From 85ec1abd444c27510b50f189a6e88e097943180f Mon Sep 17 00:00:00 2001
From: Jonas Hagberg <jonas.hagberg@nbis.se>
Date: Tue, 23 May 2023 15:35:49 +0200
Subject: [PATCH 1/4] Hotfix boto3 now need ssl and verify to work in
 production

---
 app/requirements.txt | 2 +-
 app/utils/s3.py      | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/app/requirements.txt b/app/requirements.txt
index 828e3d5d..867a7f5d 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -1,6 +1,6 @@
 APScheduler==3.10.0
 boto3==1.26.79
-botocore==1.29.79
+botocore==1.29.138
 cryptography==39.0.1
 endesive==2.0.9
 Flask_Caching==2.0.2
diff --git a/app/utils/s3.py b/app/utils/s3.py
index 06e1a2d1..01954bac 100644
--- a/app/utils/s3.py
+++ b/app/utils/s3.py
@@ -22,6 +22,7 @@ def __init__(
         secret_key,
         access_key,
         verify,
+        use_ssl,
         cert,
         private_key,
     ):  # pylint: disable=too-many-arguments
@@ -40,6 +41,8 @@ def __init__(
         self.secret_key = secret_key
         assert isinstance(verify, (bool, Path))
         self.verify = verify
+        assert isinstance(use_ssl, (bool, Path))
+        self.use_ssl = use_ssl
         assert isinstance(cert, (Path, type(None)))
         self.cert = cert
         assert isinstance(private_key, (Path, type(None)))
@@ -49,11 +52,8 @@ def __init__(
             "connect_timeout": 40,
         }
 
-        use_ssl = False
-
         if cert and private_key:
             config_params["client_cert"] = (cert, private_key)
-            use_ssl = True
 
         config = botocore.client.Config(**config_params)
         self.s3_client = boto3.client(
@@ -148,6 +148,7 @@ def get_s3_client():
         secret_key=settings.s3.secret_key,
         access_key=settings.s3.access_key,
         verify=settings.s3.verify,
+        use_ssl=settings.s3.use_ssl,
         cert=settings.s3.cert,
         private_key=settings.s3.private_key,
     )

From d8b1dbf37ecbf7ca36fada978188567c5b929822 Mon Sep 17 00:00:00 2001
From: Jonas Hagberg <jonas.hagberg@nbis.se>
Date: Tue, 23 May 2023 15:44:46 +0200
Subject: [PATCH 2/4] Update settings

---
 app/utils/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/utils/settings.py b/app/utils/settings.py
index 475b7825..a791a83b 100644
--- a/app/utils/settings.py
+++ b/app/utils/settings.py
@@ -39,5 +39,6 @@
 s3.secret_key = os.environ.get("S3_SECRETKEY", "secretkeytest")
 s3.access_key = os.environ.get("S3_ACCESSKEY", "accesskeytest")
 s3.verify = json.loads(os.environ.get("S3_VERIFY", "True").lower())
+s3.use_ssl = json.loads(os.environ.get("S3_USESSL", "True").lower())
 s3.cert = None
 s3.private_key = None

From 9235032bcfaba56cc72055216e76e0bf19015dc7 Mon Sep 17 00:00:00 2001
From: Jonas Hagberg <jonas.hagberg@nbis.se>
Date: Tue, 23 May 2023 16:00:11 +0200
Subject: [PATCH 3/4] Update security fix

---
 app/requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/requirements.txt b/app/requirements.txt
index 867a7f5d..3f140217 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -7,7 +7,7 @@ Flask_Caching==2.0.2
 flask_dance==6.2.0
 Flask_Login==0.6.2
 Flask-Session2
-Flask==2.2.3
+Flask==2.2.5
 google-auth
 moto==4.1.3
 pdfrw2==0.5.0
@@ -18,4 +18,4 @@ pyOpenSSL==23.0.0
 qrcode==7.4.2
 requests
 setuptools==65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
-Werkzeug==2.2.3
+Werkzeug==2.3.4

From af69a5833e63b96048ef4577fe37ba8eb9ffb86e Mon Sep 17 00:00:00 2001
From: Jonas Hagberg <jonas.hagberg@nbis.se>
Date: Tue, 23 May 2023 16:04:26 +0200
Subject: [PATCH 4/4] Update requirements.txt

---
 app/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/requirements.txt b/app/requirements.txt
index 8a8cd74d..9edf3baf 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -7,7 +7,7 @@ Flask_Caching==2.0.2
 flask_dance==6.2.0
 Flask_Login==0.6.2
 Flask-Session2
-Flask==2.3.5
+Flask==2.2.5
 google-auth
 moto==4.1.3
 pdfrw2==0.5.0