add: save votr context in flask session

TomiBelan · TomiBelan · commit 055335dc0dbb · 2025-01-25T23:24:07.000+01:00
diff --git a/eprihlaska/ais_utils.py b/eprihlaska/ais_utils.py
@@ -140,7 +140,7 @@ def save_application_form(ctx,
 
     # If the priezviskoTextField is not empty, it most probably means the
     # person is already registered in
-    if app.d.priezviskoTextField.value != '' and process_type is None:
+    if app.d.priezviskoTextField.value != '' and process_type == 'none':
         notes['person_exists'] = {
             'name': app.d.menoTextField.value,
             'surname': app.d.priezviskoTextField.value,
diff --git a/eprihlaska/forms.py b/eprihlaska/forms.py
@@ -345,11 +345,5 @@ class SignupForm(FlaskForm):
     submit = SubmitField(label=c.SIGNUP)
 
 
-class AIS2CookieForm(FlaskForm):
-    jsessionid = StringField(label='JSESSIONID',
-                             validators=[validators.DataRequired()])
-    submit = SubmitField(label=c.SUBMIT)
-
-
 class AIS2SubmitForm(FlaskForm):
     submit = SubmitField(label=c.CONTINUE)
diff --git a/eprihlaska/templates/admin_list.html b/eprihlaska/templates/admin_list.html
@@ -47,8 +47,8 @@
             {% endif %}
 
             {% if app.state.value == 2 %}
-            <a class="btn btn-xs btn-default" href="{{ url_for('admin_process', id=app.id) }}">Preklopiť na BETU</a>
-            <a class="btn btn-xs btn-default" href="{{ url_for('admin_ais2_process', id=app.id) }}">Preklopiť</a>
+            <a class="btn btn-xs btn-default" href="{{ url_for('admin_ais2_process', ais_instance='beta', process_type='none', id=app.id) }}">Preklopiť na BETU</a>
+            <a class="btn btn-xs btn-default" href="{{ url_for('admin_ais2_process', ais_instance='prod', process_type='none', id=app.id) }}">Preklopiť</a>
             {% endif %}
           </div>
           <br />
diff --git a/eprihlaska/templates/admin_process.html b/eprihlaska/templates/admin_process.html
@@ -8,7 +8,7 @@
 <div class="container">
   <h1 class="section-title">
     {% block title %}
-     {% if beta %}
+     {% if ais_instance == 'beta' %}
      Preklopenie prihlášky #{{ id }} do AIS2 (beta)
      {% else %}
      Preklopenie prihlášky #{{ id }} do AIS2
@@ -128,21 +128,13 @@ <h3>Vyplniť prihlášku bez párovania s osobou</h3>
             </a>
           </div>
           <div class="col-md-4">
-            {% if beta %}
-            <a class="btn" href="{{ url_for('admin_process_special', id=id, process_type='no_fill') }}">
-            {% else %}
-            <a class="btn" href="{{ url_for('admin_ais2_process_special', id=id, process_type='no_fill') }}">
-            {% endif %}
+            <a class="btn" href="{{ url_for('admin_ais2_process', ais_instance=ais_instance, process_type='no_fill', id=id) }}">
               Pokračovať s údajmi z AIS2
             </a>
           </div>
 
           <div class="col-md-4">
-            {% if beta %}
-            <a class="btn" href="{{ url_for('admin_process_special', id=id, process_type='fill') }}">
-            {% else %}
-            <a class="btn" href="{{ url_for('admin_ais2_process_special', id=id, process_type='fill') }}">
-            {% endif %}
+            <a class="btn" href="{{ url_for('admin_ais2_process', ais_instance=ais_instance, process_type='fill', id=id) }}">
               Pokračovať s údajmi z prihlášky
             </a>
           </div>
diff --git a/eprihlaska/views.py b/eprihlaska/views.py
@@ -1,3 +1,5 @@
+import pickle
+from urllib.parse import quote_plus
 from flask import (render_template, flash, redirect, session, request, url_for,
                    make_response, send_from_directory)
 import flask.json
@@ -9,7 +11,7 @@
                               AdmissionWaiversForm, FinalForm,
                               ReceiptUploadForm, LoginForm, SignupForm,
                               ForgottenPasswordForm, NewPasswordForm,
-                              AIS2CookieForm, AIS2SubmitForm)
+                              AIS2SubmitForm)
 from werkzeug.security import generate_password_hash, check_password_hash
 from flask_login import login_user, login_required, logout_user, current_user
 import datetime
@@ -98,9 +100,17 @@ def save_form(form):
     save_current_session_to_DB()
 
