Skip to content

Fix/update deny #1299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Oct 21, 2025
Merged

Fix/update deny #1299

merged 9 commits into from
Oct 21, 2025

Conversation

george42-ctds
Copy link
Contributor

@george42-ctds george42-ctds commented Sep 26, 2025
edited
Loading

Updates PR-1239 by merging master and moving deny-logic to renamed method.

New Features

Breaking Changes

Bug Fixes

Improvements

  • add global username denial regex to configuration

Dependency updates

Deployment changes

@coveralls
Copy link

coveralls commented Sep 26, 2025
edited
Loading

Pull Request Test Coverage Report for Build 18658110816

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 17 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.02%) to 74.895%
Files with Coverage Reduction New Missed Lines %
auth.py 17 88.59%
Totals Coverage Status
Change from base Build 18204386563: 0.02%
Covered Lines: 8416
Relevant Lines: 11237
💛 - Coveralls

@github-actions GitHub Actions
Copy link

filepath passed skipped SUBTOTAL
tests/test_oauth2.py 15 0 15
tests/test_centralized_auth.py 16 0 16
tests/test_audit_service.py 3 3 6
tests/test_data_upload.py 8 1 9
tests/test_presigned_url.py 7 0 7
tests/test_dbgap.py 4 1 5
tests/test_drs_endpoint.py 4 0 4
tests/test_oidc_client.py 2 0 2
tests/test_user_token.py 5 0 5
tests/test_google_data_access.py 1 0 1
tests/test_client_credentials.py 1 0 1
tests/test_ras_authn.py 0 3 3
tests/test_register_user.py 0 2 2
TOTAL 66 10 76

Please find the detailed integration test report here

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 6, 2025

filepath passed skipped SUBTOTAL
tests/test_oauth2.py 15 0 15
tests/test_centralized_auth.py 16 0 16
tests/test_audit_service.py 3 3 6
tests/test_data_upload.py 8 1 9
tests/test_presigned_url.py 7 0 7
tests/test_dbgap.py 4 1 5
tests/test_drs_endpoint.py 4 0 4
tests/test_oidc_client.py 2 0 2
tests/test_user_token.py 5 0 5
tests/test_google_data_access.py 1 0 1
tests/test_client_credentials.py 1 0 1
tests/test_ras_authn.py 0 3 3
tests/test_register_user.py 0 2 2
TOTAL 66 10 76

Please find the detailed integration test report here

MaribelleHGomez
MaribelleHGomez reviewed Oct 17, 2025
View reviewed changes
fence/auth.py Outdated
"""
username_deny_regex = username_deny_regex or config["GLOBAL_USERNAME_DENY_REGEX"]
if username_deny_regex:
if re.match(pattern=username_deny_regex, string=username):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps we'd like to use re.search? https://stackoverflow.com/questions/180986/what-is-the-difference-between-re-search-and-re-match

tests/login/test_login_user.py Outdated
db_session.add(test_user)
db_session.commit()

with pytest.raises(Exception):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider changing Exception to Unauthorized, test may pass even if an unrelated exception is raised

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Good catch! PR has been updated.

tests/login/test_login_user.py
assert flask.session["provider"] == provider
assert flask.session["user_id"] == user_id
assert flask.g.user == test_user

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding a positive test to check the regex is allowing valid cases

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. Additional test has been added.

@github-actions GitHub Actions
Copy link

filepath passed skipped SUBTOTAL
tests/test_oauth2.py 15 0 15
tests/test_centralized_auth.py 16 0 16
tests/test_audit_service.py 3 3 6
tests/test_data_upload.py 8 1 9
tests/test_presigned_url.py 7 0 7
tests/test_dbgap.py 4 1 5
tests/test_drs_endpoint.py 4 0 4
tests/test_oidc_client.py 2 0 2
tests/test_user_token.py 5 0 5
tests/test_google_data_access.py 1 0 1
tests/test_client_credentials.py 1 0 1
tests/test_ras_authn.py 0 3 3
tests/test_register_user.py 0 2 2
TOTAL 66 10 76

Please find the detailed integration test report here

Please find the Github Action logs here

MaribelleHGomez
MaribelleHGomez reviewed Oct 20, 2025
View reviewed changes
pyproject.toml Outdated
@@ -1,3 +1,3 @@
[tool.poetry]
name = "fence"
version = "11.3.2"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one last thing, version bump :)

Copy link
Contributor Author

@george42-ctds george42-ctds Oct 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thank you! Version updated.

@github-actions GitHub Actions
Copy link

filepath passed skipped SUBTOTAL
tests/test_oauth2.py 15 0 15
tests/test_centralized_auth.py 16 0 16
tests/test_audit_service.py 3 3 6
tests/test_data_upload.py 8 1 9
tests/test_presigned_url.py 7 0 7
tests/test_dbgap.py 4 1 5
tests/test_drs_endpoint.py 4 0 4
tests/test_oidc_client.py 2 0 2
tests/test_user_token.py 5 0 5
tests/test_google_data_access.py 1 0 1
tests/test_client_credentials.py 1 0 1
tests/test_ras_authn.py 0 3 3
tests/test_register_user.py 0 2 2
TOTAL 66 10 76

Please find the detailed integration test report here

Please find the Github Action logs here

@george42-ctds george42-ctds merged commit 4a3d07c into master Oct 21, 2025
17 of 22 checks passed
@george42-ctds george42-ctds deleted the fix/update-deny branch October 21, 2025 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MaribelleHGomez MaribelleHGomez MaribelleHGomez left review comments

@BinamB BinamB BinamB approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@george42-ctds @coveralls @MaribelleHGomez @BinamB @Avantol13