1900805255

Committed 01 Jul 2025 05:31PM UTC coverage: 66.222% (+0.5%) from 65.694%

Build # 1900805255

Build Type

Pull #774

gitlab-ci

Committed by

web-flow

Commit Message

chore: bump pillow from 11.2.1 to 11.3.0 in /backend/tests

Bumps [pillow](https://github.com/python-pillow/Pillow) from 11.2.1 to 11.3.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/11.2.1...11.3.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-version: 11.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Pull Request Pull Request #774: chore: bump pillow from 11.2.1 to 11.3.0 in /backend/tests

Run Details

29486 of 44526 relevant lines covered (66.22%)

1.44 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

77.78

/backend/pkg/identity/middleware.go

// Copyright 2023 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package identity

import (
        "net/http"
        "regexp"

        "github.com/ant0ine/go-json-rest/rest"
        "github.com/gin-gonic/gin"

        "github.com/mendersoftware/mender-server/pkg/log"
        urest "github.com/mendersoftware/mender-server/pkg/rest.utils"
)

type MiddlewareOptions struct {
        // PathRegex sets the regex for the path for which this middleware
        // applies. Defaults to "^/api/management/v[0-9.]{1,6}/.+".
        PathRegex *string

        // UpdateLogger adds the decoded identity to the log context.
        UpdateLogger *bool
}

func NewMiddlewareOptions() *MiddlewareOptions {
        return new(MiddlewareOptions)
}

func (opts *MiddlewareOptions) SetPathRegex(regex string) *MiddlewareOptions {
        opts.PathRegex = &regex
        return opts
}

func (opts *MiddlewareOptions) SetUpdateLogger(updateLogger bool) *MiddlewareOptions {
        opts.UpdateLogger = &updateLogger
        return opts
}

func middlewareWithLogger(c *gin.Context) {
        var (
                err    error
                jwt    string
                idty   Identity
                logCtx = log.Ctx{}
                key    = "sub"
                ctx    = c.Request.Context()
                l      = log.FromContext(ctx)
        )
        jwt, err = ExtractJWTFromHeader(c.Request)
        if err != nil {
                goto exitUnauthorized
        }
        idty, err = ExtractIdentity(jwt)
        if err != nil {
                goto exitUnauthorized
        }
        ctx = WithContext(ctx, &idty)
        if idty.IsDevice {
                key = "device_id"
        } else if idty.IsUser {
                key = "user_id"
        }
        logCtx[key] = idty.Subject
        if idty.Tenant != "" {
                logCtx["tenant_id"] = idty.Tenant
        }
        if idty.Plan != "" {
                logCtx["plan"] = idty.Plan
        }
        ctx = log.WithContext(ctx, l.F(logCtx))

        c.Request = c.Request.WithContext(ctx)
        return
exitUnauthorized:
        c.Header("WWW-Authenticate", `Bearer realm="ManagementJWT"`)
        urest.RenderError(c, http.StatusUnauthorized, err)
        c.Abort()
}

func middlewareBase(c *gin.Context) {
        var (
                err  error
                jwt  string
                idty Identity
                ctx  = c.Request.Context()
        )
        jwt, err = ExtractJWTFromHeader(c.Request)
        if err != nil {
                goto exitUnauthorized
        }
        idty, err = ExtractIdentity(jwt)
        if err != nil {
                goto exitUnauthorized
        }
        ctx = WithContext(ctx, &idty)
        c.Request = c.Request.WithContext(ctx)
        return
exitUnauthorized:
        c.Header("WWW-Authenticate", `Bearer realm="ManagementJWT"`)
        urest.RenderError(c, http.StatusUnauthorized, err)
        c.Abort()
}

func Middleware(opts ...*MiddlewareOptions) gin.HandlerFunc {

        var middleware gin.HandlerFunc

        // Initialize default options
        opt := NewMiddlewareOptions().
                SetUpdateLogger(true)
        for _, o := range opts {
                if o == nil {
                        continue
                }
                if o.PathRegex != nil {
                        opt.PathRegex = o.PathRegex
                }
                if o.UpdateLogger != nil {
                        opt.UpdateLogger = o.UpdateLogger
                }
        }

        if *opt.UpdateLogger {
                middleware = middlewareWithLogger
        } else {
                middleware = middlewareBase
        }

        if opt.PathRegex != nil {
                pathRegex := regexp.MustCompile(*opt.PathRegex)
                return func(c *gin.Context) {
                        if !pathRegex.MatchString(c.FullPath()) {
                                return
                        }
                        middleware(c)
                }
        }
        return middleware
}

