flake8
failed.
JSHint
passed.
Add web-based logon.
Review Request #12981 — Created May 5, 2023 and submitted
This adds web-based logon for to RBTools. This allows users of RBTools to
authenticate to the Review Board server via a web browser. This is useful for
users who authenticate to Review Board using SSO or similar methods, and would
like to use those methods to authenticate to RBTools. To do this we spin up a
local server which redirects to Review Board's login page and then receives
an API token from the Review Board server to authenticate with.
- Ran unit tests.
- Manually tested the login flow with successful logins and failed logins.
- Tested logging in again while logged in and logging out
- Tested with automatically opening a browser (the
-oflag). - Tested logging in/out with the traditional login flow.
- Tested exiting the command.
- Tested running two instances of the web login server at the same time.
Saw that the servers ran on different ports and was able to complete
the login flow on both. - Tested timing out the web login server.
- Tested on RB5, RB6 and RB7.
- Tested using a version that is too old to support web-based login.
- Tested using a version that have the
client_web_loginserver
capabilities bug (5.0.5-5.0.7 and 6.0-6.0.2). - Tested using RB7 with the capabilities bug fix.
| Summary | ID |
|---|---|
| 2182d1057713651347ffa618c02240d58d179eb7 |
| Description | From | Last Updated |
|---|---|---|
|
There's one design consideration we should figure out. This all works great for the case of rbt commands, but RBTools … |
 chipx86
|
|
|
I'm not sure of how I should add unit tests for this request handler. I'm not sure how to mock … |
 maubin
|
|
|
line too long (80 > 79 characters) Column: 80 Error code: E501 |
 reviewbot
|
|
|
): should be on the next line. Can you update this to specify types while here? |
chipx86
|
|
|
Let's require keyword arguments here. Helps with letting us add/rearrange arguments as we go without breaking API. |
chipx86
|
|
|
These are missing documentation. |
chipx86
|
|
|
, optional |
chipx86
|
|
|
I think we should use the same user agent we use for API requests (defined in api/request.py), so we can … |
chipx86
|
|
|
Let's make these keyword-only. Same with ones below. |
chipx86
|
|
|
Version Added will show as part of the description, so this will need to be above Args. |
chipx86
|
|
|
For logging statements, we should avoid f-strings and instead pass parameters to the logging function. These get tracked separately, allowing … |
chipx86
|
|
|
Blank line between statements and blocks. |
chipx86
|
|
|
Since we're repeating this block of code, we should have a standard function somewhere for opening pages in a browser. |
chipx86
|
|
|
This should go before Returns. |
chipx86
|
|
|
Can we use constants to define this range? Even if just as arguments to this function. That'll help document them … |
chipx86
|
|
|
Hmm. Instead of "traditional", maybe "console" or "terminal"? |
 david
|
|
|
I think I'd prefer to revert this change. |
david
|
|
|
Type here doesn't match the type hint. |
david
|
|
|
Typo: loggin -> logging |
david
|
|
|
Let's plumb the capabilities object in the command through to here, so we can use capabilities.has_capability('authentication', 'client_web_login') |
david
|
|
|
Too many logins. Let's say "The login command now directs the user to log in via the Review Board web … |
david
|
|
|
And here. |
david
|
|
|
Could do: if capabilities is None: capabilities = Capabilities(server_info.capabilities) return capabilities.has_capability(...) |
david
|
|
|
This is technically not a Python Standard Library, so it should go in a 3rd-party group. |
chipx86
|
|
|
"shut down" |
chipx86
|
|
|
Types should go on the next line, indented 4. Same below. |
chipx86
|
|
|
Summary must be a single line. Same with ones below. |
chipx86
|
|
|
Let's call this timeout_time_secs, so it's always clear what the unit is. |
chipx86
|
|
|
Let's add a unit of time here as well. Does it need to be a float? |
chipx86
|
|
|
We should just use the local variables here. |
chipx86
|
|
|
Both of these should be , optional. |
chipx86
|
|
|
I'd rather we avoid a SystemExit here, since potentially this is being used in a third-party codebase. It'd be better … |
chipx86
|
|
|
Same comment as above re: the type being on the next line. This applies throughout the file. |
chipx86
|
|
|
Missing docs for this. |
chipx86
|
|
|
There's an extra blank line here. |
chipx86
|
|
|
This string should use single quotes. Also noticed that the casing is different than the other headers. Pretty sure these … |
chipx86
|
|
|
This function doesn't have a return type, so no need for the return None. |
chipx86
|
- Summary:
-
[WIP] Add web-based logon.Add web-based logon.
- Description:
-
This adds web-based logon for to RBTools. This allows users of RBTools to
authenticate to the Review Board server via a web browser. This is useful for users who authenticate to Review Board using SSO or similar methods, and would like to use those methods to authenticate to RBTools. To do this we spin up a ~ local server which redirects to Review Board's login page and then stores the ~ authentication data received from the Review Board server. ~ local server which redirects to Review Board's login page and then receives ~ an API token from the Review Board server to authenticate with. - - This currently relies on receiving session cookie data from Review Board for
- authentication, but I will be changing it so that we use API tokens instead. - Testing Done:
-
- Ran unit tests.
- Manually tested the login flow with successful logins and failed logins.
- Tested logging in again while logged in and logging out
+ - Tested with automatically opening a browser (the
-oflag).
+ - Tested logging in/out without the web based login flow.
+ - Tested exiting the command.
- Commits:
-
Summary ID 01d2388e00ad39edebca7883c7ed8c703d05eef1 82d9d629fc6498d3ab259e45678d03ece85ecf07 - Branch:
-
masterrelease-5.x
- Depends On:
-
- Diff:
Revision 2 (+1376 -22)
Checks run (2 succeeded)
flake8 passed.JSHint passed.
-
-
There's one design consideration we should figure out. This all works great for the case of
rbtcommands, but RBTools can also be consumed via services that may need to talk to multiple Review Board servers (in theory) and may or may not be multi-threaded.Right now, the web server and its state are global, so the first login to a server wins. There's also only one server that can run at a time. And we have to block on response.
I think an alternative approach could provide wider compatibility with different use cases:
-
Have a class that manages all this state and the server.
WebLoginManageror something. This would contain the functionality for creating a server, starting it, and querying successful login. -
Allow this to take a callback function for when login is successful, which is called immediately after setting
self.login_successful. -
Add a
wait_successful()method or something that can do the blocking loop waiting for success/fail (you'll probably want atime.sleep(0.1)to avoid high-CPU usage), making it easy to use for therbtcase. -
Introduce timeouts. This should probably be on
WebLoginManager. After a certain amount of time, the server shuts down and any blocking operations give up. This avoids the situation where a background process outputs a URL and just stalls for ever, and covers the blocking loop and async results usages.
This would allow for multiple (even concurrent) web login processes, and avoid global state to avoid threading issues. It'd also give async processes a way to wait for successful login/timeout (important for UI processes, such as possible IDE integrations)
-
-
-
Let's require keyword arguments here. Helps with letting us add/rearrange arguments as we go without breaking API.
-
-
-
I think we should use the same user agent we use for API requests (defined in
api/request.py), so we can more easily trace user agent activity in logs. -
-
-
For logging statements, we should avoid f-strings and instead pass parameters to the logging function. These get tracked separately, allowing the message and the arguments to be pulled out separately by logging implementations.
Same elsewhere.
-
-
Since we're repeating this block of code, we should have a standard function somewhere for opening pages in a browser.
-
-
Can we use constants to define this range? Even if just as arguments to this function. That'll help document them a bit better.
- Testing Done:
-
- Ran unit tests.
- Manually tested the login flow with successful logins and failed logins.
- Tested logging in again while logged in and logging out
- Tested with automatically opening a browser (the
-oflag).
~ - Tested logging in/out without the web based login flow.
~ - Tested logging in/out with the traditional login flow.
- Tested exiting the command.
+ - Tested running two instances of the web login server at the same time.
Saw that the servers ran on different ports and was able to complete
the login flow on both.
+ - Tested timing out the web login server.
- Commits:
-
Summary ID 82d9d629fc6498d3ab259e45678d03ece85ecf07 2331634b5909c7d68b20584faeca064ad7c48d48 - Depends On:
-
- Diff:
Revision 3 (+1894 -26)
Checks run (2 succeeded)
flake8 passed.JSHint passed.
- Commits:
-
Summary ID 2331634b5909c7d68b20584faeca064ad7c48d48 4ef1b2f41b5e863395ac0a3fca6de048a27e483a
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Change Summary:
-
- Updated docs.
- Checks if the server supports web-based login before doing it.
- Testing Done:
-
- Ran unit tests.
- Manually tested the login flow with successful logins and failed logins.
- Tested logging in again while logged in and logging out
- Tested with automatically opening a browser (the
-oflag).
- Tested logging in/out with the traditional login flow.
- Tested exiting the command.
- Tested running two instances of the web login server at the same time.
Saw that the servers ran on different ports and was able to complete
the login flow on both.
- Tested timing out the web login server.
+ - Tested on RB5, RB6 and RB7.
- Commits:
-
Summary ID 4ef1b2f41b5e863395ac0a3fca6de048a27e483a b60277db921428b2eb2987f935126b4339802f32
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Change Summary:
-
Does a better check to see if the server supports web-based login.
- Testing Done:
-
- Ran unit tests.
- Manually tested the login flow with successful logins and failed logins.
- Tested logging in again while logged in and logging out
- Tested with automatically opening a browser (the
-oflag).
- Tested logging in/out with the traditional login flow.
- Tested exiting the command.
- Tested running two instances of the web login server at the same time.
Saw that the servers ran on different ports and was able to complete
the login flow on both.
- Tested timing out the web login server.
- Tested on RB5, RB6 and RB7.
+ - Tested using a version that is too old to support web-based login.
+ - Tested using a version that have the
client_web_loginserver
capabilities bug (5.0.5-5.0.7 and 6.0-6.0.2).
+ - Tested using RB7 with the capabilities bug fix.
- Commits:
-
Summary ID b60277db921428b2eb2987f935126b4339802f32 d5f9756e0a5b44041ecc7d919ab6993b33b5bb89
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Commits:
-
Summary ID d5f9756e0a5b44041ecc7d919ab6993b33b5bb89 d57173e45d9750f0572753be53acba57aee5851f
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Commits:
-
Summary ID d57173e45d9750f0572753be53acba57aee5851f 467a603f56cd28d37f12d306d0d085a49e0d3569
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
-
-
-
-
-
-
-
-
-
-
I'd rather we avoid a
SystemExithere, since potentially this is being used in a third-party codebase. It'd be better to have a more relevant exception to raise. -
-
-
-
This string should use single quotes.
Also noticed that the casing is different than the other headers. Pretty sure these get normalized, but for consistency, maybe we want to use
Content-Typehere. -