Merged
Conversation
When implementing the active users metric, I noticed that Aleph currently updates the role.updated_at column every time a user logs in – so I took the shortcut and simply used that to count the number of users that logged in at least once within a specific period of time. But it turns out that updated_at is only updated on login when using password auth. It isn’t updated when signing in via OAuth, and consequently the active users metric is incorrect when OAuth is used for authentication. I’m fixing this by adding a separate timestamp column that stores when a user last logged in. It’s probably a good idea to make the intent clear (Just reading the name updated_at, most people probably wouldn’t expect that timestamp to be set every time a user logs in.) Note: This currently doesn’t include a test for the expected behavior when logging in via OAuth. There have a lot of changes to authentication testing on the `develop` branch that are not present in `release/4.0.0`, so any changes would lead to annoying merge conflicts later on. I have created a follow-up task to add a separate test for OAuth logins once the 4.0.0 release is out. You can manually test the behavior by configuring your development environment to use an OAuth provider: https://docs.aleph.occrp.org/developers/how-to/development/identity-provider/
catileptic
approved these changes
Aug 22, 2024
Contributor
catileptic
left a comment
catileptic
left a comment
There was a problem hiding this comment.
Looks good to me :) LGIM. Thanks for circling back to this!
tillprochaska
added a commit
that referenced
this pull request
Oct 15, 2024
This is a follow-up to #3852. This PR above didn’t include a test for the expected behavior when logging in via OAuth. There have been a lot of changes to authentication testing on the develop branch that were not present in the 4.0 release branch, so any changes would have lead to annoying merge conflicts down the line. But now that the 4.0 release is integrated, it’s time to add a proper test :)
tillprochaska
added a commit
that referenced
this pull request
Oct 15, 2024
* Add test to cover `last_login_at` timestamp in OAuth workflow This is a follow-up to #3852. This PR above didn’t include a test for the expected behavior when logging in via OAuth. There have been a lot of changes to authentication testing on the develop branch that were not present in the 4.0 release branch, so any changes would have lead to annoying merge conflicts down the line. But now that the 4.0 release is integrated, it’s time to add a proper test :) * Fix OAuth test setup This was an oversight and should have always called `super().setUp()` instead of `super().setUpClass()`. This didn’t fail when running tests for the entire file (`pytest test_sessions_api.py`), but it did always fail when running individual tests (`pytest test_sessions_api.py -k oauth_callback`).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When implementing the active users metric (#3844), I noticed that Aleph currently updates the
role.updated_atcolumn every time a user logs in – so I took the shortcut and simply used that to count the number of users that logged in at least once within a specific period of time. But it turns out thatupdated_atis only updated on login when using password auth. It isn’t updated when signing in via OAuth, and consequently the active users metric is incorrect when OAuth is used for authentication.I’m fixing this by adding a separate timestamp column that stores when a user last logged in. It’s probably a good idea to make the intent clear (Just reading the name updated_at, most people probably wouldn’t expect that timestamp to be set every time a user logs in.)
Note: This currently doesn’t include a test for the expected behavior when logging in via OAuth. There have been lots of changes to authentication testing on the
developbranch that are not present inrelease/4.0.0, so any changes would lead to annoying merge conflicts later on. I have created a follow-up task to add a separate test for OAuth logins once the 4.0.0 release is out. You can manually test the behavior by configuring your development environment to use an OAuth provider.