search

Kinto / kinto

A generic JSON document store with sharing and synchronisation capabilities.
http://docs.kinto-storage.org/
Other
4.33k stars 420 forks source link

[cliquet] Cache authentication during subrequests #621

Open tarekziade opened 8 years ago

tarekziade commented 8 years ago

original: https://github.com/mozilla-services/cliquet/issues/462

batch operations are verifying the auth several times for a single request - it could be cached

leplatrem commented 7 years ago

Also applies to default bucket subrequests

glasserc commented 7 years ago

Even for requests for a simple resource that isn't in a batch request such as /buckets/abc/collections/plop, we seem to enter the kinto-fxa code about five or six times in a single request. It seems like the call to effective_principals is not cached for a given request, and it calls authenticated_userid, which isn't cached, which calls unauthenticated_userid, which is not cached either (but by then we're in kinto-fxa code and the bug could be said to be in kinto-fxa). All of these methods are in pyramid or pyramid-multiauth. Here's a typical traceback:

  /usr/lib64/python3.6/threading.py(884)_bootstrap()
-> self._bootstrap_inner()
  /usr/lib64/python3.6/threading.py(916)_bootstrap_inner()
-> self.run()
  /usr/lib64/python3.6/threading.py(864)run()
-> self._target(*self._args, **self._kwargs)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/waitress/task.py(78)handler_thread()
-> task.service()
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/waitress/channel.py(338)service()
-> task.service()
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/waitress/task.py(169)service()
-> self.execute()
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/waitress/task.py(399)execute()
-> app_iter = self.channel.server.application(env, start_response)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid/router.py(233)__call__()
-> response = self.invoke_subrequest(request, use_tweens=True)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid/router.py(208)invoke_subrequest()
-> response = handle_request(request)
  /home/ethan/Jobs/Mozilla/kinto/kinto/core/initialization.py(171)eos_tween()
-> return handler(request)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid_tm/__init__.py(136)tm_tween()
-> response = handler(request)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid/tweens.py(51)excview_tween()
-> request_iface=request_iface.combined
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid/view.py(612)_call_view()
-> response = view_callable(context, request)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid/viewderivers.py(410)viewresult_to_response()
-> result = view(context, request)
  /home/ethan/Jobs/Mozilla/kinto/kinto/core/views/errors.py(23)authorization_required()
-> if Authenticated not in request.effective_principals:
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid/security.py(378)effective_principals()
-> return policy.effective_principals(self)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid_multiauth/__init__.py(119)effective_principals()
-> userid = policy.authenticated_userid(request)
  /home/ethan/Jobs/Mozilla/kinto/.venv/lib/python3.6/site-packages/pyramid/authentication.py(71)authenticated_userid()
-> userid = self.unauthenticated_userid(request)
  /home/ethan/Jobs/Mozilla/kinto-fxa/kinto_fxa/authentication.py(57)unauthenticated_userid()
-> user_id = self._get_credentials(request)
> /home/ethan/Jobs/Mozilla/kinto-fxa/kinto_fxa/authentication.py(86)_get_credentials()
glasserc commented 7 years ago

https://groups.google.com/forum/#!topic/pylons-discuss/-1Z5N-hhAOw has some information on the subject.