Ben Darnell [Mon, 19 Jun 2023 19:28:45 +0000 (15:28 -0400)]
asyncio_test: Use inequality when checking thread leaks
Sometimes we have a net reduction in the thread count
because there was an extra thread running at the time captured
the starting count, so use inequality instead of exact matches.
Ben Darnell [Wed, 17 May 2023 00:57:50 +0000 (20:57 -0400)]
asyncio: Manage the selector thread with an async generator
Async generators have a special shutdown protocol which allows
us to detect the end of the event loop and stop our thread.
This lets us clean up the thread reliably when the event loop
is started/stopped via the tornado IOLoop interfaces (which
explicitly know about the selector thread), or when the
latest asyncio interfaces are used (asyncio.run or manually
calling shutdown_asyncgens).
The thread is still leaked when older versions of the asyncio
interfaces are used (loop.close *without* shutdown_asyncgens), but
I've been unable to find a solution that does not print leak warnings
even in the event of a clean shutdown. Use of shutdown_asyncgens is
now effectively required for apps combining asyncio and tornado.
This is unfortunate since leaking a thread is relatively expensive
compared to the usual consequences of failing to call
shutdown_asyncgens, but it seems to be the best we can do.
Ben Darnell [Mon, 15 May 2023 01:03:52 +0000 (21:03 -0400)]
gen: Hold strong references to all asyncio.Tasks
Per the warning in the asyncio documentation, we need to hold a strong
reference to all asyncio Tasks to prevent premature GC. Following
discussions in cpython (https://github.com/python/cpython/issues/91887),
we hold these references on the IOLoop instance to ensure that they are
strongly held but do not cause leaks if the event loop itself is
discarded.
This is expected to fix all of the various "task was destroyed but
it is pending" warnings that have been reported. The
IOLoop._pending_tasks set is expected to become obsolete if
corresponding changes are made to asyncio in Python 3.13.
Fixes #3209
Fixes #3047
Fixes #2763
Some issues involve this warning as their most visible symptom,
but have an underlying cause that should still be addressed.
Updates #2914
Updates #2356
Ben Darnell [Sun, 14 May 2023 00:58:52 +0000 (20:58 -0400)]
web: Fix an open redirect in StaticFileHandler
Under some configurations the default_filename redirect could be exploited
to redirect to an attacker-controlled site. This change refuses to redirect
to URLs that could be misinterpreted.
A test case for the specific vulnerable configuration will follow after the
patch has been available.
Ben Darnell [Sun, 7 May 2023 21:03:33 +0000 (17:03 -0400)]
websocket: Add warning if client connection isn't closed cleanly
This gives a warning that is not dependent on GC for the issue
in #3257. This new warning covers all websocket client connections,
while the previous GC-dependent warning only affected those with
ping_interval set. This unfortunately introduces an effective
requirement to close all websocket clients explicitly for those
who are strict about warnings.
Ben Darnell [Wed, 3 May 2023 16:46:28 +0000 (12:46 -0400)]
setup: Include tox.ini in sdist
Also remove the demos directory from sdist. This inclusion was incomplete
and even if it were incomplete I don't think the sdist is a great way to
distribute these demos.
Ben Darnell [Tue, 2 May 2023 16:54:20 +0000 (12:54 -0400)]
ioloop: Deprecate add_callback_from_signal
I don't believe this method is currently working as intended, and I'm
not sure it ever has since the move to asyncio. I think this is
responsible for occasional test failures in CI.
Ben Darnell [Mon, 1 May 2023 21:10:27 +0000 (17:10 -0400)]
test: Streamline test configurations
- LANG tests were no longer having the intended effect because C locales
now default to utf8 instead of ascii. There's a new warning we can turn
on with an env var instead. (after cleaing up some tests)
- The tox install_command issue was reverted in tox 1.9
- Python now guarantees that __file__ is absolute
- Remove some obsolete warning manipulations
Ben Darnell [Sun, 23 Apr 2023 19:15:05 +0000 (15:15 -0400)]
test: Close a websocket client that causes occasional test failures
These failures occur on the build.yml workflow on the emulated arm64
platform: an ill-timed timer firing during test shutdown can result
in a message being logged and the test failing for dirty logs.
Ben Darnell [Sun, 9 Apr 2023 21:31:38 +0000 (21:31 +0000)]
ci: Update build workflow
Build wheels for Python 3.12 as well.
Update various dependencies. The upload/download artifact actions
were using deprecated versions, and we were using a deprecated
macos build image. While we're at it, update the other OS versions
and cibuildwheel.
Ben Darnell [Sat, 8 Apr 2023 19:42:05 +0000 (19:42 +0000)]
typing: Eagerly import all submodules in __init__.pyi
This makes the auto-import functionality compatible with mypy
and other typing-based tools such as autocomplete functionality.
Excluding these imports from static typing feels like a premature
optimization and made it much less appealing to make use of the
auto-imports.
This may slow down type checking of applications that use Tornado by
a little, since the type checker must now process all of Tornado and
not only the subset that was imported. However, the increasing use
of long-lived daemons for type checkers should mitigate this cost.
Ben Darnell [Wed, 15 Feb 2023 21:23:32 +0000 (21:23 +0000)]
wsgi: Set multithread flag correctly
Required making WSGIContainer.environ() an instance method.
This is technically a backwards-incompatible change to a documented
method but it was never really meant to be documented and seems
unlikely to be used.
Ben Darnell [Wed, 8 Feb 2023 20:12:47 +0000 (20:12 +0000)]
asyncio: Remove obsolete code
AsyncioLoop.start() used to save, set, and restore the thread-local
event loop. This avoided some edge cases in early versions of asyncio;
this appears to no longer be necessary since Python 3.7 introduced
the get_running_loop() method.
Removing this logic improves compatibility with Python 3.12, where
it is difficult if not impossible to do the same thing without
generating DeprecationWarnings.
Ben Darnell [Sat, 28 Jan 2023 19:10:16 +0000 (19:10 +0000)]
web: List all set_cookie arguments instead of kwargs
Multiple arguments needed special cases anyway, so it's better to
just be explicit about what's supported.
set_signed_cookie still uses kwarg forwarding since we don't need
to worry about the special cases at this level and using
explicit arguments would involve duplicating defaults in multiple
places.
Ben Darnell [Mon, 23 Jan 2023 18:51:53 +0000 (18:51 +0000)]
web: Rename "secure_cookie" methods to "signed_cookie"
This more precisely states the kind of security that is provided, and
avoids confusion with the use of the word "secure" as a standard
cookie attribute and prefix.
Ben Darnell [Fri, 20 Jan 2023 20:05:50 +0000 (20:05 +0000)]
Update most deps
Sphinx is pinned to <6 because of a conflict with sphinx_rtd_theme
Tox is pinned to <4 because we're affected by some backwards-incompatible
renamings in the config file.
Ben Darnell [Fri, 20 Jan 2023 19:51:28 +0000 (19:51 +0000)]
Consolidate maint and docs requirements files
This division was just complicating things unnecessarily.
Also adopt pip-tools instead of doing it all by hand.
No pinned versions have been changed in this commit.