Skip to content

Commit

Permalink
Fix SA2.0 (query->select) in galaxy.security
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdavcs
jdavcs committed Aug 7, 2023
1 parent dce5ab7 commit 14e5784
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 11 deletions.
18 changes: 9 additions & 9 deletions lib/galaxy/security/validate_user_input.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@

import dns.resolver
from dns.exception import DNSException
from sqlalchemy import func
from sqlalchemy import (
func,
select,
)
from typing_extensions import LiteralString

from galaxy.objectstore import ObjectStore
Expand Down Expand Up @@ -78,13 +81,8 @@ def validate_email(trans, email, user=None, check_dup=True, allow_empty=False, v
domain = extract_domain(email)
message = validate_email_domain_name(domain)

if (
not message
and check_dup
and trans.sa_session.query(trans.app.model.User)
.filter(func.lower(trans.app.model.User.table.c.email) == email.lower())
.first()
):
stmt = select(trans.app.model.User).filter(func.lower(trans.app.model.User.email) == email.lower()).limit(1)
if not message and check_dup and trans.sa_session.scalars(stmt).first():
message = f"User with email '{email}' already exists."

if not message:
Expand Down Expand Up @@ -134,7 +132,9 @@ def validate_publicname(trans, publicname, user=None):
message = validate_publicname_str(publicname)
if message:
return message
if trans.sa_session.query(trans.app.model.User).filter_by(username=publicname).first():

stmt = select(trans.app.model.User).filter_by(username=publicname).limit(1)
if trans.sa_session.scalars(stmt).first():
return "Public name is taken; please choose another."
return ""

Expand Down
9 changes: 7 additions & 2 deletions lib/galaxy/security/vault.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
Fernet,
MultiFernet,
)
from sqlalchemy import select

try:
from custos.clients.resource_secret_management_client import ResourceSecretManagementClient
Expand Down Expand Up @@ -130,7 +131,7 @@ def _get_multi_fernet(self) -> MultiFernet:
return MultiFernet(self.fernet_keys)

def _update_or_create(self, key: str, value: Optional[str]) -> model.Vault:
vault_entry = self.sa_session.query(model.Vault).filter_by(key=key).first()
vault_entry = self._get_vault_value(key)
if vault_entry:
if value:
vault_entry.value = value
Expand All @@ -149,7 +150,7 @@ def _update_or_create(self, key: str, value: Optional[str]) -> model.Vault:
return vault_entry

def read_secret(self, key: str) -> Optional[str]:
key_obj = self.sa_session.query(model.Vault).filter_by(key=key).first()
key_obj = self._get_vault_value(key)
if key_obj and key_obj.value:
f = self._get_multi_fernet()
return f.decrypt(key_obj.value.encode("utf-8")).decode("utf-8")
Expand All @@ -163,6 +164,10 @@ def write_secret(self, key: str, value: str) -> None:
def list_secrets(self, key: str) -> List[str]:
raise NotImplementedError()

def _get_vault_value(self, key):
stmt = select(model.Vault).filter_by(key=key).limit(1)
return self.sa_session.scalars(stmt).first()


class CustosVault(Vault):
def __init__(self, config):
Expand Down

0 comments on commit 14e5784

Please sign in to comment.