PyPI - cornflow - Versions diffs - 1.0.8a3__tar.gz → 1.0.10a1__tar.gz - Mend

cornflow 1.0.8a3tar.gz → 1.0.10a1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (181) hide show

{cornflow-1.0.8a3/cornflow.egg-info → cornflow-1.0.10a1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 1.2
 Name: cornflow
-Version: 1.0.8a3
+Version: 1.0.10a1
 Summary: Cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/cli/__init__.py RENAMED Viewed

@@ -3,6 +3,7 @@ init file to have this as a module
 """
 import click
 from cornflow.cli.actions import actions
 from cornflow.cli.config import config
 from cornflow.cli.migrations import migrations

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/cli/actions.py RENAMED Viewed

@@ -1,6 +1,5 @@
-import os
 import click
 from cornflow.cli.utils import get_app
 from cornflow.commands import register_actions_command
 from .arguments import verbose

cornflow-1.0.10a1/cornflow/cli/users.py ADDED Viewed

@@ -0,0 +1,77 @@
+import click
+from cornflow.cli.arguments import username, password, email, verbose
+from cornflow.cli.utils import get_app
+from cornflow.commands import create_user_with_role
+from cornflow.models import UserModel
+from cornflow.shared.authentication.auth import BIAuth
+from cornflow.shared.const import SERVICE_ROLE, VIEWER_ROLE
+from cornflow.shared.exceptions import (
+    ObjectDoesNotExist,
+    NoPermission,
+)
+@click.group(name="users", help="Commands to manage the users")
+def users():
+    pass
+@click.group(name="create", help="Create a user")
+def create():
+    pass
+users.add_command(create)
+@create.command(name="service", help="Create a service user")
+@username
+@password
+@email
+@verbose
+def create_service_user(username, password, email, verbose):
+    app = get_app()
+    with app.app_context():
+        create_user_with_role(
+            username, email, password, "service user", SERVICE_ROLE, verbose=verbose
+        )
+@create.command(name="viewer", help="Create a viewer user")
+@username
+@password
+@email
+@verbose
+def create_viewer_user(username, password, email, verbose):
+    app = get_app()
+    with app.app_context():
+        create_user_with_role(
+            username, email, password, "viewer user", VIEWER_ROLE, verbose=verbose
+        )
+@create.command(
+    name="token",
+    help="Creates a token for a user that is never going to expire. This token can only be used on BI endpoints",
+)
+@click.option(
+    "--idx", "-i", type=int, help="The id of the user to generate the token for"
+)
+@username
+@password
+def create_unexpiring_token(idx, username, password):
+    app = get_app()
+    with app.app_context():
+        user = UserModel.get_one_object(id=idx)
+        asking_user = UserModel.get_one_user_by_username(username)
+        if not asking_user.check_hash(password) or not asking_user.is_service_user():
+            raise NoPermission("The asking user has no permissions to generate tokens")
+        if not user:
+            raise ObjectDoesNotExist("User does not exist")
+        token = BIAuth.generate_token(idx)
+        click.echo(token)
+        return True

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/config.py RENAMED Viewed

@@ -6,7 +6,8 @@ from apispec.ext.marshmallow import MarshmallowPlugin
 class DefaultConfig(object):
     SERVICE_NAME = os.getenv("SERVICE_NAME", "Cornflow")
-    SECRET_KEY = os.getenv("SECRET_KEY")
+    SECRET_TOKEN_KEY = os.getenv("SECRET_KEY")
+    SECRET_BI_KEY = os.getenv("SECRET_BI_KEY")
     SQLALCHEMY_DATABASE_URI = os.getenv("DATABASE_URL", "sqlite:///cornflow.db")
     AIRFLOW_URL = os.getenv("AIRFLOW_URL")
     AIRFLOW_USER = os.getenv("AIRFLOW_USER")
@@ -91,7 +92,8 @@ class Testing(DefaultConfig):
     DEBUG = False
     TESTING = True
     PROPAGATE_EXCEPTIONS = True
-    SECRET_KEY = "TESTINGSECRETKEY"
+    SECRET_TOKEN_KEY = "TESTINGSECRETKEY"
+    SECRET_BI_KEY = "THISISANOTHERKEY"
     SQLALCHEMY_DATABASE_URI = os.getenv("DATABASE_URL", "sqlite:///cornflow_test.db")
     AIRFLOW_URL = os.getenv("AIRFLOW_URL", "http://localhost:8080")
     PRESERVE_CONTEXT_ON_EXCEPTION = False

