cornflow 1.2.0a1__py3-none-any.whl → 1.2.0a3__py3-none-any.whl

cornflow/models/user.py

@@ -1,10 +1,11 @@
 """
 This file contains the UserModel
 """
+
 # Imports from external libraries
 import random
 import string
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 
 # Imports from internal modules
 from cornflow.models.meta_models import TraceAttributesModel
@@ -55,9 +56,7 @@ class UserModel(TraceAttributesModel):
     pwd_last_change = db.Column(db.DateTime, nullable=True)
     email = db.Column(db.String(128), nullable=False, unique=True)
 
-    user_roles = db.relationship(
-        "UserRoleModel", cascade="all,delete", backref="users"
-    )
+    user_roles = db.relationship("UserRoleModel", cascade="all,delete", backref="users")
 
     instances = db.relationship(
         "InstanceModel",
@@ -95,15 +94,14 @@ class UserModel(TraceAttributesModel):
         self.first_name = data.get("first_name")
         self.last_name = data.get("last_name")
         self.username = data.get("username")
-        self.pwd_last_change = datetime.utcnow()
+        self.pwd_last_change = datetime.now(timezone.utc)
         # TODO: handle better None passwords that can be found when using ldap
         check_pass, msg = check_password_pattern(data.get("password"))
         if check_pass:
             self.password = self.__generate_hash(data.get("password"))
         else:
             raise InvalidCredentials(
-                msg,
-                log_txt="Error while trying to create a new user. " + msg
+                msg, log_txt="Error while trying to create a new user. " + msg
             )
 
         check_email, msg = check_email_pattern(data.get("email"))
@@ -111,8 +109,7 @@ class UserModel(TraceAttributesModel):
             self.email = data.get("email")
         else:
             raise InvalidCredentials(
-                msg,
-                log_txt="Error while trying to create a new user. " + msg
+                msg, log_txt="Error while trying to create a new user. " + msg
             )
 
     def update(self, data):
@@ -126,7 +123,7 @@ class UserModel(TraceAttributesModel):
         if new_password:
             new_password = self.__generate_hash(new_password)
             data["password"] = new_password
-            data["pwd_last_change"] = datetime.utcnow()
+            data["pwd_last_change"] = datetime.now(timezone.utc)
         super().update(data)
 
     def comes_from_external_provider(self):

cornflow/schemas/alarms.py

@@ -1,6 +1,7 @@
 """
 This file contains the schemas used for the table alarms defined in the application None
 """
+
 from marshmallow import fields, Schema
 
 
@@ -18,3 +19,10 @@ class AlarmsResponse(AlarmsPostRequest):
 class QueryFiltersAlarms(Schema):
     schema = fields.Str(required=False)
     criticality = fields.Number(required=False)
+
+
+class AlarmEditRequest(Schema):
+    name = fields.Str(required=False)
+    criticality = fields.Number(required=False)
+    description = fields.Str(required=False)
+    schema = fields.Str(required=False)

cornflow/schemas/query.py

@@ -1,13 +1,14 @@
 """
 This file contains the schemas used to query the results of a GET request
 """
+
 from marshmallow import fields, Schema
 
 
 class BaseQueryFilters(Schema):
     """This is the schema of the base query arguments"""
 
-    limit = fields.Int(required=False, dump_default=20)
+    limit = fields.Int(required=False, dump_default=10)
     offset = fields.Int(required=False, dump_default=0)
     creation_date_gte = fields.DateTime(required=False)
     creation_date_lte = fields.DateTime(required=False)

cornflow/schemas/user.py

@@ -27,7 +27,7 @@ class UserEndpointResponse(Schema):
     last_name = fields.Str()
     email = fields.Str()
     created_at = fields.Str()
-    pwd_last_change = fields.Str()
+    pwd_last_change = fields.DateTime()
 
 
 class UserDetailsEndpointResponse(Schema):
@@ -36,7 +36,7 @@ class UserDetailsEndpointResponse(Schema):
     last_name = fields.Str()
     username = fields.Str()
     email = fields.Str()
-    pwd_last_change = fields.Str()
+    pwd_last_change = fields.DateTime()
 
 
 class TokenEndpointResponse(Schema):
@@ -53,7 +53,6 @@ class UserEditRequest(Schema):
     last_name = fields.Str(required=False)
     email = fields.Str(required=False)
     password = fields.Str(required=False)
-    pwd_last_change = fields.DateTime(required=False)
 
 
 class LoginEndpointRequest(Schema):

cornflow/shared/authentication/auth.py

@@ -6,7 +6,7 @@ This file contains the auth class that can be used for authentication on the req
 import jwt
 import requests
 from jwt.algorithms import RSAAlgorithm
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from flask import request, g, current_app, Request
 from functools import wraps
 from typing import Tuple
@@ -107,9 +107,9 @@ class Auth:
             )
 
