From 89e2ae4f38115226b42f39d889bf0615a9411545 Mon Sep 17 00:00:00 2001
From: Greg Mundy <gregmundy@gmail.com>
Date: Tue, 25 Feb 2020 23:18:14 -0500
Subject: [PATCH] fix: resolve redirect issue with aws elb

Resolve the AWS ELB redirect issue by using Werkzeug's ProxyFix to ensure that the application sends the correct
headers for HTTPS. Cleaned up database migration to eliminate unnecessary clients and standardize on initial usernames.
---
 authserver/api/home.py         |  6 +++---
 authserver/api/oauth2.py       |  1 -
 authserver/api/user.py         |  2 --
 authserver/app/app.py          |  2 +-
 authserver/config/config.py    | 12 ++++++++++++
 authserver/db/models/models.py |  2 +-
 tests/api/test_all_apis.py     |  6 ++----
 wsgi.py                        |  6 ++++++
 8 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/authserver/api/home.py b/authserver/api/home.py
index eae261c..69b8427 100644
--- a/authserver/api/home.py
+++ b/authserver/api/home.py
@@ -25,7 +25,7 @@ def login():
             return render_template('login.html', form=form)
         else:
             return render_template('login.html', client_id=client_id, return_to=return_to, form=form)
-    
+
     if form.validate():
         username = form.username.data
         password = form.password.data
@@ -36,10 +36,10 @@ def login():
                 errors = "You do not have an active user account."
             elif not user.verify_password(password):
                 errors = "You did not enter a valid password."
-            else: 
+            else:
                 session['id'] = user.id
                 return redirect(return_to)
         except AttributeError:
             errors = "You did not enter valid login credentials."
 
-        return render_template('login.html', client_id=client_id, return_to=return_to, form=form, errors=errors)
\ No newline at end of file
+        return render_template('login.html', client_id=client_id, return_to=return_to, form=form, errors=errors)
diff --git a/authserver/api/oauth2.py b/authserver/api/oauth2.py
index 44d3b54..8d48e53 100644
--- a/authserver/api/oauth2.py
+++ b/authserver/api/oauth2.py
@@ -56,7 +56,6 @@ def _client_authorized(client_id, user_id):
 def authorize():
     errors = None
     user = _current_user()
-    print('Hello........')
     if not user:
         client_id = request.args.get('client_id')
         return redirect(url_for('home_ep.login', client_id=client_id, return_to=request.url))
diff --git a/authserver/api/user.py b/authserver/api/user.py
index 6a49690..5903825 100644
--- a/authserver/api/user.py
+++ b/authserver/api/user.py
@@ -119,8 +119,6 @@ def post(self, action, id: str = None):
                         data_trust_id=request_data['data_trust_id'])
             if 'telephone' in request_data.keys():
                 user.telephone = request_data['telephone']
-            else:
-                user.telephone = 'N/A'
             db.session.add(user)
             db.session.commit()
         except Exception as e:
diff --git a/authserver/app/app.py b/authserver/app/app.py
index beeb179..762d5f3 100644
--- a/authserver/app/app.py
+++ b/authserver/app/app.py
@@ -35,7 +35,7 @@ def create_app(environment: str = None):
             'password': 864000,
             'client_credentials': 60 * 5
         },
-        SECRET_KEY=b'iamasupersecretsecretkey'
+        SECRET_KEY=ConfigurationFactory.generate_secret_key()
     )
     db.init_app(app)
     config_oauth(app)
diff --git a/authserver/config/config.py b/authserver/config/config.py
index 2b0b821..73d6efc 100644
--- a/authserver/config/config.py
+++ b/authserver/config/config.py
@@ -193,3 +193,15 @@ def get_config(environment: str):
         else:
             raise ConfigurationEnvironmentNotFoundError(
                 'Cannot find configuration of type {}'.format(environment))
+
+    @staticmethod
+    def generate_secret_key():
+        """Generate a secret for securing the Flask session.
+        Returns:
+            byte: A random string of bytes for secret.
+        """
+        environment = os.getenv('APP_ENV', 'development')
+        if environment.lower() == 'production':
+            return os.getenv('SECRET_KEY', os.urandom(16))
+        else:
+            return b'supersecretaccesscode'
diff --git a/authserver/db/models/models.py b/authserver/db/models/models.py
index 43064c9..73ee287 100644
--- a/authserver/db/models/models.py
+++ b/authserver/db/models/models.py
@@ -133,7 +133,7 @@ class Meta:
     lastname = fields.String(required=True)
     organization = fields.String(required=True)
     email_address = fields.Email(required=True)
-    telephone = fields.String(required=True)
+    telephone = fields.String(required=False)
     active = fields.Boolean(dump_only=True)
     data_trust_id = fields.String(required=True)
     date_created = fields.DateTime(dump_only=True)
diff --git a/tests/api/test_all_apis.py b/tests/api/test_all_apis.py
index f8cf753..448ded8 100644
--- a/tests/api/test_all_apis.py
+++ b/tests/api/test_all_apis.py
@@ -120,8 +120,7 @@
         'email_address': 'user7@brighthive.me',
         'username': 'user7',
         'password': 'password',
-        'data_trust_id': '',
-        'telephone': '967-555-1234'
+        'data_trust_id': ''
     },
     {
         'firstname': 'Danielle',
@@ -130,8 +129,7 @@
         'email_address': 'user8@brighthive.me',
         'username': 'user8',
         'password': 'password',
-        'data_trust_id': '',
-        'telephone': '681-555-0123'
+        'data_trust_id': ''
     }
 ]
 
diff --git a/wsgi.py b/wsgi.py
index 88ca5e6..a5c5205 100644
--- a/wsgi.py
+++ b/wsgi.py
@@ -1,5 +1,11 @@
 import os
 from authserver import create_app
+
+from werkzeug.middleware.proxy_fix import ProxyFix
+
 environment = os.getenv('APP_ENV', None)
 
 app = application = create_app(environment)
+
+if environment == 'PRODUCTION':
+    app = ProxyFix(app)