Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add /api endpoint for automated flows #316

Merged
merged 5 commits into from
Feb 26, 2024
Merged

add /api endpoint for automated flows #316

merged 5 commits into from
Feb 26, 2024

Conversation

reinoud
Copy link
Contributor

@reinoud reinoud commented Jan 10, 2024

To enable automation of sending passwords securely to human users, this MR adds and /api endpoint to set a password.

since this endpoint uses a different root path, the upstream proxy can whitelist it for the internal network, while the normal / path can be configured to need authentication

@reinoud reinoud mentioned this pull request Jan 10, 2024
Open
yurushao
yurushao reviewed Feb 21, 2024
View reviewed changes
snappass/main.py Outdated Show resolved Hide resolved
@yurushao
Copy link
Contributor

This is a great feature to add! Please address the comments and update the PR. Thank you for the contribution.

@yurushao
Copy link
Contributor

yurushao commented Feb 21, 2024
edited
Loading

Hi @reinoud you PR failed some unit tests and flake8 format checks. Please fix them. Thanks!

$ pip install -r dev-requirements.txt
$ tox

@reinoud
Copy link
Contributor Author

reinoud commented Feb 21, 2024 via email

@reinoud
Copy link
Contributor Author

reinoud commented Feb 23, 2024

fixed failing tests and added tests for new endpoint

@yurushao
Copy link
Contributor

CI job failed again https://github.com/pinterest/snappass/actions/runs/8021227936/job/21917221966?pr=316

  flake8: commands[1]> flake8
  ./tests.py:1:1: F401 'json' imported but unused
  import json
  ^
  ./tests.py:149:5: E303 too many blank lines (2)
      def test_set_password_json(self):
      ^
  ./tests.py:206:1: E305 expected 2 blank lines after class or function definition, found 1
  if __name__ == '__main__':
  ^
  flake8: exit 1 (0.26 seconds) /home/runner/work/snappass/snappass> flake8 pid=1937

@yurushao yurushao closed this Feb 23, 2024
@yurushao yurushao reopened this Feb 23, 2024
@reinoud
Copy link
Contributor Author

reinoud commented Feb 23, 2024

ah, overlooked flak8 in the test.py :-) Fixed

@yurushao yurushao merged commit dc321ef into pinterest:master Feb 26, 2024
6 checks passed
@silverl silverl mentioned this pull request Mar 6, 2024
Merged
silverl added a commit to trackabout/snappass that referenced this pull request Mar 7, 2024
@silverl @yurushao
@dependabot @devinlundberg @snyk-bot @xia0pin9 @vin01 @systeembeheerder @reinoud
Bringing in latest from upstream repo (#40)
8275b69 
* Remove py3.7 (pinterest#234)

* Remove py3.7

* Restore cache action

* Bump cryptography from 39.0.2 to 41.0.1 (pinterest#260)

Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.2 to 41.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@39.0.2...41.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump tox from 3.25.0 to 4.6.0 (pinterest#262)

Bumps [tox](https://github.com/tox-dev/tox) from 3.25.0 to 4.6.0.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@3.25.0...4.6.0)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump fakeredis from 1.7.5 to 2.14.1 (pinterest#263)

Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 1.7.5 to 2.14.1.
- [Release notes](https://github.com/cunla/fakeredis-py/releases)
- [Commits](cunla/fakeredis-py@v1.7.5...v2.14.1)

---
updated-dependencies:
- dependency-name: fakeredis
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flask from 2.1.2 to 2.3.2 (pinterest#250)

Bumps [flask](https://github.com/pallets/flask) from 2.1.2 to 2.3.2.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.1.2...2.3.2)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest from 7.1.2 to 7.3.1 (pinterest#243)

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.2 to 7.3.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@7.1.2...7.3.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump redis from 4.5.3 to 4.5.5 (pinterest#253)

Bump redis from 4.3.3 to 4.5.5

Bumps [redis](https://github.com/redis/redis-py) from 4.3.3 to 4.5.5.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v4.3.3...v4.5.5)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuru Shao <[email protected]>

* Bump coverage from 6.4.1 to 7.2.7 (pinterest#267)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 7.2.7.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@6.4.1...7.2.7)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest-cov from 3.0.0 to 4.1.0 (pinterest#266)

Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 3.0.0 to 4.1.0.
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v3.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/checkout from 3 to 4 (pinterest#282)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Snyk] Security upgrade cryptography from 41.0.1 to 41.0.4 (pinterest#284)

fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629

Co-authored-by: snyk-bot <[email protected]>

* Bump tox from 4.6.0 to 4.11.3 (pinterest#287)

