Revert "add custom middleware to log csrf request info"

seqr/utils/middleware.py

@@ -1,5 +1,3 @@
-from urllib.parse import urlparse
-
 from anymail.exceptions import AnymailError
 from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
 from django.core.handlers.exception import get_exception_response
@@ -17,7 +15,7 @@
 from seqr.utils.logging_utils import SeqrLogger
 from seqr.views.utils.json_utils import create_json_response
 from seqr.views.utils.terra_api_utils import TerraAPIException
-from settings import DEBUG, LOGIN_URL, CSRF_TRUSTED_ORIGINS
+from settings import DEBUG, LOGIN_URL
 
 logger = SeqrLogger()
 
@@ -172,28 +170,3 @@ def process_response(request, response):
         add_never_cache_headers(response)
         response['Pragma'] = 'no-cache'
         return response
-
-
-class DebugCSRFMiddleware:
-    def __init__(self, get_response):
-        self.get_response = get_response
-
-    @staticmethod
-    def good_origin(request):
-        return "%s://%s" % (
-            "https" if request.is_secure() else "http",
-            request.get_host(),
-        )
-
-    def __call__(self, request):
-        logger.info(f'request META: {request.META}', request.user)
-        request_origin = request.META.get('HTTP_ORIGIN')
-        good_origin = self.good_origin(request)
-        logger.info(f'request get_host: {request.get_host()}', request.user)
-        logger.info(f'request is_secure: {request.is_secure()}', request.user)
-        logger.info(f'request_origin: {request_origin}', request.user)
-        logger.info(f'good_origin: {good_origin}', request.user)
-        logger.info(f'settings CSRF_TRUSTED_ORIGINS: {CSRF_TRUSTED_ORIGINS}', request.user)
-        parsed_origin = urlparse(request_origin)
-        logger.info(f'parsed request origin: {parsed_origin}', request.user)
-        return self.get_response(request)

seqr/views/utils/terra_api_utils_tests.py

@@ -76,9 +76,6 @@ def test_is_anvil_authenticated(self, mock_social_auth_key, mock_terra_url):
 class TerraApiUtilsCallsCase(AuthenticationTestCase):
     fixtures = ['users', 'social_auth']
 
-    def assert_json_logs(self, user, expected_logs, log_start_idx=0):
-        super().assert_json_logs(user, expected_logs, log_start_idx)
-
     def _check_exceptions(self, path, func, args, kwargs=None, responses_body=None):
         url = f'{TEST_TERRA_API_ROOT_URL}{path}'
         kwargs = kwargs or {}

seqr/views/utils/test_utils.py

@@ -250,8 +250,8 @@ def reset_logs(self):
         self._log_stream.truncate(0)
         self._log_stream.seek(0)
 
-    def assert_json_logs(self, user, expected, log_start_idx=7):
-        logs = self._log_stream.getvalue().split('\n')[log_start_idx:]
+    def assert_json_logs(self, user, expected):
+        logs = self._log_stream.getvalue().split('\n')
         for i, (message, extra) in enumerate(expected):
             extra = extra or {}
             validate = extra.pop('validate', None)

settings.py

@@ -54,11 +54,10 @@
     'django.middleware.security.SecurityMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'seqr.utils.middleware.DebugCSRFMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.middleware.common.CommonMiddleware',
     'csp.middleware.CSPMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'seqr.utils.middleware.CacheControlMiddleware',
@@ -261,7 +260,6 @@
     DEBUG = False
 else:
     DEBUG = True
-    CSRF_TRUSTED_ORIGINS = []
     # Enable CORS and hijak for local development
     INSTALLED_APPS += ['corsheaders', 'hijack']
     MIDDLEWARE.insert(0, 'corsheaders.middleware.CorsMiddleware')