public: use a factory to create the app object

Author: jcristau

src/auslib/web/public/base.py

@@ -15,9 +15,6 @@
 
 log = logging.getLogger(__name__)
 
-connexion_app = connexion.App(__name__, specification_dir=".", options={"swagger_ui": False})
-flask_app = connexion_app.app
-
 current_dir = path.dirname(__file__)
 web_dir = path.dirname(auslib.web.__file__)
 spec = (
@@ -28,105 +25,104 @@
     .add_spec(path.join(web_dir, "common/swagger/parameters.yml"))
     .add_spec(path.join(web_dir, "common/swagger/responses.yml"))
 )
-# Response validation should be enabled when it actually works
-connexion_app.add_api(spec, strict_validation=True)
-
-
-@flask_app.after_request
-def apply_security_headers(response):
-    # There's no use cases for content served by Balrog to load additional content
-    # nor be embedded elsewhere, so we apply a strict Content Security Policy.
-    # We also need to set X-Content-Type-Options to nosniff for Firefox to obey this.
-    # See https://bugzilla.mozilla.org/show_bug.cgi?id=1332829#c4 for background.
-    response.headers["Strict-Transport-Security"] = flask_app.config.get("STRICT_TRANSPORT_SECURITY", "max-age=31536000;")
-    response.headers["X-Content-Type-Options"] = flask_app.config.get("CONTENT_TYPE_OPTIONS", "nosniff")
-    if re.match("^/ui/", request.path):
-        # This enables swagger-ui to dynamically fetch and
-        # load the swagger specification JSON file containing API definition and examples.
-        response.headers["X-Frame-Options"] = "SAMEORIGIN"
-    else:
-        response.headers["Content-Security-Policy"] = flask_app.config.get("CONTENT_SECURITY_POLICY", "default-src 'none'; frame-ancestors 'none'")
-    return response
-
-
-@flask_app.errorhandler(404)
-def fourohfour(error):
-    if re.match("^/update", request.path):
-        """We don't return 404s for AUS /update endpoints. Instead, we return empty XML files"""
-        response = make_response('<?xml version="1.0"?>\n<updates>\n</updates>')
-        response.mimetype = "text/xml"
-        return response
-    return Response(status=404, mimetype="text/plain", response=error.description)
-
-
-# Connexion's error handling sometimes breaks when parameters contain
-# unicode characters (https://github.com/zalando/connexion/issues/604).
-# To work around, we catch them and return a 400 (which is what Connexion
-# would do if it didn't hit this error).
-@flask_app.errorhandler(UnicodeEncodeError)
-def unicode(error):
-    return problem(400, "Unicode Error", "Connexion was unable to parse some unicode data correctly.")
-
-
-@flask_app.errorhandler(BadDataError)
-def baddata(error):
-    """Deals with BadDataError exceptions by returning a 400,
-    because BadDataErrors are considered to be the client's fault.
-    """
-    # Escape exception messages before replying with them, because they may
-    # contain user input.
-    # See https://bugzilla.mozilla.org/show_bug.cgi?id=1332829 for background.
-    # We used to look at error.message here, but that disappeared from many
-    # Exception classes in Python 3, so args is the safer bet.
-    # We may want to stop returning messages like this to the client altogether
-    # both because it's ugly and potentially can leak things, but it's also
-    # extremely helpful for debugging BadDataErrors, because we don't send
-    # information about them to Sentry.
-    if hasattr(error, "args"):
-        message = " ".join(str(a) for a in error.args)
-    else:
-        message = repr(error)
-
-    return Response(status=400, mimetype="text/plain", response=html.escape(message, quote=False))
-
-
-@flask_app.errorhandler(Exception)
-def generic(error):
-    """Deals with any unhandled exceptions. It will be sent to Sentry, and re-raised (which causes a 500)."""
 
