Commit ddee1a2a authored by John Davis's avatar John Davis
Browse files

Merge branch 'release_24.2' into release_25.0

parents 59b5b6be 2edc3359

doc/source/admin/production.md

+1 −1
Original line number Diff line number Diff line
@@ -194,5 +194,5 @@ The list of tasks that are currently handled by `Celery` can be found in `lib/ga 
To enable Celery in your instance you need to follow some additional steps:



-   Set `enable_celery_tasks: true` in the Galaxy config.

-   Configure the `backend` under `celery_conf` to store the results of the tasks. For example, you can use [`redis` as the backend](https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html#broker-redis). If you are using `redis`, make sure to install the `redis` dependency in your Galaxy environment with `pip install redis`. You can find more information on how to configure other backends in the [Celery documentation](https://docs.celeryq.dev/en/stable/userguide/tasks.html#task-result-backends).

-   Configure the `backend` under `celery_conf` to store the results of the tasks. For example, you can use [`redis` as the backend](https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html#broker-redis). If you are using `redis`, make sure to install the `redis` dependency in your Galaxy environment with `pip install redis`. You can find more information on how to configure other backends in the [Celery documentation](https://docs.celeryq.dev/en/stable/userguide/tasks.html#task-result-backends). Keep in mind that you should not reuse the main Galaxy database as a backend for Celery.

-   Configure one or more workers to handle the tasks. You can find more information on how to configure workers in the [Celery documentation](https://docs.celeryq.dev/en/stable/userguide/workers.html). If you are using [Gravity](https://github.com/galaxyproject/gravity) it will simplify the process of setting up Celery workers.

lib/galaxy/authnz/custos_authnz.py

+12 −4
Original line number Diff line number Diff line
@@ -122,11 +122,19 @@ class OIDCAuthnzBase(IdentityProvider): 
            return False

        if not custos_authnz_token.refresh_token:

            return False



        # Try to extract expiration date from the refresh token. If expired, do not refresh token.

        try:

            refresh_token_decoded = self._decode_token_no_signature(custos_authnz_token.refresh_token)

            # do not attempt to use refresh token that is already expired

            if int(refresh_token_decoded["exp"]) <= int(time.time()):

                # in the future we might want to log out the user here

                return False

        except jwt.exceptions.DecodeError:

            log.warning("Refresh token cannot be decoded. Galaxy does not support non-decodable refresh tokens.")

            # If the refresh token is non-decodable, we do not use it because we cannot reliably determine its expiration date. See discussion in https://github.com/galaxyproject/galaxy/pull/20821

            return False



        oauth2_session = self._create_oauth2_session()

        token_endpoint = self.config.token_endpoint

        if self.config.iam_client_secret:

lib/galaxy/managers/users.py

+4 −2
Original line number Diff line number Diff line
@@ -238,10 +238,12 @@ class UserManager(base.ModelManager, deletable.PurgableManagerMixin): 
        for role in user.all_roles():

            if self.app.config.redact_username_during_deletion:

                role.name = role.name.replace(user.username, uname_hash)

                if role.description:

                    role.description = role.description.replace(user.username, uname_hash)



            if self.app.config.redact_email_during_deletion:

                role.name = role.name.replace(user.email, email_hash)

                if role.description:

                    role.description = role.description.replace(user.email, email_hash)

            self.session().add(role)

        private_role.name = email_hash