Details
- Reviewers
ardumont - Group Reviewers
Reviewers - Maniphest Tasks
- T1927: Web app: rate limiting based on per-client API tokens
- Commits
- rDWAPPS644fcc014b1f: api/throttling: Lift rate limit when user has special permission
Diff Detail
- Repository
- rDWAPPS Web applications
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.
Event Timeline
Build is green
Patch application report for D3309 (id=11716)
Could not rebase; Attempt merge onto e926cadb92...
Updating e926cadb..644fcc01 Fast-forward swh/web/api/throttling.py | 6 +++++- swh/web/auth/backends.py | 5 +++++ swh/web/auth/models.py | 39 +++++++++++++++++++++++++++++++++- swh/web/tests/api/test_throttling.py | 35 ++++++++++++++++++++++++++++-- swh/web/tests/auth/keycloak_mock.py | 20 ++++++++++++++---- swh/web/tests/auth/sample_data.py | 27 ++++++++++++++++++++++++ swh/web/tests/auth/test_backends.py | 41 ++++++++++++++++++++++++++++++++---- 7 files changed, 161 insertions(+), 12 deletions(-)
Changes applied before test
commit 644fcc014b1faa5003400dcaee5a831147feba6d
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date: Wed Jun 17 17:40:18 2020 +0200
api/throttling: Lift rate limit when user has special permission
If a Django user has the "swh.web.api.throttling_exempted" permission, he
will not be rate limited.
Related to T1927
commit 7e719461588132fdaf854e20ccf244b83bc607da
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date: Wed Jun 17 16:02:08 2020 +0200
auth: Map Keycloak user permissions to Django ones
Keycloak user permissions are named Roles in Keycloak semantics.
Extract them from each decoded access token and override methods from
django.contrib.auth.models.PermissionsMixin in order to manipulate them
as Django user permissions.
Closes T2247See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/189/ for more details.
Looks good.
I have questions above ;)
| swh/web/tests/api/test_throttling.py | ||
|---|---|---|
| 201 | Is that to override a variable from django settings? it's neat if it is ;) | |
| 212 | I thought i read permissions were stored in keycloak and map to django model (as per my understanding on another task descriptions linked to diff description)? Oh or is that to avoid having to mock keycloack too much? | |
| swh/web/tests/api/test_throttling.py | ||
|---|---|---|
| 201 | yes, I had new endpoints in that test module and was forced to override settings to take them into account. | |
| 212 |
Indeed and as we stick to Django User API, we can still use classical database backed permission. The way to create them programmatically is just awful. | |