search

swp-fu-eid / eid-fu-swp

Docker-based REST API implemented with Django and restframework.
MIT License
2 stars 1 forks source link

eID-Service implementation #40

Closed BenjaminKeller closed 7 years ago

BenjaminKeller commented 7 years ago

As required by #19 and #22.

@nils-wisiol You've requested to mark some lines in get_tc_token_url as important security features. How can I achieve that? By leaving a comment?

BenjaminKeller commented 7 years ago

@nils-wisiol Thank you for your feedback and the hint with the migrations. I corrected everything. @Armagetron I fix it.

BenjaminKeller commented 7 years ago

Renamed eid_server to eid_service.

BenjaminKeller commented 7 years ago

@nils-wisiol As already mentioned ... is a stub and must be filled by following pull requests implementing the eID-Server. Sorry for the intendation mistake, I rechecked all files.

Armagetron commented 7 years ago

The eID will be most probably running at BOILERPLATE_DOMAIN/eID

BenjaminKeller commented 7 years ago

OK, I adapt this and make use of the UseId-Call.

BenjaminKeller commented 7 years ago

I moved the implementation into its own folder and created a python module for it. I added comments where the implementation of the eID-Server is missing.

nils-wisiol commented 7 years ago

tests are still broken

Armagetron commented 7 years ago

I seriously hoped that the increase of the requests would help to solve this issue with the failing tests. I have no idea why they fail.

BenjaminKeller commented 7 years ago

@zervnet As already discussed on friday we have problems with too many connections to nginx/django. It has to be a limitation on the technical side because the tests fail randomly. The following error message is provided:

api_1     | [pid: 157|app: 0|req: 1/109] 10.0.0.2 () {40 vars in 584 bytes} [Tue Aug 22 06:31:33 2017] GET /api/eIdService/getTcTokenUrl?host=127.0.0.1 => generated 0 bytes in 361 msecs (HTTP/1.1 302) 4 headers in 257 bytes (1 switches on core 0)
api_1     | Tue Aug 22 06:31:33 2017 - uwsgi_response_write_body_do(): Broken pipe [core/writer.c line 331] during GET /api/eIdService/getTcTokenUrl?protocol=eid (10.0.0.2)
api_1     | OSError: write error

The following configurations didn't solve the problem:

www/conf/nginx.conf:

 events {
-    worker_connections  1024;
+    worker_connections  2048;
 }

www/conf/sites-available/20-static-and-api.conf.var:

   location /api/ {
     # max .5r/s to the API per IP, but 10 at once is okay. This limit may need to be increased once
     # client applications become more powerful
-    limit_req zone=perip-api burst=10 nodelay;
+    limit_req zone=perip-api burst=1000 nodelay;
     expires epoch;
     etag off;
     add_header Strict-Transport-Security "max-age=31536000";
nils-wisiol commented 7 years ago

There are indeed two tests failing, however the listing of which tests fail seems to be broken in frisby. I am looking into this.

nils-wisiol commented 7 years ago

I came to the conclusion that frisby is broken. With working tests, everything is fine. But with broken tests, it reports successful tests to be broken and vice-versa.

I propose migrating to an alternative testing framework, possibly chakram. Their examples are extensive and it seems to be better maintained in general, too.

Please also see #54

BenjaminKeller commented 7 years ago

@nils-wisiol Can we merge now? Or do I have to rewrite history?

nils-wisiol commented 7 years ago

yes, please rewrite history :+1:

BenjaminKeller commented 7 years ago

@nils-wisiol Done.

nils-wisiol commented 7 years ago

Fair enough. Next time, please use rebase instead of actually deleting the history to keep git blame instact.