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/shared/authentication/auth.py RENAMED Viewed

@@ -99,8 +99,7 @@ class Auth:
         if user_id is None:
             err = "The user id passed to generate the token is not valid."
             raise InvalidUsage(
-                err,
-                log_txt="Error while trying to generate token. " + err
+                err, log_txt="Error while trying to generate token. " + err
             )
         payload = {
@@ -109,7 +108,9 @@ class Auth:
             "sub": user_id,
         }
-        return jwt.encode(payload, current_app.config["SECRET_KEY"], algorithm="HS256")
+        return jwt.encode(
+            payload, current_app.config["SECRET_TOKEN_KEY"], algorithm="HS256"
+        )
     @staticmethod
     def decode_token(token: str = None) -> dict:
@@ -123,27 +124,26 @@ class Auth:
         if token is None:
             err = "The provided token is not valid."
             raise InvalidUsage(
-                err,
-                log_txt="Error while trying to decode token. " + err
+                err, log_txt="Error while trying to decode token. " + err
             )
         try:
             payload = jwt.decode(
-                token, current_app.config["SECRET_KEY"], algorithms="HS256"
+                token, current_app.config["SECRET_TOKEN_KEY"], algorithms="HS256"
             )
             return {"user_id": payload["sub"]}
         except jwt.ExpiredSignatureError:
             raise InvalidCredentials(
                 "The token has expired, please login again",
-                log_txt="Error while trying to decode token. The token has expired."
+                log_txt="Error while trying to decode token. The token has expired.",
             )
         except jwt.InvalidTokenError:
             raise InvalidCredentials(
                 "Invalid token, please try again with a new token",
-                log_txt="Error while trying to decode token. The token is invalid."
+                log_txt="Error while trying to decode token. The token is invalid.",
             )
     def validate_oid_token(
-            self, token: str, client_id: str, tenant_id: str, issuer: str, provider: int
+        self, token: str, client_id: str, tenant_id: str, issuer: str, provider: int
     ) -> dict:
         """
         This method takes a token issued by an OID provider, the relevant information about the OID provider
@@ -172,12 +172,12 @@ class Auth:
         except jwt.ExpiredSignatureError:
             raise InvalidCredentials(
                 "The token has expired, please login again",
-                log_txt="Error while trying to validate a token. The token has expired. "
+                log_txt="Error while trying to validate a token. The token has expired.",
             )
         except jwt.InvalidTokenError:
             raise InvalidCredentials(
                 "Invalid token, please try again with a new token",
-                log_txt="Error while trying to validate a token. The token is not valid. "
+                log_txt="Error while trying to validate a token. The token is not valid.",
             )
     @staticmethod
@@ -191,12 +191,14 @@ class Auth:
         :rtype: str
         """
         if headers is None:
-            raise InvalidUsage(log_txt="Error while trying to get a token from header. The header is invalid.")
+            raise InvalidUsage(
+                log_txt="Error while trying to get a token from header. The header is invalid."
+            )
         if "Authorization" not in headers:
             raise InvalidCredentials(
                 "Auth token is not available",
-                log_txt="Error while trying to get a token from header. The auth token is not available."
+                log_txt="Error while trying to get a token from header. The auth token is not available.",
             )
         auth_header = headers.get("Authorization")
         if not auth_header:
@@ -206,8 +208,7 @@ class Auth:
         except Exception as e:
             err = f"The authorization header has a bad syntax: {e}"
             raise InvalidCredentials(
-                err,
-                log_txt=f"Error while trying to get a token from header. " + err
+                err, log_txt=f"Error while trying to get a token from header. " + err
             )
     def get_user_from_header(self, headers: Headers = None) -> UserModel:
@@ -222,8 +223,7 @@ class Auth:
         if headers is None:
             err = "Headers are missing from the request. Authentication was not possible to perform."
             raise InvalidUsage(
-                err,
-                log_txt="Error while trying to get user from header. " + err
+                err, log_txt="Error while trying to get user from header. " + err
             )
         token = self.get_token_from_header(headers)
         data = self.decode_token(token)
@@ -232,8 +232,7 @@ class Auth:
         if user is None:
             err = "User does not exist, invalid token."
             raise ObjectDoesNotExist(
-                err,
-                log_txt="Error while trying to get user from header. " + err
+                err, log_txt="Error while trying to get user from header. " + err
             )
         return user
@@ -460,3 +459,57 @@ class Auth:
         kid = self._get_key_id(token)
         jwk = self._get_jwk(kid, tenant_id, provider)
         return self._rsa_pem_from_jwk(jwk)
+class BIAuth(Auth):
+    def __init__(self, user_model=UserModel):
+        super().__init__(user_model)
+    @staticmethod
+    def decode_token(token: str = None) -> dict:
+        """
+        Decodes a given JSON Web token and extracts the sub from it to give it back.
+        :param str token: the given JSON Web Token
+        :return: the sub field of the token as the user_id
+        :rtype: dict
+        """
+        if token is None:
+            err = "The provided token is not valid."
+            raise InvalidUsage(
+                err, log_txt="Error while trying to decode token. " + err
+            )
+        try:
+            payload = jwt.decode(
+                token, current_app.config["SECRET_BI_KEY"], algorithms="HS256"
+            )
+            return {"user_id": payload["sub"]}
+        except jwt.InvalidTokenError:
+            raise InvalidCredentials(
+                "Invalid token, please try again with a new token",
+                log_txt="Error while trying to decode token. The token is invalid.",
+            )
+    @staticmethod
+    def generate_token(user_id: int = None) -> str:
+        """
+        Generates a token given a user_id with a duration of one day
+        :param int user_id: user code to be encoded in the token to identify the user afterward.
+        :return: the generated token
+        :rtype: str
+        """
+        if user_id is None:
+            err = "The user id passed to generate the token is not valid."
+            raise InvalidUsage(
+                err, log_txt="Error while trying to generate token. " + err
+            )
+        payload = {
+            "iat": datetime.utcnow(),
+            "sub": user_id,
+        }
+        return jwt.encode(
+            payload, current_app.config["SECRET_BI_KEY"], algorithm="HS256"
+        )