-    # Sentry doesn't handle exceptions for `@flask_app.errorhandler(Exception)`
-    # implicitly. If Sentry is not configured, the following call returns None.
-    capture_exception(error)
 
-    raise
-
-
-# Keeping static files endpoints here due to an issue when returning response for static files.
-# Similar issue: https://github.com/zalando/connexion/issues/401
-@flask_app.route("/robots.txt")
-def robots():
-    return send_from_directory(flask_app.static_folder, "robots.txt")
-
-
-@flask_app.route("/contribute.json")
-def contributejson():
-    return send_from_directory(flask_app.static_folder, "contribute.json")
-
-
-@flask_app.before_request
-def set_cache_control():
-    # By default, we want a cache that can be shared across requests from
-    # different users ("public").
-    # and a maximum age of 90 seconds, to keep our TTL low.
-    # We bumped this from 60s -> 90s in November, 2016.
-    setattr(flask_app, "cacheControl", flask_app.config.get("CACHE_CONTROL", "public, max-age=90"))
-
-
-@flask_app.route("/debug/api.yml")
-def get_yaml():
-    if flask_app.config.get("SWAGGER_DEBUG", False):
-        import yaml
+def create_app():
+    connexion_app = connexion.App(__name__, specification_dir=".", options={"swagger_ui": False})
+    flask_app = connexion_app.app
+
+    # Response validation should be enabled when it actually works
+    connexion_app.add_api(spec, strict_validation=True)
+
+    @flask_app.after_request
+    def apply_security_headers(response):
+        # There's no use cases for content served by Balrog to load additional content
+        # nor be embedded elsewhere, so we apply a strict Content Security Policy.
+        # We also need to set X-Content-Type-Options to nosniff for Firefox to obey this.
+        # See https://bugzilla.mozilla.org/show_bug.cgi?id=1332829#c4 for background.
+        response.headers["Strict-Transport-Security"] = flask_app.config.get("STRICT_TRANSPORT_SECURITY", "max-age=31536000;")
+        response.headers["X-Content-Type-Options"] = flask_app.config.get("CONTENT_TYPE_OPTIONS", "nosniff")
+        if re.match("^/ui/", request.path):
+            # This enables swagger-ui to dynamically fetch and
+            # load the swagger specification JSON file containing API definition and examples.
+            response.headers["X-Frame-Options"] = "SAMEORIGIN"
+        else:
+            response.headers["Content-Security-Policy"] = flask_app.config.get("CONTENT_SECURITY_POLICY", "default-src 'none'; frame-ancestors 'none'")
+        return response
 
