Merge branch 'master' into enhance/adopters.md

StackStorm · Nov 10, 2023 · 466560c · 466560c
2 parents ebac432 + 32a243a
commit 466560c
Show file tree

Hide file tree

Showing 12 changed files with 64 additions and 14 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -6,6 +6,9 @@ in development
 
 Fixed
 ~~~~~
+* Additional fixes for st2 client auth when proxy auth mode enabled #6049
+  Contributed by @floatingstatic
+
 * Fix issue with linux pack actions failed to run remotely due to incorrect python shebang. #5983 #6042
   Contributed by Ronnie Hoffmann (@ZoeLeah Schwarz IT KG)
 
@@ -24,6 +27,9 @@ Fixed
 
 * Update cryptography 3.4.7 -> 39.0.1, pyOpenSSL 21.0.0 -> 23.1.0, paramiko 2.10.5 -> 2.11.0 (security). #6055
 
+* Bumped `eventlet` to `0.33.3` and `gunicorn` to `21.2.0` to fix `RecursionError` bug in setting `SSLContext` `minimum_version` property. #6061
+  Contributed by @jk464
+
 Added
 ~~~~~
 

diff --git a/fixed-requirements.txt b/fixed-requirements.txt
@@ -10,14 +10,14 @@ dnspython>=1.16.0,<2.0.0
 cryptography==39.0.1
 # Note: 0.20.0 removed select.poll() on which some of our code and libraries we
 # depend on rely
-eventlet==0.30.2
+eventlet==0.33.3
 flex==6.14.1
 gitpython==3.1.15
 # Needed by gitpython, old versions used to bundle it
 gitdb==4.0.2
 # Note: greenlet is used by eventlet
 greenlet==1.0.0
-gunicorn==20.1.0
+gunicorn==21.2.0
 jsonpath-rw==1.4.0
 jsonschema==2.6.0
 kombu==5.0.2

diff --git a/requirements.txt b/requirements.txt
@@ -17,12 +17,12 @@ ciso8601
 cryptography==39.0.1
 decorator==4.4.2
 dnspython>=1.16.0,<2.0.0
-eventlet==0.30.2
+eventlet==0.33.3
 flex==6.14.1
 gitdb==4.0.2
 gitpython==3.1.15
 greenlet==1.0.0
-gunicorn==20.1.0
+gunicorn==21.2.0
 importlib-metadata==3.10.1
 jinja2==2.11.3
 jsonpath-rw==1.4.0

diff --git a/st2actions/requirements.txt b/st2actions/requirements.txt
@@ -8,7 +8,7 @@
 MarkupSafe<2.1.0,>=0.23
 apscheduler==3.7.0
 chardet<3.1.0
-eventlet==0.30.2
+eventlet==0.33.3
 gitpython==3.1.15
 jinja2==2.11.3
 kombu==5.0.2

diff --git a/st2api/requirements.txt b/st2api/requirements.txt
@@ -5,8 +5,8 @@
 # If you want to update depdencies for a single component, modify the
 # in-requirements.txt for that component and then run 'make requirements' to
 # update the component requirements.txt
-eventlet==0.30.2
-gunicorn==20.1.0
+eventlet==0.33.3
+gunicorn==21.2.0
 jsonschema==2.6.0
 kombu==5.0.2
 mongoengine==0.23.0

diff --git a/st2auth/requirements.txt b/st2auth/requirements.txt
@@ -6,8 +6,8 @@
 # in-requirements.txt for that component and then run 'make requirements' to
 # update the component requirements.txt
 bcrypt==3.2.0
-eventlet==0.30.2
-gunicorn==20.1.0
+eventlet==0.33.3
+gunicorn==21.2.0
 oslo.config>=1.12.1,<1.13
 passlib==1.7.4
 pymongo==3.11.3

diff --git a/st2auth/st2auth/handlers.py b/st2auth/st2auth/handlers.py
@@ -130,6 +130,25 @@ def handle_auth(
         remote_addr = headers.get("x-forwarded-for", remote_addr)
         extra = {"remote_addr": remote_addr}
 
+        # Needed to support st2client which does not connect via st2web
+        if authorization and not remote_user:
+            try:
+                auth_value = base64.b64decode(authorization[1])
+            except Exception:
+                LOG.audit("Invalid authorization header", extra=extra)
+                abort_request()
+                return
+
+            split = auth_value.split(b":", 1)
+            if len(split) != 2:
+                LOG.audit("Invalid authorization header", extra=extra)
+                abort_request()
+                return
+
+            remote_user = split[0]
+            if six.PY3 and isinstance(remote_user, six.binary_type):
+                remote_user = remote_user.decode("utf-8")
+
         if remote_user:
             ttl = getattr(request, "ttl", None)
             username = self._get_username_for_request(remote_user, request)

diff --git a/st2auth/tests/unit/test_handlers.py b/st2auth/tests/unit/test_handlers.py
@@ -48,6 +48,31 @@ def test_proxy_handler(self):
         )
         self.assertEqual(token.user, "test_proxy_handler")
 
+    def test_proxy_handler_no_remote_user(self):
+        h = handlers.ProxyAuthHandler()
+        request = {}
+        token = h.handle_auth(
+            request,
+            headers={},
+            remote_addr=None,
+            remote_user=None,
+            authorization=("basic", DUMMY_CREDS),
+        )
+        self.assertEqual(token.user, "auser")
+
+    def test_proxy_handler_bad_auth(self):
+        h = handlers.ProxyAuthHandler()
+        request = {}
+
+        with self.assertRaises(exc.HTTPUnauthorized):
+            h.handle_auth(
+                request,
+                headers={},
+                remote_addr=None,
+                remote_user=None,
+                authorization=None,
+            )
+
     def test_standalone_bad_auth_type(self):
         h = handlers.StandaloneAuthHandler()
         request = {}

diff --git a/st2common/requirements.txt b/st2common/requirements.txt
@@ -14,7 +14,7 @@ ciso8601
 cryptography==39.0.1
 decorator==4.4.2
 dnspython>=1.16.0,<2.0.0
-eventlet==0.30.2
+eventlet==0.33.3
 flex==6.14.1
 gitdb==4.0.2
 gitpython==3.1.15

diff --git a/st2reactor/requirements.txt b/st2reactor/requirements.txt
@@ -6,7 +6,7 @@
 # in-requirements.txt for that component and then run 'make requirements' to
 # update the component requirements.txt
 apscheduler==3.7.0
-eventlet==0.30.2
+eventlet==0.33.3
 jsonpath-rw==1.4.0
 jsonschema==2.6.0
 kombu==5.0.2

diff --git a/st2stream/requirements.txt b/st2stream/requirements.txt
@@ -5,8 +5,8 @@
 # If you want to update depdencies for a single component, modify the
 # in-requirements.txt for that component and then run 'make requirements' to
 # update the component requirements.txt
-eventlet==0.30.2
-gunicorn==20.1.0
+eventlet==0.33.3
+gunicorn==21.2.0
 jsonschema==2.6.0
 kombu==5.0.2
 mongoengine==0.23.0

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -23,7 +23,7 @@ nose-parallel==0.4.0
 # Required by st2client tests
 pyyaml==5.4.1
 RandomWords
-gunicorn==20.1.0
+gunicorn==21.2.0
 psutil==5.8.0
 webtest==2.0.35
 rstcheck>=3.3.1,<3.4