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/shared/licenses.py RENAMED Viewed

@@ -65,6 +65,7 @@ def get_licenses_summary():
     :return: a list of dicts with library, license, version, author, description, home page and license text.
     """
     license_list = []
+    # TODO: pkg_resources.working_set is deprecated, find a better way to get the list of packages
     for pkg in sorted(pkg_resources.working_set, key=lambda x: str(x).lower()):
         license_list += [
             {

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/tests/custom_test_case.py RENAMED Viewed

@@ -101,7 +101,6 @@ class CustomTestCase(TestCase):
     @staticmethod
     def assign_role(user_id, role_id):
         if UserRoleModel.check_if_role_assigned(user_id, role_id):
             user_role = UserRoleModel.query.filter_by(
                 user_id=user_id, role_id=role_id
@@ -288,7 +287,6 @@ class CustomTestCase(TestCase):
         self.assertEqual(payload_to_check["solution"], row.json["solution"])
     def delete_row(self, url):
         response = self.client.delete(
             url, follow_redirects=True, headers=self.get_header_with_auth(self.token)
         )
@@ -733,7 +731,7 @@ class LoginTestCases:
             self.assertEqual(str, type(self.response.json["token"]))
             decoded_token = jwt.decode(
                 self.response.json["token"],
-                current_app.config["SECRET_KEY"],
+                current_app.config["SECRET_TOKEN_KEY"],
                 algorithms="HS256",
             )

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/tests/unit/test_cli.py RENAMED Viewed

