Skip to content

Commit

Permalink
1316 Pass secret key through base config, use non default session name (
Browse files Browse the repository at this point in the history 
#24)
  • Loading branch information
@AdamHawtin
AdamHawtin authored Jan 11, 2024
1 parent ff2e42a commit 2984fca
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 23 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG python_pipenv_build_image=europe-west2-docker.pkg.dev/ons-ci-rm/docker/python-pipenv:latest
ARG python_pipenv_build_image=europe-west2-docker.pkg.dev/ons-ci-rm/docker/python-pipenv:3.10
FROM ${python_pipenv_build_image} as build

ENV PIPENV_VENV_IN_PROJECT=1
Expand Down
2 changes: 2 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ test: install unit_test integration_test

build: test docker_build

build-no-test: install docker_build

docker_build:
docker build -t europe-west2-docker.pkg.dev/ssdc-rm-ci/docker/srm-rh-ui .

Expand Down
8 changes: 7 additions & 1 deletion config.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import os
from distutils.util import strtobool


class BaseConfig:
Expand All @@ -9,6 +10,9 @@ class BaseConfig:
DOMAIN_URL = os.getenv("DOMAIN_URL")
DOMAIN_URL_PROTOCOL = os.getenv("DOMAIN_URL_PROTOCOL")

SECRET_KEY = os.getenv("SECRET_KEY")
SESSION_COOKIE_SECURE = bool(strtobool(os.getenv('SESSION_COOKIE_SECURE', 'True')))

# Account service url is a link back to our service that we send to eq as part of the token
ACCOUNT_SERVICE_URL = f"{DOMAIN_URL_PROTOCOL}{DOMAIN_URL}"
LANGUAGES = ['en', 'cy']
Expand All @@ -21,10 +25,12 @@ class DevelopmentConfig(BaseConfig):
HOST = os.getenv('HOST', '0.0.0.0')
LOGGING_LEVEL = os.getenv("LOGGING_LEVEL", "DEBUG")
EQ_URL = os.getenv('EQ_URL', 'http://localhost:5000')
SECRET_KEY = os.getenv('SECRET_KEY', b'_5#y2L"F4Q8z\n\xec]/')
DOMAIN_URL = os.getenv("DOMAIN_URL", "localhost:9092")
DOMAIN_URL_PROTOCOL = os.getenv("DOMAIN_URL_PROTOCOL", 'http://')

SECRET_KEY = os.getenv('SECRET_KEY', b'_5#y2L"F4Q8z\n\xec]/')
SESSION_COOKIE_SECURE = bool(strtobool(os.getenv('SESSION_COOKIE_SECURE', 'False')))

ACCOUNT_SERVICE_URL = f"{DOMAIN_URL_PROTOCOL}{DOMAIN_URL}"
RH_SVC_URL = os.getenv("RH_SVC_URL", "http://localhost:8071/")

Expand Down
6 changes: 4 additions & 2 deletions rh_ui/app_setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@

from flask import Flask, g, request
from flask_babel import Babel
from structlog import wrap_logger
from flask_talisman import Talisman
from structlog import wrap_logger

from rh_ui.security import CSP, PERMISSION_POLICY
from rh_ui.logger_config import logger_initial_config
from rh_ui.security import CSP, PERMISSION_POLICY


def create_app() -> Flask:
Expand All @@ -26,6 +26,8 @@ def get_locale() -> str:
app_config = f'config.{os.environ.get("APP_CONFIG", "BaseConfig")}'
app.config.from_object(app_config)
app.secret_key = app.config.get('SECRET_KEY') # required to enable the flash function
app.session_cookie_name = 'RH2_SESSION' # Use a custom session cookie name to avoid ambiguity and clashes
app.session_cookie_secure = app.config.get('SESSION_COOKIE_SECURE')

# Configure logger
logger_initial_config(log_level=app.config.get("LOGGING_LEVEL", "INFO"))
Expand Down
43 changes: 24 additions & 19 deletions whitelist.py
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,23 @@
PORT # unused variable (config.py:5)
HOST # unused variable (config.py:6)
LOGGING_LEVEL # unused variable (config.py:7)
RH_SVC_URL # unused variable (config.py:8)
ACCOUNT_SERVICE_URL # unused variable (config.py:13)
LANGUAGES # unused variable (config.py:14)
EQ_URL # unused variable (config.py:15)
DEBUG # unused variable (config.py:21)
PORT # unused variable (config.py:22)
HOST # unused variable (config.py:23)
LOGGING_LEVEL # unused variable (config.py:24)
EQ_URL # unused variable (config.py:25)
SECRET_KEY # unused variable (config.py:26)
ACCOUNT_SERVICE_URL # unused variable (config.py:30)
RH_SVC_URL # unused variable (config.py:31)
DEBUG # unused variable (config.py:37)
RH_SVC_URL # unused variable (config.py:38)
PORT # unused variable (config.py:6)
HOST # unused variable (config.py:7)
LOGGING_LEVEL # unused variable (config.py:8)
RH_SVC_URL # unused variable (config.py:9)
SECRET_KEY # unused variable (config.py:13)
SESSION_COOKIE_SECURE # unused variable (config.py:14)
ACCOUNT_SERVICE_URL # unused variable (config.py:17)
LANGUAGES # unused variable (config.py:18)
EQ_URL # unused variable (config.py:19)
DEBUG # unused variable (config.py:23)
PORT # unused variable (config.py:24)
HOST # unused variable (config.py:25)
LOGGING_LEVEL # unused variable (config.py:26)
EQ_URL # unused variable (config.py:27)
SECRET_KEY # unused variable (config.py:31)
SESSION_COOKIE_SECURE # unused variable (config.py:32)
ACCOUNT_SERVICE_URL # unused variable (config.py:34)
RH_SVC_URL # unused variable (config.py:35)
DEBUG # unused variable (config.py:39)
RH_SVC_URL # unused variable (config.py:40)
wsgi_app # unused variable (gunicorn.conf.py:9)
bind # unused variable (gunicorn.conf.py:12)
worker_class # unused variable (gunicorn.conf.py:14)
Expand All @@ -23,12 +26,14 @@
accesslog # unused variable (gunicorn.conf.py:24)
logconfig # unused variable (gunicorn.conf.py:27)
_.secret_key # unused attribute (rh_ui/app_setup.py:28)
TestingConfig # unused class (config.py:36)
_.session_cookie_name # unused attribute (rh_ui/app_setup.py:29)
_.session_cookie_secure # unused attribute (rh_ui/app_setup.py:30)
TestingConfig # unused class (config.py:38)
add_language_code # unused function (rh_ui/views/i18n.py:19)
pull_lang_code # unused function (rh_ui/views/i18n.py:24)
cookies # unused function (rh_ui/views/info_pages.py:11)
privacy_and_data_protection # unused function (rh_ui/views/info_pages.py:16)
start_get # unused function (rh_ui/views/start.py:22)
add_security_headers # unused function (rh_ui/security.py:67)
add_security_headers # unused function (rh_ui/security.py:61)
info_healthcheck # unused function (rh_ui/views/healthcheck.py:6)
start_post # unused function (rh_ui/views/start.py:27)

0 comments on commit 2984fca

Please sign in to comment.