search

OpenSPP / openspp-modules

OpenSPP Odoo modules
https://openspp.org
GNU Lesser General Public License v3.0
25 stars 10 forks source link

DCI API is not working #602

Open anthonymarkQA opened 1 week ago

anthonymarkQA commented 1 week ago

Describe the bug the module DCI API can be installed in openspp but is not working. postman is unable to retrieve data from openspp. To Reproduce

  1. Request a postman collection from developer
  2. Instal DCI API module
  3. Get credentials from DCI API (client id and client secret)
  4. In postman go to POST get access token request body tab, paste client ID and secret
  5. click send. notice internal server error is returned in postman Expected behavior access token and token type should be displayed Screenshots

Additional context

🔔 Note: This ticket should address common considerations without including country-specific content. Please ensure all references are generic and applicable across various contexts.

dasunhegoda commented 6 days ago

@gonzalesedwin1123 @reichie020212 : Is this due to the same issue we discussed? Setting up of the tokens in the pod.

reichie020212 commented 6 days ago

yes @dasunhegoda

dasunhegoda commented 6 days ago

@reichie020212 : can you set it up when possible to unblock @anthonymarkQA?

reichie020212 commented 6 days ago

@dasunhegoda I do not have access to the instance's ssh

dasunhegoda commented 5 days ago

As per the discussion with @kneckinator, @reichie020212 will be given SSH access to the pod to set up the keys to unblock the QA team.

A proper mechanism to set up the key should be considered in the long run.

Note: The keys will be lost if the pod is destroyed.

dasunhegoda commented 5 days ago

In a meeting with @renceInbox @kneckinator @atelal @dasunhegoda, It was discussed and agreed to improve the API when @reichie020212 is back next week on how to setup the keys without SSHing to the instance.

cc: @anthonymarkQA @celinenilla

kneckinator commented 21 hours ago

@reichie020212 please take a look at the following modules:

Convert the direct read of files within the addons to reading the location of the pem/pub pair through an environment variable. Let's use:

SPP_OAUTH_RSA_PRIV_KEY_PATH="....."
SPP_OAUTH_RSA_PUB_KEY_PATH="...."

In spp_import_dci_api/tools/calculate_signature.py this is duplicated from spp_oauth/tools/rsa_encode_decode.py. If there is no specific reason to keep both, let's standardize on using spp_oauth.

In spp_base_gis_rest/models/api_client_credentials.py the TOKEN_EXPIRATION_MIN is hard-coded. This should be read from an environment variable. I suggest SPP_BASE_GIS_TOKEN_EXP_MIN.

In spp_dci_api_server/models/client_credentials.py, the TOKEN_EXPIRATION_MIN is hard-coded. This should be read from an environment variable. I suggest SPP_DCI_API_SERVER_TOKEN_EXP_MIN.

The exception handler in spp_oauth.tools.rsa_encode_decode.verify_and_decode_signature should not swallow the exception like it does today, as it makes debugging hard. It should raise any JWT validation issues in the OpenSPP log on the error level. Once the log message has been emitted, raise an exception OpenSPPOAuthJWTException. The caller will have to handle this exception, which it can do similar as it is done today.

Example: In spp_dci_api_server/controllers/controllers.py:144 change

verified, payload = verify_and_decode_signature(access_token)

if not verified:
    return error_wrapper(401, "Invalid Access Token.")

to something like:

try:
    payload = verify_and_decode_signature(access_token)
except OpenSPPOAuthJWTException:
    return error_wrapper(401, "Invalid Access Token.")