 
+def current_session_to_json():
+    # Don't store internal keys used by flask (e.g. "_flashes"), flask-login
+    # (e.g. "_user_id", "_fresh", "_id") and our admin ("_votr_context_*") in
+    # the SQL database.
+    filtered = { k: v for k, v in session.items() if not k.startswith('_') }
+    return flask.json.dumps(filtered)
+
+
 def save_current_session_to_DB():
     app = ApplicationForm.query.filter_by(user_id=current_user.id).first()
-    app.application = flask.json.dumps(dict(session))
+    app.application = current_session_to_json()
     db.session.commit()
 
 
@@ -126,7 +136,7 @@ def load_session():
             if 'application_submitted' in session:
                 del session['application_submitted']
 
-            app.application = flask.json.dumps(dict(session))
+            app.application = current_session_to_json()
             db.session.commit()
 
         session.modified = True
@@ -469,7 +479,7 @@ def final():
             save_form(form)
 
             session['application_submitted'] = True
-            app_form.application = flask.json.dumps(dict(session))
+            app_form.application = current_session_to_json()
             app_form.state = ApplicationStates.submitted
             app_form.submitted_at = datetime.datetime.now()
             db.session.commit()
@@ -692,7 +702,7 @@ def signup():
         new_application_form = ApplicationForm(user_id=new_user.id)
         # FIXME: band-aid for last_updated_at
         new_application_form.last_updated_at = datetime.datetime.now()
-        new_application_form.application = flask.json.dumps(dict(session))
+        new_application_form.application = current_session_to_json()
         db.session.add(new_application_form)
         db.session.commit()
 
@@ -794,7 +804,7 @@ def create_or_get_user_and_login(site, token, name, surname, email):
         new_application_form = ApplicationForm(user_id=user.id)
         # FIXME: band-aid for last_updated_at
         new_application_form.last_updated_at = datetime.datetime.now()
-        new_application_form.application = flask.json.dumps(dict(session))
+        new_application_form.application = current_session_to_json()
         db.session.add(new_application_form)
         db.session.commit()
 
@@ -970,22 +980,53 @@ def admin_file_download(id, uuid):
     return send_from_directory(receipt_dir, file, as_attachment=True)
 
 
-def create_votr_context(*, beta):
+@app.route('/admin/init_votr/<any(prod,beta):ais_instance>')
+@require_remote_user
+def admin_init_votr(ais_instance):
+    next = request.args['next']
+    if not next.startswith('/admin/'):
+        return 'Bad next', 400
+
     from .ais_utils import create_context
-    return create_context(
+    votr_context = create_context(
         my_entity_id=app.config['MY_ENTITY_ID'],
         andrvotr_api_key=app.config['ANDRVOTR_API_KEY'],
         andrvotr_authority_token=request.environ['ANDRVOTR_AUTHORITY_TOKEN'],
-        beta=beta,
+        beta=(ais_instance == 'beta'),
     )
+    # flask-session docs say it'll stop using pickle in the future.
+    # Wrap the votr_context in our own pickle.
+    session[f'_votr_context_{ais_instance}'] = pickle.dumps(votr_context, pickle.HIGHEST_PROTOCOL)
+
+    return redirect(next)
+
+
+def require_votr_context(func):
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        ais_instance = kwargs['ais_instance']
+        session_key = f'_votr_context_{ais_instance}'
+        if not session.get(session_key):
+            # First time we visited an admin page that requires votr_context?
+            # 1. Re-login with mod_shib to get a fresh andrvotr authority token.
+            # 2. Create a votr_context and store it in the flask session.
+            # 3. Redirect back here.
+            target = url_for('admin_init_votr', ais_instance=ais_instance, next=request.full_path)
+            return redirect(f'/Shibboleth.sso/Login?target={quote_plus(target)}')
+
+        votr_context = pickle.loads(session[session_key])
+        result = func(*args, **kwargs, votr_context=votr_context)
+        session[session_key] = pickle.dumps(votr_context, pickle.HIGHEST_PROTOCOL)
+        return result
+    return wrapper
 
 
-@app.route('/admin/ais_test')
+@app.route('/admin/ais_test/<any(prod,beta):ais_instance>')
 @require_remote_user
-def admin_ais_test():
+@require_votr_context
+def admin_ais_test(ais_instance, votr_context):
     from .ais_utils import test_ais
-    ctx = create_votr_context(beta=False)
-    test_ais(ctx)
+    test_ais(votr_context)
     return redirect(url_for('admin_list'))
 
 
@@ -1096,61 +1137,29 @@ def generate():
                     mimetype='text/tsv', headers=headers)
 
 
-@app.route('/admin/ais2_process/<id>', methods=['GET', 'POST'])
+@app.route('/admin/ais2_process/<any(prod,beta):ais_instance>/<any(none,fill,no_fill):process_type>/<id>', methods=['GET', 'POST'])
 @require_remote_user
-def admin_ais2_process(id):
+@require_votr_context
+def admin_ais2_process(ais_instance, process_type, id, votr_context):
     application = ApplicationForm.query.get(id)
 
     form = AIS2SubmitForm()
-    return send_application_to_ais2(id, application, form,
-                                    process_type=None, beta=False)
-
 
-@app.route('/admin/ais2_process/<id>/<process_type>', methods=['GET', 'POST'])
-def admin_ais2_process_special(id, process_type):
-    application = ApplicationForm.query.get(id)
-
-    form = AIS2SubmitForm()
-    return send_application_to_ais2(id, application, form,
-                                    process_type=process_type, beta=False)
-
-
-@app.route('/admin/process/<id>', methods=['GET', 'POST'])
-@require_remote_user
-def admin_process(id):
-    application = ApplicationForm.query.get(id)
-
-    form = AIS2SubmitForm()
-    return send_application_to_ais2(id, application, form, None, beta=True)
-
-
-@app.route('/admin/process/<id>/<process_type>', methods=['GET', 'POST'])
-def admin_process_special(id, process_type):
-    application = ApplicationForm.query.get(id)
-
-    form = AIS2CookieForm()
-    return send_application_to_ais2(id, application, form, process_type,
-                                    beta=True)
-
-
-def send_application_to_ais2(id, application, form, process_type, beta=False):
     from .ais_utils import save_application_form
     if form.validate_on_submit():
-        ctx = create_votr_context(beta=beta)
-
         ais2_output = None
         error_output = None
         notes = {}
 
         logfile = None
         try:
-            if beta:
+            if ais_instance == 'beta':
                 import gzip
                 import random
                 logfile = gzip.open('/tmp/log_%s_%s' % (id, random.randrange(10000)), 'wt', encoding='utf8')
-                ctx.logger.log_file = logfile
+                votr_context.logger.log_file = logfile
 
-            ais2_output, notes = save_application_form(ctx,
+            ais2_output, notes = save_application_form(votr_context,
                                                        application,
                                                        LISTS,
                                                        id,
@@ -1176,7 +1185,7 @@ def send_application_to_ais2(id, application, form, process_type, beta=False):
 
         # Only update the application state of it is not sent to beta and the
         # 'person_exists' note is not added
-        if not beta and error_output is None and 'person_exists' not in notes:
+        if ais_instance != 'beta' and error_output is None and 'person_exists' not in notes:
             application.state = ApplicationStates.processed
             db.session.commit()
 
@@ -1185,13 +1194,14 @@ def send_application_to_ais2(id, application, form, process_type, beta=False):
                                ais2_output=ais2_output,
                                notes=notes, id=id,
                                error_output=error_output,
-                               beta=beta, process_type=process_type,
+                               ais_instance=ais_instance,
+                               process_type=process_type,
                                session=sess,
                                lists=LISTS)
 
     return render_template('admin_process.html',
                            form=form, id=id,
-                           beta=beta)
+                           ais_instance=ais_instance)
 
 
 @app.route('/admin/impersonate/list')
