From 530206e33a1dd19941e5405b84e1edc7e7c16ed5 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Mon, 17 Jun 2024 10:13:15 -0400 Subject: [PATCH] Cleaning up the logging, gave some additional notes, removed hashing. Signed-off-by: Cliff Hill --- app/__init__.py | 19 +++++++++++++------ app/config.py | 4 +++- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index be017763c..a1b8af316 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -233,13 +233,20 @@ def create_app(application): ) logging.init_app(application) - import hashlib - + # Hopefully will help identify if there is a race condition causing the CSRF errors + # that we have occasionally seen in our environments. for key in ("SECRET_KEY", "DANGEROUS_SALT"): - application.logger.info( - f"{key} Length: {len(application.config[key])}; " - f"SHA-1: {hashlib.sha1(application.config[key].encode('utf8'), usedforsecurity=False).hexdigest()}" - ) + try: + value = application.config[key] + except KeyError: + application.logger.error(f"Env Var {key} doesn't exist.") + else: + try: + data_len = len(value.strip()) + except TypeError: + application.logger.error(f"Env Var {key} invalid type: {type(value)}") + else: + application.logger.info(f"Env Var {key} Length: {data_len}") login_manager.login_view = "main.sign_in" login_manager.login_message_category = "default" diff --git a/app/config.py b/app/config.py index fc358549d..fc9248e05 100644 --- a/app/config.py +++ b/app/config.py @@ -118,7 +118,7 @@ class Development(Config): class Test(Development): TESTING = True - WTF_CSRF_ENABLED = False + WTF_CSRF_ENABLED = False # If enabled, pytest breaks. ASSET_DOMAIN = "static.example.com" ASSET_PATH = "https://static.example.com/" @@ -164,6 +164,8 @@ class E2ETest(Staging): # Borrowed from test environment TESTING = True + + # Attempting to enable CSRF in staging with the hopes that we can duplicate errors. WTF_CSRF_ENABLED = True # buckets - mirror staging