Merge pull request #4191 from alephdata/release/4.1.1

Release/4.1.1

Author: stchris

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 4.1.0-rc4
+current_version = 4.1.1
 tag_name = {new_version}
 commit = True
 tag = True

aleph/logic/api_keys.py

@@ -129,7 +129,6 @@ def hash_plaintext_api_keys():
     for index, partition in enumerate(results.partitions()):
         for role in partition:
             role.api_key_digest = hash_api_key(role.api_key)
-            role.api_key = None
             db.session.add(role)
             log.info(f"Hashing API key: {role}")
         log.info(f"Comitting partition {index}")

aleph/model/role.py

@@ -1,7 +1,7 @@
 import logging
 from datetime import datetime, timezone
 from normality import stringify
-from sqlalchemy import or_, not_, func
+from sqlalchemy import and_, or_, not_, func
 from itsdangerous import URLSafeTimedSerializer
 from werkzeug.security import generate_password_hash, check_password_hash
 
@@ -197,13 +197,18 @@ def by_email(cls, email):
 
     @classmethod
     def by_api_key(cls, api_key):
-        if api_key is None:
+        if api_key is None or not len(api_key.strip()):
             return None
 
         q = cls.all()
 
         digest = hash_api_key(api_key)
-        q = q.filter(cls.api_key_digest == digest)
+        q = q.filter(
+            and_(
+                cls.api_key_digest != None,  # noqa: E711
+                cls.api_key_digest == digest,
+            )
+        )
 
         utcnow = datetime.now(timezone.utc)
         # TODO: Exclude API keys without expiration date after deadline

aleph/tests/test_api_keys.py

@@ -211,7 +211,12 @@ def test_hash_plaintext_api_keys(self):
         hash_plaintext_api_keys()
 
         db.session.refresh(user_1)
-        assert user_1.api_key is None
+
+        # Do not delete the plaintext API key to allow for version rollbacks.
+        # `api_key` column will be removed in the next version at which point all
+        # plaintext keys will be deleted.
+        assert user_1.api_key == "1234567890"
+
         assert user_1.api_key_digest == hash_api_key("1234567890")
 
         db.session.refresh(user_2)

aleph/tests/test_view_context.py

@@ -75,6 +75,10 @@ def test_authz_header_api_key_invalid(self):
         res = self.client.get(f"/api/2/roles/{self.role.id}", headers=headers)
         assert res.status_code == 403
 
+        headers = {"Authorization": "ApiKey   "}
+        res = self.client.get(f"/api/2/roles/{self.role.id}", headers=headers)
+        assert res.status_code == 403
+
         headers = {"Authorization": ""}
         res = self.client.get(f"/api/2/roles/{self.role.id}", headers=headers)
         assert res.status_code == 403
@@ -83,6 +87,10 @@ def test_authz_header_api_key_invalid(self):
         res = self.client.get(f"/api/2/roles/{self.role.id}", headers=headers)
         assert res.status_code == 403
 
+        headers = {"Authorization": "   "}
+        res = self.client.get(f"/api/2/roles/{self.role.id}", headers=headers)
+        assert res.status_code == 403
+
     def test_authz_url_param_api_key(self):
         query_string = {"api_key": "1234567890"}
         res = self.client.get(f"/api/2/roles/{self.role.id}", query_string=query_string)
@@ -97,3 +105,7 @@ def test_authz_url_params_api_key_invalid(self):
         query_string = {"api_key": ""}
         res = self.client.get(f"/api/2/roles/{self.role.id}", query_string=query_string)
         assert res.status_code == 403
+
+        query_string = {"api_key": "   "}
+        res = self.client.get(f"/api/2/roles/{self.role.id}", query_string=query_string)
+        assert res.status_code == 403

aleph/worker.py

@@ -3,7 +3,6 @@
 import time
 import threading
 import functools
-import queue
 import copy
 from typing import Dict, Callable
 import sqlalchemy
@@ -116,7 +115,13 @@ def __init__(
         version=None,
         prefetch_count_mapping=defaultdict(lambda: 1),
     ):
-        super().__init__(queues, conn=conn, num_threads=num_threads, version=version)
+        super().__init__(
+            queues,
+            conn=conn,
+            num_threads=num_threads,
+            version=version,
+            prefetch_count_mapping=prefetch_count_mapping,
+        )
         self.often = get_rate_limit("often", unit=300, interval=1, limit=1)
         self.daily = get_rate_limit("daily", unit=3600, interval=24, limit=1)
         # special treatment for indexing jobs - indexing jobs need to be batched
@@ -125,7 +130,6 @@ def __init__(
         # run of all available indexing tasks
         self.indexing_batch_last_updated = 0.0
         self.indexing_batches = defaultdict(list)
-        self.local_queue = queue.Queue()
         self.prefetch_count_mapping = prefetch_count_mapping
 
