MOSIP-39952 Fix authorization failure in 1.1.5.5→1.2.0.1 country data migration#409
MOSIP-39952 Fix authorization failure in 1.1.5.5→1.2.0.1 country data migration#409kameshsr wants to merge 5 commits into
Conversation
…→1.2.0.1 migration Signed-off-by: kameshsr <kameshsr1338@gmail.com>
WalkthroughAuthentication in the 1.1.5.5_to_1.2.0.1 upgrade scripts is switched from user/password ( ChangesClient-ID/Secret Auth Migration
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Signed-off-by: kameshsr <kameshsr1338@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@mosip_master/data_upgrade/1.1.5.5_to_1.2.0.1/data-uploader.py`:
- Around line 131-133: The print statement that calls authresponse.json() on
line 131 executes before validating the authentication response on line 132,
which means if the endpoint returns a non-JSON error response or fails
authentication, the json() call will throw an unhandled exception instead of
executing the intended sys.exit error message. Move the
print(json.dumps(authresponse.json())) statement to after the authentication
status code and header validation check (after the if condition that checks
authresponse.status_code and the authorization header), so that JSON parsing
only happens if authentication was successful.
- Line 130: The requests.post call for authURL lacks both a timeout parameter
and exception handling, which can cause the migration to hang indefinitely on
network failures. Add a timeout parameter (e.g., timeout=30) to the
requests.post(authURL, json=auth_req_data) call and wrap it in a try-except
block to catch requests.RequestException. Log the error details and gracefully
handle the failure instead of allowing the unhandled exception to propagate.
Apply the same fix to the similar requests.post calls for uploadURL and
uploadStatusURL to ensure consistent error handling across all external API
calls.
In `@mosip_master/data_upgrade/1.1.5.5_to_1.2.0.1/migration-ui_spec.py`:
- Line 140: The requests.post call in the authresponse assignment on line 140
lacks a timeout parameter and exception handling for network failures. Add a
timeout parameter to the requests.post() call to prevent indefinite hangs, and
wrap the authresponse assignment in a try-except block to catch RequestException
and other network-related errors. Handle these exceptions gracefully by logging
the error and exiting the migration script gracefully rather than allowing an
unhandled exception to crash the script.
In `@mosip_master/data_upgrade/1.1.5.5_to_1.2.0.1/upgrade_commands.txt`:
- Line 1: The migration-ui_spec.py command exposes the CLIENT_SECRET_KEY through
the --secretKey command-line argument, which can be visible in process listings
and logs, creating a security vulnerability. Remove the --secretKey argument
from the command line invocation and modify the migration-ui_spec.py script to
read the secret from environment variables or a protected configuration file
instead. This same principle applies to all similar command invocations in lines
3-7 that expose sensitive credentials via command-line arguments.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 77276cb3-5dd4-42e9-94f2-3e2ffd6517e8
📒 Files selected for processing (4)
mosip_master/data_upgrade/1.1.5.5_to_1.2.0.1/data-uploader.pymosip_master/data_upgrade/1.1.5.5_to_1.2.0.1/migration-ui_spec.pymosip_master/data_upgrade/1.1.5.5_to_1.2.0.1/upgrade.propertiesmosip_master/data_upgrade/1.1.5.5_to_1.2.0.1/upgrade_commands.txt
…work error handling Signed-off-by: kameshsr <kameshsr1338@gmail.com>
…heck Signed-off-by: kameshsr <kameshsr1338@gmail.com>
… argv Signed-off-by: kameshsr <kameshsr1338@gmail.com>
Uh oh!
There was an error while loading. Please reload this page.