I inherited a codebase to maintain that had an authentication module added on prior to my starting on project. People submit jobs (model files to be solved by our framework) and we return the results to them. Jobs submitted by authenticated users have their username tracked along with their jobs so they can find the results in bulk at a later point.
None of the people who wrote any of the code are around to ask for help. The codebase isn't using any framework, it's all home-grown. The infrastructure is significant enough that switching to a reliable framework is not going to happen.
Here's the problem:
Some authenticated users are seeing jobs which do not belong to them.
(apologies for the vagueness but I'm hoping to first validate the high level setup, and if there are suggestions for a weak-link, then inspect that part in detail)
The current job process is:
web-client
-> submit form to nph-job.cgi
nph-job.cgi
-> calls a python script (job.py) to do the job submission
job.py
-> pings the job server, proceed if job server is ready
-> fetches the cookies from os.environ.get('HTTP_COOKIE')
-> checks authentication with authentication server
-> if authenticated, submit job as authenticated user, otherwise submit job as user None
First question:
Are there any obvious problems with the high level flow?
Second question:
Is fetching the cookies from the nph-job.cgi submission in job.py legitimate?
I've read that each os.environ is uniquely associated with a request, but if it isn't, this whole system is never going to work in the real world. It does test out fine with a single job submission but what I'm wondering is if it can fail when multiple jobs are submitted at the same (or nearly the same) time. Pinging the other server does introduce a delay before the authentication processing...but there's no clear evidence of why this should break anything.
If the os.environ is uniquely associated at the .cgi step but the step of calling a python function or doing other time-intensive tasks risks breaking that connection (no idea how, just grasping), I could easily restructure the code to do the authentication directly in nph-job.cgi but I'm worried I'll just make it less likely to have the problem but it doesn't truly fix the problem.
Summary:
I'm not sure there's enough specifics for anyone to be able to help but I'd appreciate any thoughts or advice. I can post any code as needed if specific questions come up. Thanks!
None of the people who wrote any of the code are around to ask for help. The codebase isn't using any framework, it's all home-grown. The infrastructure is significant enough that switching to a reliable framework is not going to happen.
Here's the problem:
Some authenticated users are seeing jobs which do not belong to them.
(apologies for the vagueness but I'm hoping to first validate the high level setup, and if there are suggestions for a weak-link, then inspect that part in detail)
The current job process is:
web-client
-> submit form to nph-job.cgi
nph-job.cgi
-> calls a python script (job.py) to do the job submission
job.py
-> pings the job server, proceed if job server is ready
-> fetches the cookies from os.environ.get('HTTP_COOKIE')
-> checks authentication with authentication server
-> if authenticated, submit job as authenticated user, otherwise submit job as user None
First question:
Are there any obvious problems with the high level flow?
Second question:
Is fetching the cookies from the nph-job.cgi submission in job.py legitimate?
I've read that each os.environ is uniquely associated with a request, but if it isn't, this whole system is never going to work in the real world. It does test out fine with a single job submission but what I'm wondering is if it can fail when multiple jobs are submitted at the same (or nearly the same) time. Pinging the other server does introduce a delay before the authentication processing...but there's no clear evidence of why this should break anything.
If the os.environ is uniquely associated at the .cgi step but the step of calling a python function or doing other time-intensive tasks risks breaking that connection (no idea how, just grasping), I could easily restructure the code to do the authentication directly in nph-job.cgi but I'm worried I'll just make it less likely to have the problem but it doesn't truly fix the problem.
Summary:
I'm not sure there's enough specifics for anyone to be able to help but I'd appreciate any thoughts or advice. I can post any code as needed if specific questions come up. Thanks!