// IdentityMiddleware adds the identity extracted from JWT token to the request's context.
// IdentityMiddleware does not perform any form of token signature verification.
// If it is not possible to extract identity from header error log will be generated.
// IdentityMiddleware will not stop control propagating through the chain in any case.
// It is recommended to use IdentityMiddleware with RequestLogMiddleware and
// RequestLogMiddleware should be placed before IdentityMiddleware.
// Otherwise, log generated by IdentityMiddleware will not contain "request_id" field.
type IdentityMiddleware struct {
        // If set to true, the middleware will update context logger setting
        // 'user_id' or 'device_id' to the value of subject field, if the token
        // is not a user or a device token, the middelware will add a 'sub'
        // field to the logger
        UpdateLogger bool
}

// MiddlewareFunc makes IdentityMiddleware implement the Middleware interface.
func (mw *IdentityMiddleware) MiddlewareFunc(h rest.HandlerFunc) rest.HandlerFunc {
        return func(w rest.ResponseWriter, r *rest.Request) {
                jwt, err := ExtractJWTFromHeader(r.Request)
                if err != nil {
                        h(w, r)
                        return
                }

                ctx := r.Context()
                l := log.FromContext(ctx)

                identity, err := ExtractIdentity(jwt)
                if err != nil {
                        l.Warnf("Failed to parse extracted JWT: %s",
                                err.Error(),
                        )
                } else {
                        if mw.UpdateLogger {
                                logCtx := log.Ctx{}

                                key := "sub"
                                if identity.IsDevice {
                                        key = "device_id"
                                } else if identity.IsUser {
                                        key = "user_id"
                                }

                                logCtx[key] = identity.Subject

                                if identity.Tenant != "" {
                                        logCtx["tenant_id"] = identity.Tenant
                                }

                                if identity.Plan != "" {
                                        logCtx["plan"] = identity.Plan
                                }

                                l = l.F(logCtx)
                                ctx = log.WithContext(ctx, l)
                        }
                        ctx = WithContext(ctx, &identity)
                        r.Request = r.WithContext(ctx)
                }