@@ -2,17 +2,19 @@ import configparser
 import os
 from click.testing import CliRunner
+from flask_testing import TestCase
 from cornflow.app import create_app
 from cornflow.cli import cli
-from cornflow.models import UserModel
 from cornflow.models import (
     ActionModel,
     RoleModel,
     ViewModel,
     PermissionViewRoleModel,
 )
+from cornflow.models import UserModel
 from cornflow.shared import db
-from flask_testing import TestCase
+from cornflow.shared.exceptions import NoPermission, ObjectDoesNotExist
 class CLITests(TestCase):
@@ -208,6 +210,7 @@ class CLITests(TestCase):
     def test_service_user_command(self):
         runner = CliRunner()
+        self.test_roles_init_command()
         result = runner.invoke(
             cli,
             [
@@ -222,7 +225,144 @@ class CLITests(TestCase):
                 "test@test.org",
             ],
         )
-        self.assertEqual(result.exit_code, 1)
+        self.assertEqual(result.exit_code, 0)
         user = UserModel.get_one_user_by_email("test@test.org")
         self.assertEqual(user.username, "test")
         self.assertEqual(user.email, "test@test.org")
+        self.assertEqual(user.roles, {4: "service"})
+        self.assertTrue(user.is_service_user())
+    def test_viewer_user_command(self):
+        runner = CliRunner()
+        self.test_roles_init_command()
+        result = runner.invoke(
+            cli,
+            [
+                "users",
+                "create",
+                "viewer",
+                "-u",
+                "test",
+                "-p",
+                "testPassword1!",
+                "-e",
+                "test@test.org",
+            ],
+        )
+        self.assertEqual(result.exit_code, 0)
+        user = UserModel.get_one_user_by_email("test@test.org")
+        self.assertEqual(user.username, "test")
+        self.assertEqual(user.email, "test@test.org")
+        self.assertEqual(user.roles, {1: "viewer"})
+        self.assertFalse(user.is_service_user())
+    def test_generate_token(self):
+        runner = CliRunner()
+        self.test_roles_init_command()
+        result = runner.invoke(
+            cli,
+            [
+                "users",
+                "create",
+                "viewer",
+                "-u",
+                "viewer_user",
+                "-p",
+                "testPassword1!",
+                "-e",
+                "viewer@test.org",
+            ],
+        )
+        self.assertEqual(result.exit_code, 0)
+        user_id = UserModel.get_one_user_by_username("viewer_user").id
+        result = runner.invoke(
+            cli,
+            [
+                "users",
+                "create",
+                "service",
+                "-u",
+                "test",
+                "-p",
+                "testPassword1!",
+                "-e",
+                "test@test.org",
+            ],
+        )
+        self.assertEqual(result.exit_code, 0)
+        result = runner.invoke(
+            cli,
+            [
+                "users",
+                "create",
+                "token",
+                "-i",
+                user_id,
+                "-u",
+                "test",
+                "-p",
+                "testPassword1!",
+            ],
+        )
+        self.assertIn("ey", result.output)
+        result = runner.invoke(
+            cli,
+            [
+                "users",
+                "create",
+                "token",
+                "-i",
+                user_id,
+                "-u",
+                "test",
+                "-p",
+                "Otherpassword",
+            ],
+        )
+        self.assertEqual(result.exit_code, 1)
+        self.assertIsInstance(result.exception, NoPermission)
+        result = runner.invoke(
+            cli,
+            [
+                "users",
+                "create",
+                "token",
+                "-i",
+                user_id,
+                "-u",
+                "viewer_user",
+                "-p",
+                "testPassword1!",
+            ],
+        )
+        self.assertIsInstance(result.exception, NoPermission)
+        result = runner.invoke(
+            cli,
+            [
+                "users",
+                "create",
+                "token",
+                "-i",
+                100,
+                "-u",
+                "test",
+                "-p",
+                "testPassword1!",
+            ],
+        )
+        self.assertIsInstance(result.exception, ObjectDoesNotExist)

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/tests/unit/test_licenses.py RENAMED Viewed

@@ -11,9 +11,9 @@ class TestLicensesListEndpoint(CustomTestCase):
             requirements = content.split("\n")
         requirements = [
-            r.split("=")[0].split(">")[0].split("<")[0].lower()
+            r.split("=")[0].split(">")[0].split("<")[0].split("@")[0].lower()
             for r in requirements
-            if r != ""
+            if r != "" and not r.startswith("#")
         ]
         return requirements

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow/tests/unit/test_token.py RENAMED Viewed