Bumps [tox](https://github.com/tox-dev/tox) from 4.6.0 to 4.11.3.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.6.0...4.11.3)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump fakeredis from 2.14.1 to 2.20.0

Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.14.1 to 2.20.0.
- [Release notes](https://github.com/cunla/fakeredis-py/releases)
- [Commits](cunla/fakeredis-py@v2.14.1...v2.20.0)

---
updated-dependencies:
- dependency-name: fakeredis
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump redis from 4.5.5 to 5.0.1

Bumps [redis](https://github.com/redis/redis-py) from 4.5.5 to 5.0.1.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v4.5.5...v5.0.1)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Install deps from requirements.txt (pinterest#303)

* Prepare 1.6.1 release (pinterest#304)

* Prepare 1.6.1 release

* Update configs

* Fix dev requirements

* Bump version: 1.6.0 → 1.6.1 (pinterest#305)

* Use urllib.parse for quoting/unquoting plus instead of deprecated werkzeug.urls (pinterest#300)

Use urllib.parse for quoting/unquoting plus

werkzeug.urls.url_quote_plus and werkzeug.urls.url_unquote_plus were deprecated and are removed in 3.0.0 and newer versions.

* Bump actions/setup-python from 4 to 5 (pinterest#306)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github/codeql-action from 2 to 3 (pinterest#309)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump werkzeug from 2.3.3 to 3.0.1 (pinterest#295)

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.3 to 3.0.1.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@2.3.3...3.0.1)

---
updated-dependencies:
- dependency-name: werkzeug
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flask from 2.3.2 to 3.0.0 (pinterest#294)

Bumps [flask](https://github.com/pallets/flask) from 2.3.2 to 3.0.0.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.3.2...3.0.0)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pytest from 7.3.1 to 7.4.4

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to 7.4.4.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@7.3.1...7.4.4)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump version: 1.6.1 → 1.6.2 (pinterest#311)

* Bump freezegun from 1.2.1 to 1.4.0

Bumps [freezegun](https://github.com/spulec/freezegun) from 1.2.1 to 1.4.0.
- [Release notes](https://github.com/spulec/freezegun/releases)
- [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG)
- [Commits](spulec/freezegun@1.2.1...1.4.0)

---
updated-dependencies:
- dependency-name: freezegun
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump flake8 from 6.0.0 to 7.0.0

Bumps [flake8](https://github.com/pycqa/flake8) from 6.0.0 to 7.0.0.
- [Commits](PyCQA/flake8@6.0.0...7.0.0)

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Add health check endpoint (pinterest#329)

* Add health check endpoint

* Add assertion on  status

* add i18n to Snappass

* Bump fakeredis from 2.20.0 to 2.21.1

Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.20.0 to 2.21.1.
- [Release notes](https://github.com/cunla/fakeredis-py/releases)
- [Commits](cunla/fakeredis-py@v2.20.0...v2.21.1)

---
updated-dependencies:
- dependency-name: fakeredis
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* remove import of flask, g

* Add empty translations for de and es

* Bump cryptography from 41.0.4 to 42.0.3

Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 42.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@41.0.4...42.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Add German Translation

* Bump pytest from 7.4.4 to 8.0.1

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 8.0.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@7.4.4...8.0.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump coverage from 7.2.7 to 7.4.2

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.7 to 7.4.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.2.7...7.4.2)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump tox from 4.11.3 to 4.13.0

Bumps [tox](https://github.com/tox-dev/tox) from 4.11.3 to 4.13.0.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.11.3...4.13.0)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix missing bracket

* restore extra spaces

* Add Spanish and fixup NL&DE

* TIL flake8 :)

* Bump actions/cache from 3 to 4 (pinterest#320)

Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jinja2 from 3.1.2 to 3.1.3 (pinterest#336)

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.2...3.1.3)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add /api endpoint for automated flows (pinterest#316)

* add /api endpoint

* pass password in request body when using API

* flake8 fixed; tests added

* flake8 fixed test.py

---------

Co-authored-by: Reinoud van Leeuwen <[email protected]>

* Bump pytest from 8.0.1 to 8.1.0

Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.0.1 to 8.1.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.0.1...8.1.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Yuru Shao <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devin Lundberg <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Yuping Li <[email protected]>
Co-authored-by: vin01 <[email protected]>
Co-authored-by: systeembeheerder <[email protected]>
Co-authored-by: Reinoud van Leeuwen <[email protected]>
Co-authored-by: Reinoud van Leeuwen <[email protected]>
@silverl silverl mentioned this pull request Nov 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yurushao yurushao yurushao approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@reinoud @yurushao