fix login bug

fixes #94 (closed)

It looks like there was an update to FastAPI recently (0.95.0 -> 0.95.2), and this updated Starlette to version 0.27.0. This was causing an error where we do a string find to determine if the application is being accessed locally. My guess is that the updated method request.url_for("authorize") now returns a non-string. This casts the type as a string before the comparison.

I am not a python developer, if you know of a better check then I can update the MR.

added Bug label

requested review from @erigler

assigned to @ehunter

changed the description

I approve. Just a note for the future:

• @lsachuk and I investigated the changes to Starlette that caused this issue
• there was a Trivy security warning that motivated an update of Starlette from v0.25 to v0.27 (which triggered an update to FastAPI)
• confusingly, this security fix was NOT the root cause of this issue, but rather a small change made in Starlette v0.26 was
• there is a long discussion in the Starlette PR linked above about this breaking change; ultimately they decided to introduce it in the name of a cleaner API, and justified doing this with little warning based on Starlette being <v1.0.0 (seems fishy given that Starlette has been around a while, and is used extensively in production environments, but there you go)
• we (geomag-algorithms project) should consider a more extensive merge request in the future that fully exploits this change in the Starlette API, but, for now, I approve this simple fix submitted by @ehunter.

Yeah I was surprised that there was a breaking change in a minor version increment (for Starlette), glad you were aware of this discussion in the project.

approved this merge request

mentioned in commit eed93099

merged