openmrs-core icon indicating copy to clipboard operation
openmrs-core copied to clipboard
verified publisher icon openmrs

TRUNK-6380: Use Daemon to authenticate task instead of scheduler.username and scheduler.password

Open IamMujuziMoses opened this issue 5 months ago • 4 comments

Issue I worked on

see https://issues.openmrs.org/browse/TRUNK-6380

Checklist: I completed these to help reviewers :)

  • [x] My IDE is configured to follow the code style of this project.

    No? Unsure? -> configure your IDE, format the code and add the changes with git add . && git commit --amend

  • [x] I have added tests to cover my changes. (If you refactored existing code that was well tested you do not have to add tests)

    No? -> write tests and add them to this commit git add . && git commit --amend

  • [x] I ran mvn clean package right before creating this pull request and added all formatting changes to my commit.

    No? -> execute above command

  • [x] All new and existing tests passed.

    No? -> figure out why and add the fix to your commit. It is your responsibility to make sure your code works.

  • [ ] My pull request is based on the latest changes of the master branch.

    No? Unsure? -> execute command git pull --rebase upstream master

IamMujuziMoses avatar Jul 25 '25 11:07 IamMujuziMoses

@dkayiwa @ibacher @rkorytkowski could you please review this PR, your feedback will be appreciated.

IamMujuziMoses avatar Jul 25 '25 12:07 IamMujuziMoses

If this only addresses something in the Address Hierarchy module, then we should just fix it there. Modules can mark their activator as "DaemonTokenAware" to get a valid token for running tasks using the Daemon. Honestly, though, it doesn't even look like the authenticate() method there is used, so we should just be able to remove that method. I don't think this requires any changes to the Daemon class itself.

ibacher avatar Jul 25 '25 19:07 ibacher

If this only addresses something in the Address Hierarchy module, then we should just fix it there. Modules can mark their activator as "DaemonTokenAware" to get a valid token for running tasks using the Daemon. Honestly, though, it doesn't even look like the authenticate() method there is used, so we should just be able to remove that method. I don't think this requires any changes to the Daemon class itself.

As I indicated on the ticket, this was originally something ticketed in addresshierarchy and it was moved into core. I remain unclear about what core feature needs to change. I don't really understand what this PR aims to accomplish. @IamMujuziMoses - can you explain a bit more as to what issue this fixes?

There are many examples of modules that have successfully switched from using the scheduler.username/password properties to using Daemon to accomplish their tasks without requiring specific user authentication. I would say almost all modules have been fixed to do this, most nearly a decade ago. We just have a few straggler modules where this wasn't done.

Maybe I am missing the issue - if so let's please lay out what core currently does not do correctly that we are aiming to change. Otherwise, let's close this PR and move the ticket back into the addresshierarchy module where (I think) it still belongs?

mseaton avatar Jul 26 '25 14:07 mseaton

@mseaton This is about changing openmrs-core and modules to use Daemon to authenticate tasks, instead of scheduler.username and scheduler.password

IamMujuziMoses avatar Jul 27 '25 09:07 IamMujuziMoses