Cleaning up the logging, gave some additional notes, removed hashing.

Signed-off-by: Cliff Hill <clifford.hill@gsa.gov>
This commit is contained in:
Cliff Hill
2024-06-17 10:13:15 -04:00
parent 9e94b5a242
commit 530206e33a
2 changed files with 16 additions and 7 deletions

View File

@@ -233,13 +233,20 @@ def create_app(application):
)
logging.init_app(application)
import hashlib
# Hopefully will help identify if there is a race condition causing the CSRF errors
# that we have occasionally seen in our environments.
for key in ("SECRET_KEY", "DANGEROUS_SALT"):
application.logger.info(
f"{key} Length: {len(application.config[key])}; "
f"SHA-1: {hashlib.sha1(application.config[key].encode('utf8'), usedforsecurity=False).hexdigest()}"
)
try:
value = application.config[key]
except KeyError:
application.logger.error(f"Env Var {key} doesn't exist.")
else:
try:
data_len = len(value.strip())
except TypeError:
application.logger.error(f"Env Var {key} invalid type: {type(value)}")
else:
application.logger.info(f"Env Var {key} Length: {data_len}")
login_manager.login_view = "main.sign_in"
login_manager.login_message_category = "default"

View File

@@ -118,7 +118,7 @@ class Development(Config):
class Test(Development):
TESTING = True
WTF_CSRF_ENABLED = False
WTF_CSRF_ENABLED = False # If enabled, pytest breaks.
ASSET_DOMAIN = "static.example.com"
ASSET_PATH = "https://static.example.com/"
@@ -164,6 +164,8 @@ class E2ETest(Staging):
# Borrowed from test environment
TESTING = True
# Attempting to enable CSRF in staging with the hopes that we can duplicate errors.
WTF_CSRF_ENABLED = True
# buckets - mirror staging