                h(w, r)
        }
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package identity
16
17	import (
18	"net/http"
19	"regexp"
20
21	"github.com/ant0ine/go-json-rest/rest"
22	"github.com/gin-gonic/gin"
23
24	"github.com/mendersoftware/mender-server/pkg/log"
25	urest "github.com/mendersoftware/mender-server/pkg/rest.utils"
26	)
27
28	type MiddlewareOptions struct {
29	// PathRegex sets the regex for the path for which this middleware
30	// applies. Defaults to "^/api/management/v[0-9.]{1,6}/.+".
31	PathRegex *string
32
33	// UpdateLogger adds the decoded identity to the log context.
34	UpdateLogger *bool
35	}
36
37	func NewMiddlewareOptions() *MiddlewareOptions {	7✔
38	return new(MiddlewareOptions)	7✔
39	}	7✔
40
41	func (opts MiddlewareOptions) SetPathRegex(regex string) MiddlewareOptions {	2✔
42	opts.PathRegex = &regex	2✔
43	return opts	2✔
44	}	2✔
45
46	func (opts MiddlewareOptions) SetUpdateLogger(updateLogger bool) MiddlewareOptions {	7✔
47	opts.UpdateLogger = &updateLogger	7✔
48	return opts	7✔
49	}	7✔
50
51	func middlewareWithLogger(c *gin.Context) {	7✔
52	var (	7✔
53	err error	7✔
54	jwt string	7✔
55	idty Identity	7✔
56	logCtx = log.Ctx{}	7✔
57	key = "sub"	7✔
58	ctx = c.Request.Context()	7✔
59	l = log.FromContext(ctx)	7✔
60	)	7✔
61	jwt, err = ExtractJWTFromHeader(c.Request)	7✔
62	if err != nil {	10✔
63	goto exitUnauthorized	3✔
64	}
65	idty, err = ExtractIdentity(jwt)	7✔
66	if err != nil {	8✔
67	goto exitUnauthorized	1✔
68	}
69	ctx = WithContext(ctx, &idty)	7✔
70	if idty.IsDevice {	12✔
71	key = "device_id"	5✔
72	} else if idty.IsUser {	18✔
73	key = "user_id"	6✔
74	}	6✔
75	logCtx[key] = idty.Subject	7✔
76	if idty.Tenant != "" {	11✔
77	logCtx["tenant_id"] = idty.Tenant	4✔
78	}	4✔
79	if idty.Plan != "" {	10✔
80	logCtx["plan"] = idty.Plan	3✔
81	}	3✔
82	ctx = log.WithContext(ctx, l.F(logCtx))	7✔
83		7✔
84	c.Request = c.Request.WithContext(ctx)	7✔
85	return	7✔
86	exitUnauthorized:	7✔
87	c.Header("WWW-Authenticate", `Bearer realm="ManagementJWT"`)	3✔
88	urest.RenderError(c, http.StatusUnauthorized, err)	3✔
89	c.Abort()	3✔
90	}
91
92	func middlewareBase(c *gin.Context) {	×
93	var (	×
94	err error	×
95	jwt string	×
96	idty Identity	×
97	ctx = c.Request.Context()	×
98	)	×
99	jwt, err = ExtractJWTFromHeader(c.Request)	×
100	if err != nil {	×
101	goto exitUnauthorized	×
102	}
103	idty, err = ExtractIdentity(jwt)	×
104	if err != nil {	×
105	goto exitUnauthorized	×
106	}
107	ctx = WithContext(ctx, &idty)	×
108	c.Request = c.Request.WithContext(ctx)	×
109	return	×
110	exitUnauthorized:	×
111	c.Header("WWW-Authenticate", `Bearer realm="ManagementJWT"`)	×
112	urest.RenderError(c, http.StatusUnauthorized, err)	×
113	c.Abort()	×
114	}
115
116	func Middleware(opts ...*MiddlewareOptions) gin.HandlerFunc {	7✔
117		7✔
118	var middleware gin.HandlerFunc	7✔
119		7✔
120	// Initialize default options	7✔
121	opt := NewMiddlewareOptions().	7✔
122	SetUpdateLogger(true)	7✔
123	for _, o := range opts {	9✔
124	if o == nil {	2✔
125	continue	×
126	}
127	if o.PathRegex != nil {	4✔
128	opt.PathRegex = o.PathRegex	2✔
129	}	2✔
130	if o.UpdateLogger != nil {	2✔
131	opt.UpdateLogger = o.UpdateLogger	×
132	}	×
133	}
134
135	if *opt.UpdateLogger {	14✔
136	middleware = middlewareWithLogger	7✔
137	} else {	7✔
138	middleware = middlewareBase	×
139	}	×
140
141	if opt.PathRegex != nil {	9✔
142	pathRegex := regexp.MustCompile(*opt.PathRegex)	2✔
143	return func(c *gin.Context) {	4✔
144	if !pathRegex.MatchString(c.FullPath()) {	4✔
145	return	2✔
146	}	2✔
147	middleware(c)	2✔
148	}
149	}
150	return middleware	6✔
151	}
152
153	// IdentityMiddleware adds the identity extracted from JWT token to the request's context.
154	// IdentityMiddleware does not perform any form of token signature verification.
155	// If it is not possible to extract identity from header error log will be generated.
156	// IdentityMiddleware will not stop control propagating through the chain in any case.
157	// It is recommended to use IdentityMiddleware with RequestLogMiddleware and
158	// RequestLogMiddleware should be placed before IdentityMiddleware.
159	// Otherwise, log generated by IdentityMiddleware will not contain "request_id" field.
160	type IdentityMiddleware struct {
161	// If set to true, the middleware will update context logger setting
162	// 'user_id' or 'device_id' to the value of subject field, if the token
163	// is not a user or a device token, the middelware will add a 'sub'
164	// field to the logger
165	UpdateLogger bool
166	}
167
168	// MiddlewareFunc makes IdentityMiddleware implement the Middleware interface.
169	func (mw *IdentityMiddleware) MiddlewareFunc(h rest.HandlerFunc) rest.HandlerFunc {	2✔
170	return func(w rest.ResponseWriter, r *rest.Request) {	4✔
171	jwt, err := ExtractJWTFromHeader(r.Request)	2✔
172	if err != nil {	4✔
173	h(w, r)	2✔
174	return	2✔
175	}	2✔
176
177	ctx := r.Context()	2✔
178	l := log.FromContext(ctx)	2✔
179		2✔
180	identity, err := ExtractIdentity(jwt)	2✔
181	if err != nil {	3✔
182	l.Warnf("Failed to parse extracted JWT: %s",	1✔
183	err.Error(),	1✔
184	)	1✔
185	} else {	3✔
186	if mw.UpdateLogger {	4✔
187	logCtx := log.Ctx{}	2✔
188		2✔
189	key := "sub"	2✔
190	if identity.IsDevice {	2✔
191	key = "device_id"	×
192	} else if identity.IsUser {	4✔
193	key = "user_id"	2✔
194	}	2✔
195
196	logCtx[key] = identity.Subject	2✔
197		2✔
198	if identity.Tenant != "" {	2✔
199	logCtx["tenant_id"] = identity.Tenant	×
200	}	×
201
202	if identity.Plan != "" {	2✔
203	logCtx["plan"] = identity.Plan	×
204	}	×
205
206	l = l.F(logCtx)	2✔
207	ctx = log.WithContext(ctx, l)	2✔
208	}
209	ctx = WithContext(ctx, &identity)	2✔
210	r.Request = r.WithContext(ctx)	2✔
211	}
212
213	h(w, r)	2✔
214	}
215	}

mendersoftware / mender-server / 1900805255

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous