Make difference between debug and deploy

AaltoRSE · Mar 11, 2024 · 9f8304f · 9f8304f
1 parent 698152f
commit 9f8304f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 5 deletions.
diff --git a/app/saml/saml_router.py b/app/saml/saml_router.py
@@ -15,6 +15,7 @@
 from security.auth import clean_session, get_request_source
 
 import logging
+import os 
 
 logger = logging.getLogger(__name__)
 
@@ -51,17 +52,22 @@ async def saml_callback(request: Request):
         else:
             sessionData = {}
             sessionData["samlUserdata"] = auth.get_attributes()
+            logger.info(sessionData["samlUserdata"])
             # Now, we check, whether the user is an employee, and thus eligible to use the service
-            try:
-                if (
+            debug = int(os.environ.get("GATEWAY_DEBUG", 0)) == 1        
+            logger.info(debug)
+            try:                
+                if (not debug) and (
                     not "employee"
                     in sessionData["samlUser"]["urn:oid:1.3.6.1.4.1.5923.1.1.1.1"]
                 ):
                     raise HTTPException(
                         status.HTTP_403_FORBIDDEN,
                         "Only staff can use this self service",
                     )
-            except:
+            except Exception as e:
+                logger.error(e)
+                logger.info(sessionData)
                 raise HTTPException(status.HTTP_403_FORBIDDEN, "Authentication invalid")
             sessionData["samlNameId"] = auth.get_nameid()
             sessionData["samlNameIdFormat"] = auth.get_nameid_format()

diff --git a/app/security/saml.py b/app/security/saml.py
@@ -79,12 +79,16 @@ async def prepare_from_fastapi_request(request: Request, debug=False):
         "post_data": {},
         "get_data": dict(request.query_params),
         # Advanced request options
-        "https": "",  # Uncomment if you are running a server using https!
+        #"https": "",  # Uncomment if you are running a server using https!
         # "request_uri": "",
         "query_string": request.url.query,
         # "validate_signature_from_qs": False,
         # "lowercase_urlencoding": False
     }
+    # On debug, this is 0
+    saml_logger.debug(os.environ.get("GATEWAY_DEBUG", 0))
+    if not int(os.environ.get("GATEWAY_DEBUG", 0)) == 1:
+        rv["https"] = "on"
     form_data = await request.form()
     if "SAMLResponse" in form_data:
         SAMLResponse = form_data["SAMLResponse"]

diff --git a/k8s_gateway_ingress.yaml b/k8s_gateway_ingress.yaml
@@ -22,7 +22,7 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
     nginx.ingress.kubernetes.io/upstream-vhost: llm-gateway.k8s-test.cs.aalto.fi
     # Comment out during dev
-    # nginx.ingress.kubernetes.io/whitelist-source-range: 130.233.0.0/16
+    nginx.ingress.kubernetes.io/whitelist-source-range: 130.233.0.0/16
 
 # Spec tells the actual parameters: hosts to listen on, path prefixes.
 spec: