From dfb032c2ae064d1b52cacc43dbcb6dc1cd4ca2ca Mon Sep 17 00:00:00 2001 From: Julia Klugherz Date: Thu, 11 Jul 2024 15:06:48 -0400 Subject: [PATCH] Revert "add custom middleware to log csrf request info" --- seqr/utils/middleware.py | 29 +---------------------- seqr/views/utils/terra_api_utils_tests.py | 3 --- seqr/views/utils/test_utils.py | 4 ++-- settings.py | 4 +--- 4 files changed, 4 insertions(+), 36 deletions(-) diff --git a/seqr/utils/middleware.py b/seqr/utils/middleware.py index 448bfde8a0..33d22532a3 100644 --- a/seqr/utils/middleware.py +++ b/seqr/utils/middleware.py @@ -1,5 +1,3 @@ -from urllib.parse import urlparse - from anymail.exceptions import AnymailError from django.core.exceptions import PermissionDenied, ObjectDoesNotExist from django.core.handlers.exception import get_exception_response @@ -17,7 +15,7 @@ from seqr.utils.logging_utils import SeqrLogger from seqr.views.utils.json_utils import create_json_response from seqr.views.utils.terra_api_utils import TerraAPIException -from settings import DEBUG, LOGIN_URL, CSRF_TRUSTED_ORIGINS +from settings import DEBUG, LOGIN_URL logger = SeqrLogger() @@ -172,28 +170,3 @@ def process_response(request, response): add_never_cache_headers(response) response['Pragma'] = 'no-cache' return response - - -class DebugCSRFMiddleware: - def __init__(self, get_response): - self.get_response = get_response - - @staticmethod - def good_origin(request): - return "%s://%s" % ( - "https" if request.is_secure() else "http", - request.get_host(), - ) - - def __call__(self, request): - logger.info(f'request META: {request.META}', request.user) - request_origin = request.META.get('HTTP_ORIGIN') - good_origin = self.good_origin(request) - logger.info(f'request get_host: {request.get_host()}', request.user) - logger.info(f'request is_secure: {request.is_secure()}', request.user) - logger.info(f'request_origin: {request_origin}', request.user) - logger.info(f'good_origin: {good_origin}', request.user) - logger.info(f'settings CSRF_TRUSTED_ORIGINS: {CSRF_TRUSTED_ORIGINS}', request.user) - parsed_origin = urlparse(request_origin) - logger.info(f'parsed request origin: {parsed_origin}', request.user) - return self.get_response(request) diff --git a/seqr/views/utils/terra_api_utils_tests.py b/seqr/views/utils/terra_api_utils_tests.py index 7cf476c890..56d4b1099d 100644 --- a/seqr/views/utils/terra_api_utils_tests.py +++ b/seqr/views/utils/terra_api_utils_tests.py @@ -76,9 +76,6 @@ def test_is_anvil_authenticated(self, mock_social_auth_key, mock_terra_url): class TerraApiUtilsCallsCase(AuthenticationTestCase): fixtures = ['users', 'social_auth'] - def assert_json_logs(self, user, expected_logs, log_start_idx=0): - super().assert_json_logs(user, expected_logs, log_start_idx) - def _check_exceptions(self, path, func, args, kwargs=None, responses_body=None): url = f'{TEST_TERRA_API_ROOT_URL}{path}' kwargs = kwargs or {} diff --git a/seqr/views/utils/test_utils.py b/seqr/views/utils/test_utils.py index 03cc605801..3455466335 100644 --- a/seqr/views/utils/test_utils.py +++ b/seqr/views/utils/test_utils.py @@ -250,8 +250,8 @@ def reset_logs(self): self._log_stream.truncate(0) self._log_stream.seek(0) - def assert_json_logs(self, user, expected, log_start_idx=7): - logs = self._log_stream.getvalue().split('\n')[log_start_idx:] + def assert_json_logs(self, user, expected): + logs = self._log_stream.getvalue().split('\n') for i, (message, extra) in enumerate(expected): extra = extra or {} validate = extra.pop('validate', None) diff --git a/settings.py b/settings.py index 9196e04370..70cfbe8e89 100644 --- a/settings.py +++ b/settings.py @@ -54,11 +54,10 @@ 'django.middleware.security.SecurityMiddleware', 'whitenoise.middleware.WhiteNoiseMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'seqr.utils.middleware.DebugCSRFMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.common.CommonMiddleware', 'csp.middleware.CSPMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'seqr.utils.middleware.CacheControlMiddleware', @@ -261,7 +260,6 @@ DEBUG = False else: DEBUG = True - CSRF_TRUSTED_ORIGINS = [] # Enable CORS and hijak for local development INSTALLED_APPS += ['corsheaders', 'hijack'] MIDDLEWARE.insert(0, 'corsheaders.middleware.CorsMiddleware')