Sentry: include extra user information

We perform authentication of the user while handling the request,
but Sentry calls get_user_info() in a before-request handler. This means
that Sentry would miss user info in many cases. This fixes that.

pillar/api/utils/authentication.py

@@ -155,7 +155,7 @@ def validate_this_token(token, oauth_subclient=None):
     :rtype: dict
     """
 
-    from pillar.auth import UserClass, AnonymousUser
+    from pillar.auth import UserClass, AnonymousUser, user_authenticated
 
     g.current_user = None
     _delete_expired_tokens()
@@ -183,6 +183,7 @@ def validate_this_token(token, oauth_subclient=None):
         return None
 
     g.current_user = UserClass.construct(token, db_user)
+    user_authenticated.send(None)
 
     return db_user
 

pillar/auth/__init__.py

@@ -4,14 +4,15 @@ import collections
 import logging
 import typing
 
+import blinker
+import bson
 from flask import session, g
 import flask_login
 from werkzeug.local import LocalProxy
 
 from pillar import current_app
 
-import bson
+user_authenticated = blinker.Signal('Sent whenever a user was authenticated')
-
 log = logging.getLogger(__name__)
 
 # Mapping from user role to capabilities obtained by users with that role.
@@ -211,6 +212,7 @@ def login_user(oauth_token: str, *, load_from_db=False):
         user = UserClass(oauth_token)
     flask_login.login_user(user, remember=True)
     g.current_user = user
+    user_authenticated.send(None)
 
 
 def logout_user():

pillar/sentry_extra.py

@@ -11,6 +11,20 @@ class PillarSentry(Sentry):
     and for preventing the auth tokens to be logged as user ID.
     """
 
+    def init_app(self, app, *args, **kwargs):
+        super().init_app(app, *args, **kwargs)
+
+        # We perform authentication of the user while handling the request,
+        # so Sentry calls get_user_info() too early.
+
+    def get_user_context_again(self, ):
+        from flask import request
+
+        try:
+            self.client.user_context(self.get_user_info(request))
+        except Exception as e:
+            self.client.logger.exception(str(e))
+
     def get_user_info(self, request):
         user_info = super().get_user_info(request)