Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(auth): guest login now forces user to wait before making another guest account #1200

Open
wants to merge 1 commit into
base: 331-staging
Choose a base branch
from
Open

feat(auth): guest login now forces user to wait before making another guest account #1200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions backend/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ click==8.1.7
cryptography==42.0.7
dnspython==2.6.1
fastapi==0.110.2
fastapi_limiter==0.1.6
fuzzywuzzy==0.18.0
h11==0.14.0
hypothesis==6.61.0
Expand Down
5 changes: 3 additions & 2 deletions backend/server/routers/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
from typing import Annotated, Dict, Optional, Tuple, Union, cast
from secrets import token_hex, token_urlsafe
from time import time
from fastapi import APIRouter, Cookie, HTTPException, Response, Security
from fastapi import APIRouter, Cookie, Depends, HTTPException, Response, Security
from fastapi_limiter.depends import RateLimiter # type: ignore
from pydantic import BaseModel
from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_400_BAD_REQUEST, HTTP_500_INTERNAL_SERVER_ERROR

Expand Down Expand Up @@ -101,7 +102,7 @@ def _try_get_session_info_for_logout(session_token: SessionToken, refresh_token:



@router.post('/guest_login')
@router.post('/guest_login', dependencies=[Depends(RateLimiter(times=1, hours=1))])
def create_guest_session(res: Response) -> IdentityPayload:
# create new login session for user in db, generating new tokens
uid = insert_new_guest_user()
Expand Down
7 changes: 6 additions & 1 deletion backend/server/server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,19 @@
"""

from contextlib import asynccontextmanager

from fastapi_limiter import FastAPILimiter # type: ignore
import redis
import redis.asyncio
from data.config import LIVE_YEAR
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from server.routers import auth, courses, followups, planner, programs, specialisations, user
from server.db.redis.conn import sdb

@asynccontextmanager
async def on_setup_and_shutdown(_app: FastAPI):
# TODO-OLLI(pm): actually use these
await FastAPILimiter.init(redis.asyncio.Redis(**sdb.get_connection_kwargs()))
print("\n\nstartup\n\n")
yield
print("\n\nshutdown\n\n")
Expand Down
6 changes: 5 additions & 1 deletion backend/server/tests/courses/test_search_course.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@

import requests

from server.tests.user.utility import get_token, get_token_headers
from server.tests.user.utility import clear, get_token, get_token_headers

with open("./algorithms/tests/exampleUsers.json", encoding="utf8") as f:
USER = json.load(f)["user_degree_wizard"]
f.close()


def test_search_course():
clear()
token = get_token()
headers = get_token_headers(token)
requests.post('http://127.0.0.1:8000/user/setupDegreeWizard', headers=headers, json=USER)
Expand All @@ -19,6 +20,7 @@ def test_search_course():


def test_search_archives():
clear()
token = get_token()
headers = get_token_headers(token)
requests.post('http://127.0.0.1:8000/user/setupDegreeWizard', headers=headers, json=USER)
Expand All @@ -28,6 +30,7 @@ def test_search_archives():


def test_search_title():
clear()
token = get_token()
headers = get_token_headers(token)
requests.post('http://127.0.0.1:8000/user/setupDegreeWizard', headers=headers, json=USER)
Expand All @@ -36,6 +39,7 @@ def test_search_title():


def test_search_minor():
clear()
token = get_token()
headers = get_token_headers(token)
requests.post('http://127.0.0.1:8000/user/setupDegreeWizard', headers=headers, json=USER)
Expand Down
14 changes: 13 additions & 1 deletion frontend/src/pages/Login/Login.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import React, { useCallback } from 'react';
import { Link } from 'react-router-dom';
import { useQueryClient } from '@tanstack/react-query';
import { guestLogin as guestLoginRequest, initiateCSEAuth } from 'utils/api/authApi';
import openNotification from 'utils/openNotification';
import BackButton from 'assets/back.svg';
import SplashArt from 'assets/splashart.svg';
import PageTemplate from 'components/PageTemplate';
Expand All @@ -23,7 +24,18 @@ const Login = () => {
// - quick api call before login, although this is probs BAD
// -- can just check if a refresh token is given at the login routes
const guestLogin = useCallback(async () => {
const res = await guestLoginRequest();
let res;
try {
res = await guestLoginRequest();
} catch (_) {
openNotification({
type: 'error',
message: "Can't log in",
description:
'If you attempted to continue as guest, you may have hit a timeout. Either log in with your zID or wait until the timeout has cleared. Otherwise, there may be an issue with your user.'
});
return;
}

queryClient.clear();
dispatch(updateIdentityWithAPIRes(res));
Expand Down
Loading