zulip/zerver/lib/redis_utils.py

import re
import secrets
from typing import Any, Dict, Mapping, Optional

import orjson
import redis
from django.conf import settings

# Redis accepts keys up to 512MB in size, but there's no reason for us to use such size,
# so we want to stay limited to 1024 characters.
MAX_KEY_LENGTH = 1024

class ZulipRedisError(Exception):
    pass

class ZulipRedisKeyTooLongError(ZulipRedisError):
    pass

class ZulipRedisKeyOfWrongFormatError(ZulipRedisError):
    pass

def get_redis_client() -> redis.StrictRedis:
    return redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT,
                             password=settings.REDIS_PASSWORD, db=0)

def put_dict_in_redis(redis_client: redis.StrictRedis, key_format: str,
                      data_to_store: Mapping[str, Any],
                      expiration_seconds: int,
                      token_length: int=64,
                      token: Optional[str]=None) -> str:
    key_length = len(key_format) - len('{token}') + token_length
    if key_length > MAX_KEY_LENGTH:
        error_msg = "Requested key too long in put_dict_in_redis. Key format: %s, token length: %s"
        raise ZulipRedisKeyTooLongError(error_msg % (key_format, token_length))
    if token is None:
        token = secrets.token_hex(token_length // 2)
    key = key_format.format(token=token)
    with redis_client.pipeline() as pipeline:
        pipeline.set(key, orjson.dumps(data_to_store))
        pipeline.expire(key, expiration_seconds)
        pipeline.execute()

    return key

def get_dict_from_redis(redis_client: redis.StrictRedis, key_format: str, key: str,
                        ) -> Optional[Dict[str, Any]]:
    # This function requires inputting the intended key_format to validate
    # that the key fits it, as an additionally security measure. This protects
    # against bugs where a caller requests a key based on user input and doesn't
    # validate it - which could potentially allow users to poke around arbitrary redis keys.
    if len(key) > MAX_KEY_LENGTH:
        error_msg = "Requested key too long in get_dict_from_redis: %s"
        raise ZulipRedisKeyTooLongError(error_msg % (key,))
    validate_key_fits_format(key, key_format)

    data = redis_client.get(key)
    if data is None:
        return None
    return orjson.loads(data)

def validate_key_fits_format(key: str, key_format: str) -> None:
    assert "{token}" in key_format
    regex = key_format.format(token=r"[a-zA-Z0-9]+")

    if not re.fullmatch(regex, key):
        raise ZulipRedisKeyOfWrongFormatError(f"{key} does not match format {key_format}")
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`import re`
python: Use standard secrets module to generate random tokens. There are three functional side effects: • Correct an insignificant but mathematically offensive bias toward repeated characters in generate_api_key introduced in commit 47b4283c4b4c70ecde4d3c8de871c90ee2506d87; its entropy is increased from 190.52864 bits to 190.53428 bits. • Use the base32 alphabet in confirmation.models.generate_key; its entropy is reduced from 124.07820 bits to the documented 120 bits, but now it uses 1 syscall instead of 24. • Use the base32 alphabet in get_bigbluebutton_url; its entropy is reduced from 51.69925 bits to 50 bits, but now it uses 1 syscall instead of 10. (The base32 alphabet is A-Z 2-7. We could probably replace all of these with plain secrets.token_urlsafe, since I expect most callers can handle the full urlsafe_b64 alphabet A-Z a-z 0-9 - _ without problems.) Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-09-05 04:02:13 +02:00			`import secrets`
auth: Avoid unchecked casts. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-23 00:39:19 +02:00			`from typing import Any, Dict, Mapping, Optional`
Add helper function for returning a Redis client (imported from commit 47f87d388d24343ac6b631181a55287eb8cd4a6d) 2014-02-05 00:35:32 +01:00
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00			`import orjson`
Add helper function for returning a Redis client (imported from commit 47f87d388d24343ac6b631181a55287eb8cd4a6d) 2014-02-05 00:35:32 +01:00			`import redis`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`from django.conf import settings`

redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`# Redis accepts keys up to 512MB in size, but there's no reason for us to use such size,`
			`# so we want to stay limited to 1024 characters.`
			`MAX_KEY_LENGTH = 1024`

redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00			`class ZulipRedisError(Exception):`
			`pass`

			`class ZulipRedisKeyTooLongError(ZulipRedisError):`
			`pass`

			`class ZulipRedisKeyOfWrongFormatError(ZulipRedisError):`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`pass`

zerver/lib: Use python 3 syntax for typing. With tweaks by tabbott to fix line spacing. 2017-11-05 11:15:10 +01:00			`def get_redis_client() -> redis.StrictRedis:`
settings: Add support for specifying a remote redis password. 2016-08-01 04:51:00 +02:00			`return redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT,`
			`password=settings.REDIS_PASSWORD, db=0)`
redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00
			`def put_dict_in_redis(redis_client: redis.StrictRedis, key_format: str,`
auth: Avoid unchecked casts. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-23 00:39:19 +02:00			`data_to_store: Mapping[str, Any],`
auth: Use tokens, with data stored in redis, for log_into_subdomain. The desktop otp flow (to be added in next commits) will want to generate one-time tokens for the app that will allow it to obtain an authenticated session. log_into_subdomain will be the endpoint to pass the one-time token to. Currently it uses signed data as its input "tokens", which is not compatible with the otp flow, which requires simpler (and fixed-length) token. Thus the correct scheme to use is to store the authenticated data in redis and return a token tied to the data, which should be passed to the log_into_subdomain endpoint. In this commit, we replace the "pass signed data around" scheme with the redis scheme, because there's no point having both. 2020-01-23 12:21:55 +01:00			`expiration_seconds: int,`
redis_utils: Extend `put_dict_in_redis` to accept token as param. This extends `put_dict_in_redis` to take token as an argument and return that with the as a `key` with following key format. Also, edit regex for token to include uppercase letters as a token sent during apple authentication contains uppercase letters. Useful for Adding "Sign in with Apple" support. 2020-04-26 23:00:54 +02:00			`token_length: int=64,`
			`token: Optional[str]=None) -> str:`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`key_length = len(key_format) - len('{token}') + token_length`
			`if key_length > MAX_KEY_LENGTH:`
			`error_msg = "Requested key too long in put_dict_in_redis. Key format: %s, token length: %s"`
			`raise ZulipRedisKeyTooLongError(error_msg % (key_format, token_length))`
redis_utils: Extend `put_dict_in_redis` to accept token as param. This extends `put_dict_in_redis` to take token as an argument and return that with the as a `key` with following key format. Also, edit regex for token to include uppercase letters as a token sent during apple authentication contains uppercase letters. Useful for Adding "Sign in with Apple" support. 2020-04-26 23:00:54 +02:00			`if token is None:`
python: Use standard secrets module to generate random tokens. There are three functional side effects: • Correct an insignificant but mathematically offensive bias toward repeated characters in generate_api_key introduced in commit 47b4283c4b4c70ecde4d3c8de871c90ee2506d87; its entropy is increased from 190.52864 bits to 190.53428 bits. • Use the base32 alphabet in confirmation.models.generate_key; its entropy is reduced from 124.07820 bits to the documented 120 bits, but now it uses 1 syscall instead of 24. • Use the base32 alphabet in get_bigbluebutton_url; its entropy is reduced from 51.69925 bits to 50 bits, but now it uses 1 syscall instead of 10. (The base32 alphabet is A-Z 2-7. We could probably replace all of these with plain secrets.token_urlsafe, since I expect most callers can handle the full urlsafe_b64 alphabet A-Z a-z 0-9 - _ without problems.) Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-09-05 04:02:13 +02:00			`token = secrets.token_hex(token_length // 2)`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`key = key_format.format(token=token)`
redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00			`with redis_client.pipeline() as pipeline:`
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00			`pipeline.set(key, orjson.dumps(data_to_store))`
redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00			`pipeline.expire(key, expiration_seconds)`
			`pipeline.execute()`

			`return key`

python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \\|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-10 05:23:40 +02:00			`def get_dict_from_redis(redis_client: redis.StrictRedis, key_format: str, key: str,`
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00			`) -> Optional[Dict[str, Any]]:`
			`# This function requires inputting the intended key_format to validate`
			`# that the key fits it, as an additionally security measure. This protects`
			`# against bugs where a caller requests a key based on user input and doesn't`
			`# validate it - which could potentially allow users to poke around arbitrary redis keys.`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`if len(key) > MAX_KEY_LENGTH:`
			`error_msg = "Requested key too long in get_dict_from_redis: %s"`
			`raise ZulipRedisKeyTooLongError(error_msg % (key,))`
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00			`validate_key_fits_format(key, key_format)`

redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00			`data = redis_client.get(key)`
			`if data is None:`
			`return None`
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00			`return orjson.loads(data)`
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00
			`def validate_key_fits_format(key: str, key_format: str) -> None:`
			`assert "{token}" in key_format`
redis_utils: Extend `put_dict_in_redis` to accept token as param. This extends `put_dict_in_redis` to take token as an argument and return that with the as a `key` with following key format. Also, edit regex for token to include uppercase letters as a token sent during apple authentication contains uppercase letters. Useful for Adding "Sign in with Apple" support. 2020-04-26 23:00:54 +02:00			`regex = key_format.format(token=r"[a-zA-Z0-9]+")`
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00
			`if not re.fullmatch(regex, key):`
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-10 06:41:04 +02:00			`raise ZulipRedisKeyOfWrongFormatError(f"{key} does not match format {key_format}")`