upgrade python, remove csrf/wtf, commit before coreui upgrade

MetroStar · May 3, 2024 · dd9854a · dd9854a
1 parent effbc6a
commit dd9854a
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 13 deletions.
diff --git a/api/Dockerfile b/api/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11-slim
+FROM python:3.12-slim
 
 RUN apt-get update -y && ACCEPT_EULA=Y \
     DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \

diff --git a/api/api_setup.py b/api/api_setup.py
@@ -3,7 +3,7 @@
 from view_resources.search_view import GetModalData, HostsView, ContainersView, SoftwareView, VulnerabilitiesView, HostAssessmentView, EventsView, AuditView, ChangesView
 from health_resources.health_check import HealthCheck
 from host_resources.add_host import AddHost
-from auth_resources.auth_tokens import AddUserToken, GetUserToken, UpdateUserToken, GetAgentToken, UpdateAgentToken, GetCsrfToken
+from auth_resources.auth_tokens import AddUserToken, GetUserToken, UpdateUserToken, GetAgentToken, UpdateAgentToken#, GetCsrfToken
 from configs_resources.configs import ListConfigurations, UpdateConfigurations
 from event_resources.event_triggers import ListEventTriggers, AddEventTrigger, UpdateEventTrigger, DeleteEventTrigger
 from report_resources.reports import ListHostFields, ListReports, AddReport, UpdateReport, DeleteReport, DownloadReports
@@ -142,7 +142,7 @@ async def add_resources() -> Optional[bool]:
 
         api.add_resource(AuthorizationCheck, "/v1/authorization-check")
 
-        api.add_resource(GetCsrfToken, "/v1/get-csrf-token")
+        # api.add_resource(GetCsrfToken, "/v1/get-csrf-token")
 
         api.add_resource(CreateAccount, "/v1/create-user")
 

diff --git a/api/auth_resources/auth_tokens.py b/api/auth_resources/auth_tokens.py
@@ -2,7 +2,7 @@
 from flask import session, Response, request
 from flask_restful import Resource
 from asyncio import run
-from flask_wtf.csrf import generate_csrf
+# from flask_wtf.csrf import generate_csrf
 import uuid
 import json
 from flask_setup import logger
@@ -160,8 +160,8 @@ class GetCsrfToken(Resource):
     @swag_from("endpoints_spec/get_csrf_token.yml")
     def get(self) -> json:
         try:
-            token: str = generate_csrf()
-            return json.dumps({"csrf_token": token}), 200
+            # token: str = generate_csrf()
+            return json.dumps({"csrf_token": "token"}), 200
 
         except BaseException as e:
             logger.error(e)

diff --git a/api/auth_resources/login.py b/api/auth_resources/login.py
@@ -2,7 +2,7 @@
 from flask import session, request, Response
 from flask_restful import Resource
 from asyncio import run
-from utils.csrf_protection import csrf_protection_enabled
+# from utils.csrf_protection import csrf_protection_enabled
 from db.users.read_users import check_pwd
 from db.users.update_users import db_update_user_attribute
 from utils.timestamps import gen_timestamp
@@ -11,7 +11,7 @@
 
 
 class UserLogin(Resource):
-    @csrf_protection_enabled
+    # @csrf_protection_enabled
     @swag_from("endpoints_spec/user_login.yml")
     def post(self) -> Response:
         try:

diff --git a/api/flask_setup.py b/api/flask_setup.py
@@ -4,7 +4,7 @@
 from flask_session import Session
 from flask_bcrypt import Bcrypt
 from flask_cors import CORS
-from flask_wtf.csrf import CSRFProtect
+# from flask_wtf.csrf import CSRFProtect
 from flasgger import Swagger
 from asgiref.wsgi import WsgiToAsgi
 import logging
@@ -61,7 +61,7 @@
 app.config['WTF_CSRF_CHECK_DEFAULT'] = False
 
 # INITIALIZE FLASK CSRF
-csrf = CSRFProtect(app)
+# csrf = CSRFProtect(app)
 
 swagger = Swagger(app)
 

diff --git a/api/requirements.txt b/api/requirements.txt
@@ -2,7 +2,7 @@ Flask-Bcrypt==1.0.1
 Flask-Cors==4.0.0
 Flask-RESTful==0.3.10
 Flask-Session==0.8.0
-Flask-WTF==1.2.1
+# Flask-WTF==1.2.1
 Flask==3.0.3
 Hypercorn==0.16.0
 Jinja2==3.1.3

diff --git a/api/test.py b/api/test.py
@@ -15,7 +15,7 @@
 app.config['TESTING'] = True
 
 # Disabling CSRF protection for testing
-app.config['WTF_CSRF_ENABLED'] = False
+# app.config['WTF_CSRF_ENABLED'] = False
 
 # Running function to add api endpoints
 run(add_resources())
@@ -151,7 +151,7 @@ def testLoop(self):
         if failure_count > 0:
             print("Paradrop API Tests have FAILURES: " + str(failure_count))
             # TODO: exit(1) should be below but two tests fail in GH Actions but not anywhere else
-            exit(0)
+            # exit(0)
 
         # Adding summary of how many tests we did and how many
         # failures/successes we got into test_log file