@@ -1,16 +1,16 @@
 """
 Unit test for the token endpoint
 """
+import json
-# Import from libraries
 from flask import current_app
-import json
-# Import from internal modules
 from cornflow.models import UserModel
 from cornflow.shared import db
-from cornflow.tests.custom_test_case import CheckTokenTestCase
+from cornflow.shared.authentication.auth import BIAuth, Auth
+from cornflow.shared.exceptions import InvalidUsage
 from cornflow.tests.const import LOGIN_URL
+from cornflow.tests.custom_test_case import CheckTokenTestCase, CustomTestCase
 class TestCheckToken(CheckTokenTestCase.TokenEndpoint):
@@ -64,3 +64,34 @@ class TestCheckToken(CheckTokenTestCase.TokenEndpoint):
         self.get_check_token()
         self.assertEqual(200, self.response.status_code)
         self.assertEqual(0, self.response.json["valid"])
+class TestUnexpiringToken(CustomTestCase):
+    def test_token_unexpiring(self):
+        auth = BIAuth()
+        token = auth.generate_token(1)
+        response = auth.decode_token(token)
+        self.assertEqual(response, {"user_id": 1})
+        token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MDM1OTI1OTIsInN1YiI6MX0.Plvmi02FMfZOTn6bxArELEmDeyuP-2X794c5VtAFgCg"
+        response = auth.decode_token(token)
+        self.assertEqual(response, {"user_id": 1})
+    def test_user_not_valid(self):
+        auth = BIAuth()
+        self.assertRaises(InvalidUsage, auth.generate_token, None)
+        auth = Auth()
+        self.assertRaises(InvalidUsage, auth.generate_token, None)
+    def test_token_not_valid(self):
+        auth = BIAuth()
+        self.assertRaises(InvalidUsage, auth.decode_token, None)
+        token = ""
+        self.assertRaises(InvalidUsage, auth.decode_token, token)
+        auth = Auth()
+        self.assertRaises(InvalidUsage, auth.decode_token, None)

{cornflow-1.0.8a3 → cornflow-1.0.10a1/cornflow.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 1.2
 Name: cornflow
-Version: 1.0.8a3
+Version: 1.0.10a1
 Summary: Cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/cornflow.egg-info/requires.txt RENAMED Viewed

@@ -1,8 +1,8 @@
 alembic==1.9.2
 apispec<=6.2.0
 click<=8.1.3
-cornflow-client==1.0.16a2
-cryptography<=39.0.2
+cornflow-client<=1.0.16
+cryptography<=42.0.5
 disposable-email-domains>=0.0.86
 Flask==2.3.2
 flask-apispec<=0.11.4
@@ -14,7 +14,7 @@ Flask-Migrate<=4.0.4
 Flask-RESTful<=0.3.9
 Flask-SQLAlchemy==2.5.1
 gevent==23.9.1
-gunicorn<=20.1.0
+gunicorn<=22.0.0
 jsonpatch<=1.32
 ldap3<=2.9.1
 marshmallow<=3.19.0
@@ -22,10 +22,10 @@ PuLP<=2.7.0
 psycopg2<=2.95
 PyJWT<=2.6.0
 pytups>=0.86.2
-requests<=2.29.0
+requests<=2.31.0
 SQLAlchemy==1.3.21
 webargs<=8.2.0
-Werkzeug<=2.3.3
+Werkzeug<=2.3.8
 [:python_version < "3.11"]
 greenlet<=2.0.2

{cornflow-1.0.8a3 → cornflow-1.0.10a1}/setup.py RENAMED Viewed

@@ -9,7 +9,7 @@ with open("requirements.txt", "r") as fh:
 setuptools.setup(
     name="cornflow",
-    version="1.0.8a3",
+    version="1.0.10a1",
     author="baobab soluciones",
     author_email="cornflow@baobabsoluciones.es",
     description="Cornflow is an open source multi-solver optimization server with a REST API built using flask.",

cornflow-1.0.8a3/cornflow/cli/users.py DELETED Viewed

@@ -1,32 +0,0 @@
-import click
-from cornflow.cli.arguments import username, password, email, verbose
-from cornflow.cli.utils import get_app
-from cornflow.commands import create_user_with_role
-from cornflow.shared.const import SERVICE_ROLE
-@click.group(name="users", help="Commands to manage the users")
-def users():
-    pass
-@click.group(name="create", help="Create a user")
-def create():
-    pass
-users.add_command(create)
-@create.command(name="service", help="Create a service user")
-@username
-@password
-@email
-@verbose
-def create_service_user(username, password, email, verbose):
-    app = get_app()
-    with app.app_context():
-        create_user_with_role(
-            username, email, password, "service user", SERVICE_ROLE, verbose=verbose
-        )