methode cleanup simplifiée

README.md

@@ -8,40 +8,14 @@ Output : a login and password in the `login:password` form
 
 This login and password is valid for a certain amount of time (24h typically)
 
-## Playing around
-
-``` shell
-pip install gunicorn httpie
-gunicorn --reload -w 1 eidaws_auth:auth
-```
-Then, to send a post request :
-
-``` shell
-http localhost:8000/version
-http POST localhost:8000 < token.asc
-```
-## Running tests
-
-``` shell
-pip install -e .
-pytest
-```
-
-
 ## Configuration
 
-The conifguration is set in the `eidawsauth/config.py` file.
+To configure the database connection, copy `configurations/default.py` to `configurations/production.py` for instance. Then edit the file with everything you need.
 
-There are 4 classes :
-- `Config` : the root class with some defaults
-- `Production` : the configuration suitable for production
-- `Test` : the configuration suitable for pytest
-- `Dev` : the configuration for the developpment environment
-
-You can choose the configuration class by setting up the `RUNMODE` environment variable. Default value is DEVELOPMENT
+From the value of the `RUNMODE` environment variable, the name of the configuration file is choosen.
 
 ``` shell
-RUNMODE=PRODUCTION gunicorn -w 4 eidaws_auth:aut
+RUNMODE=development python eidawsauth.py
 ```
 
 ## Database initialisation
@@ -93,6 +67,25 @@ Contraintes de clés étrangères :
     "aut_user_network_id_fkey" FOREIGN KEY (network_id) REFERENCES networks(network_id) ON DELETE SET DEFAULT
 ```
 
+## Playing around
+
+After the Database initialisation, the application can be run in a virtual environment.
+
+``` shell
+pip install -r requirements.txt
+cd eidawsauth
+FLASK_ENV=development RUNMODE=development python eidawsauth.py
+```
+Then, to send a post request :
+
+``` shell
+http localhost:8000/version
+http POST localhost:8000 < token.asc
+```
+
+## Running tests
+
+
 
 # Explanations
 

eidawsauth/configurations/__init__.py

@@ -4,6 +4,5 @@ import importlib
 for module in os.listdir(os.path.dirname(__file__)):
     if module == '__init__.py' or module[-3:] != '.py':
         continue
-#    importlib.import_module(module[:-3])
     importlib.import_module('.'+module[:-3], 'configurations')
 del module

eidawsauth/eidawsauth.py

@@ -65,6 +65,7 @@ def register_login(login, password):
     - Generate Login and Password hash
     - register in the users table
     """
+    expiration_time=datetime.datetime.now()+datetime.timedelta(days=1)
     try:
         conn = psycopg2.connect(dbname= application.config['AUTHDBNAME'],
                             port = application.config['AUTHDBPORT'],
@@ -83,13 +84,13 @@ def register_login(login, password):
     cur.execute("""
                 INSERT INTO users VALUES (DEFAULT, %(login)s, 'Temp', 'EIDA', %(tmpmail)s, %(expiration)s);
                 """,
-                {'login': login, 'tmpmail': "%s@eida"%(login),'expiration': datetime.datetime.now()+datetime.timedelta(days=1)}
+                {'login': login, 'tmpmail': "%s@eida"%(login),'expiration': expiration_time }
     )
 
     cur.execute("""
-        INSERT INTO credentials VALUES (CURRVAL('users_user_index_seq'), NULL, %(wsshash)s);
+        INSERT INTO credentials VALUES (CURRVAL('users_user_index_seq'), NULL, %(wsshash)s, %(expiration)s);
         """,
-                {'wsshash': wsshash(login, password)}
+                {'wsshash': wsshash(login, password), 'expiration': expiration_time }
     )
     conn.commit()
     conn.close()
@@ -106,7 +107,7 @@ def register_privileges(login, fdsn_refs):
                             user= application.config['PRIVILEGEDBUSER'],
                             password = application.config['PRIVILEGEDBPASSWORD'])
         cur = conn.cursor()
-        logging.debug("Connected to users database")
+        logging.debug("Connected to privileges database")
     except Exception as e:
         logging.error("Unable to connect to database %s as %s@%s:%s"%(application.config['PRIVILEGEDBNAME'],
                                                                       application.config['PRIVILEGEDBUSER'],
@@ -117,13 +118,14 @@ def register_privileges(login, fdsn_refs):
     # Get the network id
     for ref in fdsn_refs:
         ref['login'] = login
+        ref['expiration'] = datetime.datetime.now()+datetime.timedelta(days=1)
         cur.execute("""
                     select network_id from networks where start_year=%(startyear)s and end_year=%(endyear)s and network=%(networkcode)s;
                     """, ref)
         ref['networkid'] = cur.fetchone()[0]
-        logging.info(ref)
+        logging.info("Inserting tupple in %s.eida_temp_users: %s"%(application.config['PRIVILEGEDBNAME'], ref))
         cur.execute("""
-                    insert into eida_temp_users (network_id, network, start_year, end_year, name) values (%(networkid)s, %(networkcode)s, %(startyear)s, %(endyear)s, %(login)s);
+                    insert into eida_temp_users (network_id, network, start_year, end_year, name, expiration) values (%(networkid)s, %(networkcode)s, %(startyear)s, %(endyear)s, %(login)s, %(expiration)s);
                     """, ref)
     conn.commit()
     conn.close()
@@ -139,9 +141,7 @@ def cleanup():
     Clean old temporary logins and passwords in both databases.
     """
     logging.info("Cleaning up expired temporary accounts")
-    nb_expired_accounts = 0
-    old_users_entries = 0
-    old_users = ""
+    rows_deleted = 0
     try:
         conn = psycopg2.connect(dbname= application.config['AUTHDBNAME'],
                             port = application.config['AUTHDBPORT'],
@@ -150,10 +150,11 @@ def cleanup():
                             password = application.config['AUTHDBPASSWORD'])
         cur = conn.cursor()
         logging.debug("Connected to users database")
-        cur.execute("select user_index,login from users where expires_at < now();")
-        nb_expired_accounts = cur.rowcount
-        old_users_entries = cur.fetchall()[:1000]
-        old_users = ','.join( str(u[0]) for u in old_users_entries )
+        cur.execute("delete from credentials where expiration < now();")
+        cur.execute("delete from users where expires_at < now();")
+        rows_deleted = cur.rowcount
+        conn.commit()
+        conn.close()
     except Exception as e:
         logging.error("Unable to connect to database %s as %s@%s:%s"%(application.config['AUTHDBNAME'],
                                                                       application.config['AUTHDBUSER'],
@@ -161,17 +162,6 @@ def cleanup():
                                                                       application.config['AUTHDBPORT']))
         raise e
 
-    logging.debug("%d users to delete"%(len(old_users_entries)))
-    if len(old_users_entries) > 0 :
-        try :
-            cur.execute("delete from credentials where user_index in (%s);",(AsIs(old_users),))
-            cur.execute("delete from users where user_index in (%s);", (AsIs(old_users),))
-        except Exception as e:
-            logging.error("Unable de delete from credentials or users")
-            logging.error(e)
-        conn.commit()
-        conn.close()
-
         try:
             conn = psycopg2.connect(dbname= application.config['PRIVILEGEDBNAME'],
                             port = application.config['PRIVILEGEDBPORT'],
@@ -180,11 +170,8 @@ def cleanup():
                             password = application.config['PRIVILEGEDBPASSWORD'])
             cur = conn.cursor()
             logging.debug("Connected to privlieges database")
-            old_users =  ','.join(str(u[1]) for u in old_users_entries)
             logging.debug("Deleting from privileges database: %s", old_users)
-            cur.execute("""
-                delete from eida_temp_users where name in (%s);
-                """, (AsIs(old_users),))
+            cur.execute("delete from eida_temp_users where expiration < now();")
             conn.commit()
             conn.close()
         except Exception as e:
@@ -193,8 +180,7 @@ def cleanup():
                                                                       application.config['PRIVILEGEDBHOST'],
                                                                       application.config['PRIVILEGEDBPORT']))
             raise e
-    logging.info("Deleted %d over %d expired accounts"%(len(old_users_entries), nb_expired_accounts))
-    return Response("Deleted %d expired accounts."%(len(old_users_entries)), status=200)
+    return Response("Deleted %d expired accounts."%(rows_deleted), status=200)
 
 @application.route("/", methods=['POST'])
 def auth():
@@ -221,7 +207,9 @@ def auth():
     # Check membership and get FDSN references
     fdsn_memberships = []
     for em in  tokendict['memberof'].split(';'):
+        logging.debug("EPOS membership: "+em)
         if em in application.config['EPOS_FDSN_MAP']:
+            logging.debug("   ... is in epos fdsn map")
             fdsn_memberships.append(application.config['EPOS_FDSN_MAP'][em])
     # If fdsn_memberships is empty, there is no point to continue.
     if len(fdsn_memberships) == 0 :
@@ -236,6 +224,7 @@ def auth():
     register_login(login, password)
 
     # Store in PRIVILEGEDB
+    logging.debug("FDSN memberships: %s"%(fdsn_memberships))
     register_privileges(login, fdsn_memberships)
     # Return
     return "%s:%s"%(login, password)

requirements.txt

-atomicwrites==1.3.0
-attrs==19.1.0
-bleach==3.1.0
-certifi==2019.3.9
-chardet==3.0.4
-Click==7.0
-coverage==4.5.3
-docutils==0.14
-eidaws-auth==0.0.1
--e git+git@gitlab.com:resif/ws-eidaauth.git@c904cdb6b3c0b5e52b554dd5fcf4fee095d6f104#egg=eidawsauth
-filelock==3.0.10
+click==7.1.1
 Flask==1.1.1
-gunicorn==19.9.0
-idna==2.8
 itsdangerous==1.1.0
-Jinja2==2.10.3
+Jinja2==2.11.1
 MarkupSafe==1.1.1
-more-itertools==6.0.0
-PACKAGENAME==0.0.0
-pkginfo==1.5.0.1
-pluggy==0.9.0
-psycopg2-binary==2.7.7
-py==1.8.0
-Pygments==2.3.1
-pytest==4.3.1
-pytest-datafiles==2.0
-python-gnupg==0.4.4
-readme-renderer==24.0
-requests==2.21.0
-requests-toolbelt==0.9.1
-six==1.12.0
-toml==0.10.0
-tox==3.7.0
-tqdm==4.31.1
-twine==1.13.0
-urllib3==1.24.1
-virtualenv==16.4.3
-webencodings==0.5.1
-Werkzeug==0.15.4
+psutil==5.7.0
+psycopg2-binary==2.8.4
+python-gnupg==0.4.5
+Werkzeug==1.0.0

setup.py

@@ -19,7 +19,7 @@ setup(
     license='GPL-3.0',
     packages=find_packages(),
     install_requires=[
-    'Flask==1.0.2', 'psycopg2-binary==2.7.7', 'python-gnupg==0.4.4'
+    'Flask==1.1.1', 'psycopg2-binary', 'python-gnupg==0.4.5'
     ],
     keywords=[
         '',