-        app_spec = yaml.dump(spec)
-        return Response(mimetype="text/plain", response=app_spec)
-    return Response(status=404)
+    @flask_app.errorhandler(404)
+    def fourohfour(error):
+        if re.match("^/update", request.path):
+            """We don't return 404s for AUS /update endpoints. Instead, we return empty XML files"""
+            response = make_response('<?xml version="1.0"?>\n<updates>\n</updates>')
+            response.mimetype = "text/xml"
+            return response
+        return Response(status=404, mimetype="text/plain", response=error.description)
+
+    # Connexion's error handling sometimes breaks when parameters contain
+    # unicode characters (https://github.com/zalando/connexion/issues/604).
+    # To work around, we catch them and return a 400 (which is what Connexion
+    # would do if it didn't hit this error).
+    @flask_app.errorhandler(UnicodeEncodeError)
+    def unicode(error):
+        return problem(400, "Unicode Error", "Connexion was unable to parse some unicode data correctly.")
+
+    @flask_app.errorhandler(BadDataError)
+    def baddata(error):
+        """Deals with BadDataError exceptions by returning a 400,
+        because BadDataErrors are considered to be the client's fault.
+        """
+        # Escape exception messages before replying with them, because they may
+        # contain user input.
+        # See https://bugzilla.mozilla.org/show_bug.cgi?id=1332829 for background.
+        # We used to look at error.message here, but that disappeared from many
+        # Exception classes in Python 3, so args is the safer bet.
+        # We may want to stop returning messages like this to the client altogether
+        # both because it's ugly and potentially can leak things, but it's also
+        # extremely helpful for debugging BadDataErrors, because we don't send
+        # information about them to Sentry.
+        if hasattr(error, "args"):
+            message = " ".join(str(a) for a in error.args)
+        else:
+            message = repr(error)
+
+        return Response(status=400, mimetype="text/plain", response=html.escape(message, quote=False))
+
+    @flask_app.errorhandler(Exception)
+    def generic(error):
+        """Deals with any unhandled exceptions. It will be sent to Sentry, and re-raised (which causes a 500)."""
+
+        # Sentry doesn't handle exceptions for `@flask_app.errorhandler(Exception)`
+        # implicitly. If Sentry is not configured, the following call returns None.
+        capture_exception(error)
+
+        raise
+
+    # Keeping static files endpoints here due to an issue when returning response for static files.
+    # Similar issue: https://github.com/zalando/connexion/issues/401
+    @flask_app.route("/robots.txt")
+    def robots():
+        return send_from_directory(flask_app.static_folder, "robots.txt")
+
+    @flask_app.route("/contribute.json")
+    def contributejson():
+        return send_from_directory(flask_app.static_folder, "contribute.json")
+
+    @flask_app.before_request
+    def set_cache_control():
+        # By default, we want a cache that can be shared across requests from
+        # different users ("public").
+        # and a maximum age of 90 seconds, to keep our TTL low.
+        # We bumped this from 60s -> 90s in November, 2016.
+        setattr(flask_app, "cacheControl", flask_app.config.get("CACHE_CONTROL", "public, max-age=90"))
+
+    @flask_app.route("/debug/api.yml")
+    def get_yaml():
+        if flask_app.config.get("SWAGGER_DEBUG", False):
+            import yaml
+
+            app_spec = yaml.dump(spec)
+            return Response(mimetype="text/plain", response=app_spec)
+        return Response(status=404)
+
+    return connexion_app

tests/web/api/base.py

@@ -6,7 +6,7 @@
 
 from auslib.blobs.base import createBlob
 from auslib.global_state import dbo
-from auslib.web.public.base import flask_app as app
+from auslib.web.public.base import create_app
 
 
 def setUpModule():
@@ -18,19 +18,16 @@ def setUpModule():
 class CommonTestBase(unittest.TestCase):
     @classmethod
     def setUpClass(cls):
+        connexion_app = create_app()
+        cls.app = connexion_app.app
         # Error handlers are removed in order to give us better debug messages
-        cls.error_spec = app.error_handler_spec
         # Ripped from https://github.com/pallets/flask/blob/2.3.3/src/flask/scaffold.py#L131-L134
-        app.error_handler_spec = defaultdict(lambda: defaultdict(dict))
-
-    @classmethod
-    def tearDownClass(cls):
-        app.error_handler_spec = cls.error_spec
+        cls.app.error_handler_spec = defaultdict(lambda: defaultdict(dict))
 
     @pytest.fixture(autouse=True)
     def setup(self, insert_release, firefox_54_0_1_build1, firefox_56_0_build1, superblob_e8f4a19, hotfix_bug_1548973_1_1_4, timecop_1_0):
-        app.config["DEBUG"] = True
-        self.public_client = app.test_client()
+        self.app.config["DEBUG"] = True
+        self.public_client = self.app.test_client()
 
         dbo.setDb("sqlite:///:memory:")
         self.metadata.create_all(dbo.engine)

tests/web/conftest.py

@@ -0,0 +1,19 @@
+from collections import defaultdict
+
+import pytest
+
+from auslib.web.public.base import create_app
+
+
+@pytest.fixture(scope="class")
+def app(request):
+    connexion_app = create_app()
+    app = request.cls.app = connexion_app.app
+    return app
+
+
+@pytest.fixture(scope="class")
+def propagate_exceptions(app):
+    # Error handlers are removed in order to give us better debug messages
+    # Ripped from https://github.com/pallets/flask/blob/2.3.3/src/flask/scaffold.py#L131-L134
+    app.error_handler_spec = defaultdict(lambda: defaultdict(dict))