async def refresh_roles(app: web.Application, nocache: bool = False):
"""Refresh the roles information"""
logger.info("Refreshing roles")
try:
Mappings._roles, Mappings._role_label_to_id_map = await _load(
app["access_control_api"].role_list,
app["redis"], transformations.ROLE,
bytes(f"{__name__}:roles", encoding="utf8"), "label", nocache)
except Exception as e:
sentry.captureException()
logger.error(e)
async def refresh_permissions(app: web.Application, nocache: bool = False):
"""Refresh the permission information"""
logger.info("Refreshing permissions")
try:
Mappings._permissions, Mappings._permission_name_to_id_map = await _load(
app["access_control_api"].permission_list, app["redis"],
transformations.PERMISSION,
bytes(f"{__name__}:permissions", encoding="utf8"), "name", nocache)
except Exception as e:
sentry.captureException()
logger.error(e)
async def refresh_sites(app: web.Application, nocache: bool = False):
"""Refresh the sites information"""
logger.info("Refreshing sites")
try:
Mappings._sites, Mappings._site_name_to_id_map = await _load(
app["access_control_api"].site_list,
app["redis"], transformations.SITE,
bytes(f"{__name__}:sites", encoding="utf8"), "name", nocache)
Mappings._client_id_to_site_id_map = {
detail["client_id"]: _id
for _id, detail in Mappings._sites.items() if "client_id" in
detail # Some sites may not have a client linked yet.
}
except Exception as e:
sentry.captureException()
logger.error(e)
async def refresh_keys(app: web.Application, nocache: bool = False):
"""
The call for retrieving the JSON Web Token Key Set (JWKS) is not exposed by the Authentication
Service API since it is part of the OIDC Provider Django application. A simple HTTP request
(as opposed to using a client library) suffices in this case.
"""
logger.info("Refreshing keys")
try:
items_by_id = {} # type: Dict[int, T]
key = bytes(f"{__name__}:jwks", encoding="utf8")
items = None if nocache else await app["redis"].get(key)
if items:
items_by_id = json.loads(items, encoding="utf8")
logger.debug(f"Loaded {len(items_by_id)} definitions from cache")
else:
async with app["client_session"].get(
AUTHENTICATION_SERVICE_JWKS) as response:
jwks = await response.json()
for entry in jwks["keys"]:
items_by_id[entry["kid"]] = entry
await app["redis"].set(key,
json.dumps(items_by_id).encode("utf8"),
expire=CACHE_TIME)
logger.debug(
f"Loaded {len(items_by_id)} definitions from the JWKS end-point"
)
for k, parameters in items_by_id.items():
# We compute the public key based on the parameters provided. The public key is not
# cached in redis. Only its parameters are.
public_key = jwt.algorithms.RSAAlgorithm.from_jwk(
json.dumps(parameters))
# We store the computed public key along with the parameters
items_by_id[k]["public_key"] = public_key
Mappings._keys = items_by_id
except Exception as e:
sentry.captureException()
logger.error(e)
async def refresh_clients(app: web.Application, nocache: bool = False):
"""Refresh the client information
Because this information is linked to site information, the site information needs to be
loaded before this.
"""
logger.info("Refreshing clients")
try:
Mappings._clients, Mappings._client_name_to_id_map = await _load(
app["authentication_service_api"].client_list, app["redis"],
transformations.CLIENT,
bytes(f"{__name__}:clients", encoding="utf8"), "name", nocache)
Mappings._token_client_id_to_site_id_map = {
detail["client_id"]: Mappings._client_id_to_site_id_map[id_]
for id_, detail in Mappings._clients.items()
if id_ in Mappings._client_id_to_site_id_map
}
except Exception as e:
sentry.captureException()
logger.error(e)
async def refresh_credentials(app: web.Application, nocache: bool = False):
"""Refresh the domain information"""
logger.info("Refreshing credentials")
try:
Mappings._credentials, Mappings._account_id_to_credentials_id_map = await _load(
app["access_control_api"].credentials_list, app["redis"],
transformations.CREDENTIALS,
bytes(f"{__name__}:credentials",
encoding="utf8"), "account_id", nocache)
Mappings._account_id_to_site_id_map = {
detail["account_id"]: detail["site_id"]
for detail in Mappings._credentials.values()
}
Mappings._account_id_to_credentials_map = {
detail["account_id"]: detail
for detail in Mappings._credentials.values()
}
except Exception as e:
sentry.captureException()
logger.error(e)
async def sentry_middleware(request, handler):
try:
return await handler(request)
except web.HTTPException:
# Do not generate Sentry alerts for HTTPExceptions, which are
# used to generate specific responses.
raise
except Exception:
sentry.captureException(
data={
"request": {
"query_string": request.query_string,
"cookies": request.headers.get("Cookie", ""),
"headers": dict(request.headers),
"url": request.path,
"method": request.method,
"env": {
"REMOTE_ADDR":
request.transport.get_extra_info("peername")[0],
}
}
})
raise