Move to use a different WSGI server from the Flask development server

[gene1wood]

We currently use a trick mentioned in #244 to suppress console output in the Flask development server which prior to a few weeks ago was possible but with current versions of werkzeug isn't anymore.

David Lord, core developer on Flask, points out that even in a local web server like ours we shouldn't use the Flask development server.

He suggests using waitress instead. I started exploration in porting to use waitress but got stopped at the point where we trigger a shutdown of the WSGI server at the end of the login process.

Currently we find the process that Flask is running in and kill it. This doesn't seem to work for waitress.

I found that the webtest project which is used for testing WSGI applications implements waitress as a subthread.

I did some work on using webtest's StopableWSGIServer in mozilla-aws-cli but ran out of time.

To get this working we'll need to

• update the listen method in listener.py to use waitress to serve the app (which is easy)
• get the shutdown method to work, either by figuring out why the "kill the process" approach isn't working or by porting the StopableWSGIServer subthread approach from webtest

Until this work is done, we can't use a newer version of werkzeug which means any security fixes won't be available to us.

[gene1wood]

Here's what the listen method looks like with waitress

from waitress import serve

def listen(login):
    # set the global callback
    globals()["login"] = login
    serve(app, host='0.0.0.0', port=port)
    return port

This alone works at cutting over to waitress from Flask, however the shutdown method doesn't shut the waitress listener down.

[gene1wood]

228 Talks about alternative shutdown methods as well