A bit more advanced users' activity logging

[northwestwitch]

This PR adds a functionality or fixes a bug.

• Closes #4758 - The logging to file is independent from the existing system logging

Testing on cg-vm1 server (Clinical Genomics Stockholm)

**Prepare for testing** 1. Make sure the PR is pushed and available on [Docker Hub](https://hub.docker.com/repository/docker/clinicalgenomics/scout-server-stage) 1. Fist book your testing time using the Pax software available at [https://pax.scilifelab.se/](https://pax.scilifelab.se). The resource you are going to call dibs on is `scout-stage` and the server is `cg-vm1`. 1. `ssh @cg-vm1.scilifelab.se` 1. `sudo -iu hiseq.clinical` 1. `ssh localhost` 1. (optional) Find out which scout branch is currently deployed on cg-vm1: `podman ps` 1. Stop the service with current deployed branch: `systemctl --user stop scout.target` 1. Start the scout service with the branch to test: `systemctl --user start scout@` 1. Make sure the branch is deployed: `systemctl --user status scout.target` 1. After testing is done, repeat procedure at [https://pax.scilifelab.se/](https://pax.scilifelab.se), which will release the allocated resource (`scout-stage`) to be used for testing by other users.

Testing on hasta server (Clinical Genomics Stockholm)

**Prepare for testing** 1. `ssh @hasta.scilifelab.se` 1. Book your testing time using the Pax software. `us; paxa -u -s hasta -r scout-stage`. You can also use the WSGI Pax app available at [https://pax.scilifelab.se/](https://pax.scilifelab.se). 1. (optional) Find out which scout branch is currently deployed on cg-vm1: `conda activate S_scout; pip freeze | grep scout-browser` 1. Deploy the branch to test: `bash /home/proj/production/servers/resources/hasta.scilifelab.se/update-tool-stage.sh -e S_scout -t scout -b ` 1. Make sure the branch is deployed: `us; scout --version` 1. After testing is done, repeat the `paxa` procedure, which will release the allocated resource (`scout-stage`) to be used for testing by other users.

How to test:

1. Deploy this branch on cg-vm1
2. Deploy also this branch of servers ---> https://github.com/Clinical-Genomics/servers/pull/1448
3. Restart scout service stage
4. Go inside the scout container on cg-vm1 (podman exec -it <container-id> /bin/bash ) and make sure logs have been written to this following file --> /home/worker/scout_users_activity.log

Expected outcome:

• Your user should be logged out and you must agree to be monitored before being able to log in again

Review:

• [x] code approved by DN
• [x] tests executed by CR, DN

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 56.66667% with 13 lines in your changes missing coverage. Please review.

Project coverage is 84.17%. Comparing base (3ce6b1d) to head (6228dd3). Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
scout/server/app.py	60.00%	8 Missing :warning:
scout/server/blueprints/login/views.py	50.00%	5 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #4830 +/- ## ========================================== - Coverage 84.21% 84.17% -0.05% ========================================== Files 318 318 Lines 19251 19276 +25 ========================================== + Hits 16213 16226 +13 - Misses 3038 3050 +12 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[northwestwitch]

While this seems to work OK locally (haven't tested n stage yet), It feels like I need to add the setting howto on the documentation. I think there should also be some notification to the users asking if they agree that their browsing will be recorded. For instance if the scout config contains the specific settings. log out all users and make them log in again after agreeing to the thing?

[dnil]

While this seems to work OK locally (haven't tested n stage yet), It feels like I need to add the setting howto on the documentation. I think there should also be some notification to the users asking if they agree that their browsing will be recorded. For instance if the scout config contains the specific settings. log out all users and make them log in again after agreeing to the thing?

Yes, for most hospitals/users the event log, representing our user action audit trail, will be the important part anyway. But this is straightforward enough, and with an option to enable it should be all good. Info to the users is a Good Thing. We can add an info on the landing page, describing this, the event audit log, web server logs and the user land cookies used to keep the user logged in, link the user to their google Oauth2 or LDAP identification, and temporarily store internal file permission requests like alignment files and tracks!

[northwestwitch]

Ok, this is working now on stage with Google Oauth2. I've decided to keep the checkbox because that way I can set a session param that will help understand if the user consents or not. This is in turn used to understand if the user has to be logged out or not when the functionality is in place (has the agree). Fixed also the dark mode thing now. I'll open for review now

[northwestwitch]

Ah wait, for some reason it's not printing to log. It's a draft again!

[northwestwitch]

Mmm I can't seem to start the scout service with this branch on cg-vm1. Pretty sure it's a matter of writing permissions on the log file specified in the servers PR.. I need to reason on this

[dnil]

Mmm I can't seem to start the scout service with this branch on cg-vm1. Pretty sure it's a matter of writing permissions on the log file specified in the servers PR.. I need to reason on this

I remember seeing a (temp?) PR with writing to the container but no mounting of the fs onto there yet - could that be this one?

[northwestwitch]

I remember seeing a (temp?) PR with writing to the container but no mounting of the fs onto there yet - could that be this one?

You mean a volume? Could you elaborate?

[northwestwitch]

Ok now at least it starts on stage but still doesn't write to the log file 🙄

[northwestwitch]

Ok the log file is created correctly, but when I enter into the container it stays empty -->

[northwestwitch]

AHA! Looks like the problem is not permissions over files in Docker (any more). I tried to run a local instance via gunicorn (SCOUT_CONFIG=/Users/chiararasi/Documents/work/GITs/scout/scout/server/config.py gunicorn --bind 0.0.0.0:8080 scout.server.auto:app) and the log file gets created but not written (same behavior as on stage). So the reason must be how the logs are handled by gunicorn instead! 🤔

[northwestwitch]

I'm still having issue with the permissions to write to the host file system (specifically /tmp/tmp_scout_users_activity.log, but I think for the sake of this PR it is enough if I show that a file is created inside the container (under /home/worker/scout_users_activity.log) and the file contains user's info. When I execute the container and I check that file I see this -->

---

Marking as ready for review, any suggestion to make the volume work is very welcome!

[dnil]

Maybe this is just me, logging can be odd, but I seem to loose DEBUG output on the main console stderr stream when applying this? lets check!

No, sorry, it's just me being silly - it was the same old Gunicorn logger stream thing. scout --loglevel DEBUG serve still works. We could actually apply https://stackoverflow.com/questions/26578733/why-is-flask-application-not-creating-any-logs-when-hosted-by-gunicorn permanently in code as well since we always use and recommend it. But let's do that in a separate PR, and remove some useless debug messages when we do.

We currently agree the new log file and its filter would make sense in the scout log module. let me know if I missed a reason it shouldn't be there. 😊

[sonarcloud[bot]]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud