BOAC-3611, update py-deps; flask-login dropped user_callback and reload_user

boac/api/auth_controller.py

@@ -28,6 +28,7 @@
 from boac.api.errors import ResourceNotFoundError
 from boac.api.util import admin_required
 from boac.lib.http import add_param_to_url, tolerant_jsonify
+from boac.merged.user_session import UserSession
 from boac.models.authorized_user import AuthorizedUser
 from boac.models.user_login import UserLogin
 import cas
@@ -51,34 +52,37 @@ def cas_login():
     uid, attributes, proxy_granting_ticket = _cas_client(target_url).verify_ticket(ticket)
     logger.info(f'Logged into CAS as user {uid}')
     user_id = AuthorizedUser.get_id_per_uid(uid)
-    user = user_id and app.login_manager.user_callback(user_id=user_id, flush_cached=True)
-    support_email = app.config['BOAC_SUPPORT_EMAIL']
-    if user is None:
+
+    if user_id is None:
         logger.error(f'UID {uid} is not an authorized user.')
         param = ('error', f"""
             Sorry, you are not registered to use BOA.
-            Please <a href="mailto:{support_email}">email us</a> for assistance.
-        """)
-        redirect_url = add_param_to_url('/', param)
-    elif not user.is_active:
-        logger.error(f'UID {uid} is in the BOA db but is not authorized to use the tool.')
-        param = ('error', f"""
-            Sorry, you are not registered to use BOA.
-            Please <a href="mailto:{support_email}">email us</a> for assistance.
+            Please <a href="mailto:{app.config['BOAC_SUPPORT_EMAIL']}">email us</a> for assistance.
         """)
         redirect_url = add_param_to_url('/', param)
+
     else:
-        login_user(user)
-        flash('Logged in successfully.')
-        UserLogin.record_user_login(uid)
+        user = UserSession(user_id=user_id, flush_cached=True)
+        if not user.is_active:
+            logger.error(f'UID {uid} is in the BOA db but is not authorized to use the tool.')
+            param = ('error', f"""
+                Sorry, you are not registered to use BOA.
+                Please <a href="mailto:{app.config['BOAC_SUPPORT_EMAIL']}">email us</a> for assistance.
+            """)
+            redirect_url = add_param_to_url('/', param)
+        else:
+            login_user(user)
+            flash('Logged in successfully.')
+            UserLogin.record_user_login(uid)
+
+            # Check if url is safe for redirects per https://flask-login.readthedocs.io/en/latest/
+            if not _is_safe_url(request.args.get('next')):
+                return abort(400)
+            if not target_url:
+                target_url = '/'
+            # Our googleAnalyticsService uses 'casLogin' marker to track CAS login events
+            redirect_url = add_param_to_url(target_url, ('casLogin', 'true'))
 
-        # Check if url is safe for redirects per https://flask-login.readthedocs.io/en/latest/
-        if not _is_safe_url(request.args.get('next')):
-            return abort(400)
-        if not target_url:
-            target_url = '/'
-        # Our googleAnalyticsService uses 'casLogin' marker to track CAS login events
-        redirect_url = add_param_to_url(target_url, ('casLogin', 'true'))
     return redirect(redirect_url)
 
 
@@ -124,14 +128,16 @@ def _dev_auth_login(uid, password):
             logger.error('Dev-auth: Wrong password')
             return tolerant_jsonify({'message': 'Invalid credentials'}, 401)
         user_id = AuthorizedUser.get_id_per_uid(uid)
-        user = user_id and app.login_manager.user_callback(user_id=user_id, flush_cached=True)
-        if user is None:
+        if user_id is None:
             logger.error(f'Dev-auth: User with UID {uid} is not registered in BOA.')
             return tolerant_jsonify({'message': f'Sorry, user with UID {uid} is not registered to use BOA.'}, 403)
+
+        user = UserSession(user_id=user_id, flush_cached=True)
         if not user.is_active:
             logger.error(f'Dev-auth: UID {uid} is registered with BOA but not active.')
             return tolerant_jsonify({'message': f'Sorry, user with UID {uid} is not authorized to use BOA.'}, 403)
         logger.info(f'Dev-auth used to log in as UID {uid}')
+
         login_user(user, force=True, remember=True)
         UserLogin.record_user_login(uid)
         return tolerant_jsonify(current_user.to_api_json())

boac/api/user_controller.py

@@ -46,7 +46,7 @@
 from boac.models.university_dept import UniversityDept
 from boac.models.university_dept_member import UniversityDeptMember
 from flask import current_app as app, request
-from flask_login import current_user, login_required
+from flask_login import current_user, login_required, login_user
 
 
 @app.route('/api/profile/my')
@@ -306,7 +306,7 @@ def set_demo_mode():
         user = AuthorizedUser.find_by_id(current_user.get_id())
         user.in_demo_mode = bool(in_demo_mode)
         current_user.flush_cached()
-        app.login_manager.reload_user()
+        login_user(UserSession(user_id=user.id, flush_cached=True), force=True, remember=True)
         return tolerant_jsonify(current_user.to_api_json())
     else:
         raise errors.ResourceNotFoundError('Unknown path')

requirements.txt

@@ -1,25 +1,25 @@
 autolink==0.1.2
 boto3==1.7.84
 cx_Oracle==7.1.3
-decorator==4.3.2
-Flask-Caching==1.7.2
+decorator==4.4.2
+Flask-Caching==1.9.0
 Flask-Cors==3.0.8
-Flask-Login==0.4.1
-Flask-SQLAlchemy==2.4.1
-Flask==1.1.1
+Flask-Login==0.5.0
+Flask-SQLAlchemy==2.4.4
+Flask==1.1.2
 google-api-python-client==1.7.9
 google-auth-httplib2==0.0.3
 google-auth-oauthlib==0.4.0
-ldap3==2.6
+ldap3==2.7
 names==0.3.0
-nltk==3.4.5
+nltk==3.5
 psycopg2-binary==2.8.5
-requests==2.22.0
-simplejson==3.16.0
+requests==2.24.0
+simplejson==3.17.2
 smart-open==1.8.3
-SQLAlchemy==1.3.16
-titlecase==0.12.0
-Werkzeug==0.16.0
+SQLAlchemy==1.3.18
+titlecase==1.1.1
+Werkzeug==1.0.1
 xmltodict==0.12.0
 zipstream-new==1.1.7
 https://github.com/python-cas/python-cas/archive/master.zip
@@ -28,9 +28,9 @@ https://github.com/python-cas/python-cas/archive/master.zip
 # of potential conflicts during installation; it must be separately installed once its dependencies are
 # in place.
 
-numpy==1.18.0
+numpy==1.19.1
 python-dateutil==2.8.1
-pytz==2019.3
+pytz==2020.1
 
 # For testing