Skip to content
This repository has been archived by the owner on Jan 7, 2024. It is now read-only.

Adds APIProxy class to use securedrop-proxy #21

Merged
merged 14 commits into from
Oct 16, 2018
Merged

Adds APIProxy class to use securedrop-proxy #21

merged 14 commits into from
Oct 16, 2018

Conversation

kushaldas
Copy link
Contributor

@kushaldas kushaldas commented Oct 11, 2018
edited
Loading

The APIProxy class can now use securedrop-proxy service in the QubesOS. By default sd-journalist is the proxy name, but, we can override it using a configuration file at /etc/sd-sdk.conf file.

[proxy]
name = proxy-debian

How to test?

pipenv run python -m unittest discover -v tests

We also found freedomofpress/securedrop-proxy#131 while working on this.

Fixes freedomofpress/securedrop-proxy#16.

@kushaldas
Initial code for APIProxy
4b18c3c 
We can now use the securedrop-proxy to fetch data from the server.
This has the initial authentication and get_source* methods.
@kushaldas
Adds all methods except download files for APIProxy class
8ee421f 
The methods have same calling signature as in ``API`` class,
thus will help the developers to use the either as required.
@kushaldas
Fixes the typo in proxyapi filename
ed5e468
@kushaldas
Adds a new decorator for testing qrexec service
e3a7bbd 
We now have a decorator dastollervey_datasaver which can help
to mock out qrexec calls to securedrop-proxy service.
This saves the mock input/output into data/ directory.
@kushaldas
Adds tests for the APIProxy class
86a19e8 
Uses dastollervey_datasaver decorator to save the mock data.
@kushaldas
Updates the proxy vmname based on a configuration file
208530a 
The default proxy vmname is sd-journalist. If you want to override
it, add a file at ``/etc/sd-sdk.conf`` with the following details:

[proxy]
name = proxy-debian

The above example updates the proxy vmname to be ``proxy-debian``.
@kushaldas
Adds methods and tests for downloading reply and submission
5e9fabd 
We have two methods to download replies and submissions
@kushaldas
Moves two test helper functions into utils
0598e6b
@kushaldas
Fixes the test run using pipenv
3fc56a8
@kushaldas
Copy link
Contributor Author

Blah, now I should test it on my normal box.

@kushaldas
Copy link
Contributor Author

Tests are failing because of the randomness of the dictionary.

@redshiftzero
Copy link
Contributor

hey I started DRYing up the API and APIProxy classes in 218eaac, check it out and let me know what you think (still a few test failures to resolve, but an approach like this should trim down the added non-test code by 650 lines or so)

@kushaldas
Copy link
Contributor Author

hey I started DRYing up the API and APIProxy classes in 218eaac, check it out and let me know what you think (still a few test failures to resolve, but an approach like this should trim down the added non-test code by 650 lines or so)

This is a good start, I will look at the failing tests today.

@kushaldas
Copy link
Contributor Author

Finally managed to fix rest of the API calls and also the test cases. I have to push new test JSON files for the same. c711bd5 has changes. Please let me know what do you think.

redshiftzero and others added 2 commits October 15, 2018 11:57
@redshiftzero
Copy link
Contributor

c711bd5 looks great, exactly what i was looking for!

@redshiftzero
Temporary fix to workaround server bug #3877
6170a33 
ETags are being stripped from staging/production servers
due to an Apache misconfiguration.

For now we should not use the ETag until this is addressed
server-side.
redshiftzero
redshiftzero approved these changes Oct 15, 2018
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving - diff looks great, thanks for doing the DRYing up :-)

Manual testing done here: I verified that using the SDK in the sd-svs AppVM in Qubes with the securedrop-proxy service worked without issue - I was able to download submissions from sources 🎉 (note that I did not manually test every API endpoint and am relying on unit tests for that).

@redshiftzero
Copy link
Contributor

Hey @ntoll I just want to check prior to my merging this that you're not using etags for the ticket you're currently working on for the client - they are provided by API.download_submission and API.download_reply (reference). If so, we'll need to snip out that logic and drop in a branch until defect freedomofpress/securedrop#3877 is addressed on the server side (the ETag header is present in the development environment but not in staging/production servers, so you probably have not hit any issues accessing that header).

@ntoll
Copy link
Contributor

ntoll commented Oct 16, 2018

@redshiftzero nope... I'm not (knowingly) using etags, I'm consciously trying to do the simplest possible thing via this API layer. :-) I think you're safe to merge, and I'll certainly yelp if something breaks.

@redshiftzero
Copy link
Contributor

ah great, thanks for confirming @ntoll ! mergin'

@redshiftzero redshiftzero merged commit 71e1681 into master Oct 16, 2018
@redshiftzero redshiftzero deleted the forproxy branch October 16, 2018 16:17
This was referenced Oct 18, 2018
Merged
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kushaldas @redshiftzero @ntoll