     def on_signal(self, signal, _):

aleph/wsgi.py

@@ -1,10 +1,13 @@
+import logging
+
 from aleph.core import create_app
 from aleph.settings import SETTINGS
 from aleph import __version__ as aleph_version
 
 import sentry_sdk
 from sentry_sdk.integrations.flask import FlaskIntegration
 
+log = logging.getLogger(__name__)
 
 if SETTINGS.SENTRY_DSN:
     sentry_sdk.init(
@@ -17,4 +20,5 @@
         environment=SETTINGS.SENTRY_ENVIRONMENT,
         send_default_pii=False,
     )
+log.info("aleph.wsgi initialized Sentry SDK")
 app = create_app()

contrib/aleph-traefik-minio-keycloak/docker-compose.yml

@@ -54,7 +54,7 @@ services:
       - "traefik.enable=false"
 
   worker:
-    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.1.1}
     command: aleph worker
     restart: on-failure
     links:
@@ -79,7 +79,7 @@ services:
       - "traefik.enable=false"
 
   shell:
-    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.1.1}
     command: /bin/bash
     depends_on:
       - postgres
@@ -99,7 +99,7 @@ services:
       - "traefik.enable=false"
 
   api:
-    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.1.1}
     command: gunicorn -w 6 -b 0.0.0.0:8000 --log-level debug --log-file - aleph.wsgi:app
     expose:
       - 8000
@@ -121,7 +121,7 @@ services:
       - "traefik.enable=false"
 
   ui:
-    image: ghcr.io/alephdata/aleph-ui-production:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph-ui-production:${ALEPH_TAG:-4.1.1}
     depends_on:
       - api
       - traefik

contrib/keycloak/docker-compose.dev-keycloak.yml

@@ -16,7 +16,7 @@ services:
   elasticsearch:
     build:
       context: services/elasticsearch
-    image: ghcr.io/alephdata/aleph-elasticsearch:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph-elasticsearch:${ALEPH_TAG:-4.1.1}
     hostname: elasticsearch
     environment:
       - discovery.type=single-node
@@ -55,7 +55,7 @@ services:
   app:
     build:
       context: .
-    image: alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: alephdata/aleph:${ALEPH_TAG:-4.1.1}
     hostname: aleph
     command: /bin/bash
     links:
@@ -83,7 +83,7 @@ services:
   api:
     build:
       context: .
-    image: alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: alephdata/aleph:${ALEPH_TAG:-4.1.1}
     command: aleph run -h 0.0.0.0 -p 5000 --with-threads --reload --debugger
     ports:
       - "127.0.0.1:5000:5000"
@@ -117,7 +117,7 @@ services:
   ui:
     build:
       context: ui
-    image: alephdata/aleph-ui:${ALEPH_TAG:-4.0.2}
+    image: alephdata/aleph-ui:${ALEPH_TAG:-4.1.1}
     links:
       - api
     command: npm run start

docker-compose.yml

@@ -46,7 +46,7 @@ services:
       - aleph.env
 
   worker:
-    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.1.1}
     command: aleph worker
     restart: on-failure
     depends_on:
@@ -62,7 +62,7 @@ services:
       - aleph.env
 
   shell:
-    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.1.1}
     command: /bin/bash
     depends_on:
       - postgres
@@ -80,7 +80,7 @@ services:
       - aleph.env
 
   api:
-    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph:${ALEPH_TAG:-4.1.1}
     expose:
       - 8000
     depends_on:
@@ -97,7 +97,7 @@ services:
       - aleph.env
 
   ui:
-    image: ghcr.io/alephdata/aleph-ui-production:${ALEPH_TAG:-4.0.2}
+    image: ghcr.io/alephdata/aleph-ui-production:${ALEPH_TAG:-4.1.1}
     depends_on:
       - api
     ports: