth/src/app.py @@ -199,7 +199,7 @@ def file_auth(): # File access only via http GET if method is not None: - # Supports both GET and HEAD request methods + # Supports both GET and HEAD request methods if method.upper() in ['GET', 'HEAD']: if orig_uri is not None: parsed_uri = urlparse(orig_uri) @@ -588,7 +588,7 @@ def get_file_access(dataset_uuid, token_from_query, request): logger.error("Couldn't authenticate the request made to " + entity_api_full_url + " with internal token (modified globus app secrect)") return authorization_required elif response.status_code == 404: - logger.error(f"Dataset with uuid {dataset_uuid} not found") + logger.error(f"Dataset with uuid {dataset_uuid} not found") return not_found # All other cases with 500 response else: From 9856ff6291142b3a6790db1269e4a1d675d71e2e Mon Sep 17 00:00:00 2001 From: yuanzhou Date: Sat, 27 Mar 2021 15:05:53 -0400 Subject: [PATCH 4/6] 404 considered as 500 --- hubmap-auth/src/app.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hubmap-auth/src/app.py b/hubmap-auth/src/app.py index 65519b3..3d01ea2 100644 --- a/hubmap-auth/src/app.py +++ b/hubmap-auth/src/app.py @@ -180,11 +180,12 @@ def file_auth(): # Nginx auth_request only cares about the response status code # it ignores the response body - # We use body here only for direct visit to this endpoint + # We use body here only for description purposes and direct visit to this endpoint + # Note: 404 is not supported http://nginx.org/en/docs/http/ngx_http_auth_request_module.html + # Any response code other than 200/401/403 returned by the subrequest is considered an error 500 response_200 = make_response(jsonify({"message": "OK: Authorized"}), 200) response_401 = make_response(jsonify({"message": "ERROR: Unauthorized"}), 401) response_403 = make_response(jsonify({"message": "ERROR: Forbidden"}), 403) - response_404 = make_response(jsonify({"message": "ERROR: Not Found"}), 404) response_500 = make_response(jsonify({"message": "ERROR: Internal Server Error"}), 500) method = None @@ -234,9 +235,8 @@ def file_auth(): elif code == 401: return response_401 elif code == 403: - return - elif code == 404: - return response_404 + return response_403 + # 404 will be considered as 500 due to the design of nginx auth_request module elif code == 500: return response_500 else: From b80ed15bcdb30ac9ff15d707e1d174280ed06afd Mon Sep 17 00:00:00 2001 From: yuanzhou Date: Sat, 27 Mar 2021 15:13:41 -0400 Subject: [PATCH 5/6] Use 404 even though it considered as 500 --- hubmap-auth/src/app.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/hubmap-auth/src/app.py b/hubmap-auth/src/app.py index 3d01ea2..4a8452c 100644 --- a/hubmap-auth/src/app.py +++ b/hubmap-auth/src/app.py @@ -181,12 +181,15 @@ def file_auth(): # Nginx auth_request only cares about the response status code # it ignores the response body # We use body here only for description purposes and direct visit to this endpoint - # Note: 404 is not supported http://nginx.org/en/docs/http/ngx_http_auth_request_module.html - # Any response code other than 200/401/403 returned by the subrequest is considered an error 500 response_200 = make_response(jsonify({"message": "OK: Authorized"}), 200) response_401 = make_response(jsonify({"message": "ERROR: Unauthorized"}), 401) response_403 = make_response(jsonify({"message": "ERROR: Forbidden"}), 403) response_500 = make_response(jsonify({"message": "ERROR: Internal Server Error"}), 500) + + # Note: 404 is not supported http://nginx.org/en/docs/http/ngx_http_auth_request_module.html + # Any response code other than 200/401/403 returned by the subrequest is considered an error 500 + # The end user or client will never see 404 but 500 + response_404 = make_response(jsonify({"message": "ERROR: Not Found"}), 404) method = None orig_uri = None @@ -236,7 +239,10 @@ def file_auth(): return response_401 elif code == 403: return response_403 - # 404 will be considered as 500 due to the design of nginx auth_request module + # Returned 404 will be considered as 500 by nginx auth_request module + # The end user or client will never see 404 but 500 + elif code == 404: + return response_404 elif code == 500: return response_500 else: From ad62e2530dbdae3c503b2dd80e9a500f0355021e Mon Sep 17 00:00:00 2001 From: yuanzhou Date: Sat, 27 Mar 2021 15:17:31 -0400 Subject: [PATCH 6/6] Add warning message on 404 --- hubmap-auth/src/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hubmap-auth/src/app.py b/hubmap-auth/src/app.py index 4a8452c..207e63d 100644 --- a/hubmap-auth/src/app.py +++ b/hubmap-auth/src/app.py @@ -240,8 +240,8 @@ def file_auth(): elif code == 403: return response_403 # Returned 404 will be considered as 500 by nginx auth_request module - # The end user or client will never see 404 but 500 elif code == 404: + logger.warning("The end user or client will never see 404 but 500") return response_404 elif code == 500: return response_500