         payload = {
-            "exp": datetime.utcnow()
+            "exp": datetime.now(timezone.utc)
             + timedelta(hours=float(current_app.config["TOKEN_DURATION"])),
-            "iat": datetime.utcnow(),
+            "iat": datetime.now(timezone.utc),
             "sub": user.username,
             "iss": INTERNAL_TOKEN_ISSUER,
         }
@@ -128,9 +128,9 @@ class Auth:
         :return: dictionary containing the username from the token's sub claim
         :rtype: dict
         """
-        print("[decode_token] Starting token decode")
+
         if token is None:
-            print("[decode_token] Token is None")
+
             raise InvalidCredentials(
                 "Must provide a token in Authorization header",
                 log_txt="Error while trying to decode token. Token is missing.",
@@ -139,31 +139,28 @@ class Auth:
 
         try:
             # First try to decode header to validate basic token structure
-            print("[decode_token] Decoding unverified header")
+
             unverified_payload = jwt.decode(token, options={"verify_signature": False})
             issuer = unverified_payload.get("iss")
-            print(f"[decode_token] Token issuer: {issuer}")
 
             # For internal tokens
             if issuer == INTERNAL_TOKEN_ISSUER:
-                print("[decode_token] Processing internal token")
-                payload = jwt.decode(
+
+                return jwt.decode(
                     token, current_app.config["SECRET_TOKEN_KEY"], algorithms="HS256"
                 )
-                return {"username": payload["sub"]}
 
             # For OpenID tokens
             if current_app.config["AUTH_TYPE"] == AUTH_OID:
-                print("[decode_token] Processing OpenID token")
-                decoded = Auth().verify_token(
+
+                return Auth().verify_token(
                     token,
                     current_app.config["OID_PROVIDER"],
                     current_app.config["OID_EXPECTED_AUDIENCE"],
                 )
-                return {"username": decoded["sub"]}
 
             # If we get here, the issuer is not valid
-            print(f"[decode_token] Invalid issuer: {issuer}")
+
             raise InvalidCredentials(
                 "Invalid token issuer. Token must be issued by a valid provider",
                 log_txt="Error while trying to decode token. Invalid issuer.",
@@ -171,14 +168,14 @@ class Auth:
             )
 
         except jwt.ExpiredSignatureError:
-            print("[decode_token] Caught ExpiredSignatureError")
+
             raise InvalidCredentials(
                 "The token has expired, please login again",
                 log_txt="Error while trying to decode token. The token has expired.",
                 status_code=400,
             )
         except jwt.InvalidTokenError as e:
-            print("[decode_token] Caught InvalidTokenError")
+
             raise InvalidCredentials(
                 "Invalid token format or signature",
                 log_txt=f"Error while trying to decode token. The token format is invalid: {str(e)}",
@@ -251,7 +248,7 @@ class Auth:
         token = self.get_token_from_header(headers)
         data = self.decode_token(token)
 
-        user = self.user_model.get_one_object(username=data["username"])
+        user = self.user_model.get_one_object(username=data["sub"])
 
         if user is None:
             err = "User not found. Please ensure you are using valid credentials"
@@ -306,15 +303,13 @@ class Auth:
         :return: The decoded token claims
         :rtype: dict
         """
-        print("[verify_token] Starting token verification")
+
         # Get unverified header - this will raise jwt.InvalidTokenError if token format is invalid
-        print("[verify_token] Getting unverified header")
         unverified_header = jwt.get_unverified_header(token)
-        print(f"[verify_token] Unverified header: {unverified_header}")
 
         # Check for kid in header
         if "kid" not in unverified_header:
-            print("[verify_token] Missing kid in header")
+
             raise InvalidCredentials(
                 "Invalid token: Missing key identifier (kid) in token header",
                 log_txt="Error while verifying token. Token header is missing 'kid'.",
@@ -322,32 +317,24 @@ class Auth:
             )
 
         kid = unverified_header["kid"]
-        print(f"[verify_token] Found kid: {kid}")
 
         # Check if we have the keys in cache and if the kid exists
-        print("[verify_token] Checking cache for public keys")
         public_key = None
         if provider_url in public_keys_cache:
-            print(f"[verify_token] Found keys in cache for {provider_url}")
             cached_keys = public_keys_cache[provider_url]
             if kid in cached_keys:
-                print("[verify_token] Found matching kid in cached keys")
                 public_key = cached_keys[kid]
 
         # If kid not in cache, fetch fresh keys
         if public_key is None:
-            print("[verify_token] Public key not found in cache, fetching fresh keys")
             public_keys = self.get_public_keys(provider_url)
             if kid not in public_keys:
-                print(f"[verify_token] Kid {kid} not found in fresh public keys")
-                print("[verify_token] About to raise InvalidCredentials")
                 raise InvalidCredentials(
                     "Invalid token: Unknown key identifier (kid)",
                     log_txt="Error while verifying token. Key ID not found in public keys.",
                     status_code=400,
                 )
             public_key = public_keys[kid]
-            print("[verify_token] Found public key in fresh keys")
 
         # Verify token - this will raise appropriate jwt exceptions that will be caught in decode_token
         return jwt.decode(
@@ -425,16 +412,11 @@ class BIAuth(Auth):
         :return: dictionary containing the username from the token's sub claim
         :rtype: dict
         """
-        if token is None:
-            err = "The provided token is not valid."
-            raise InvalidUsage(
-                err, log_txt="Error while trying to decode token. " + err
-            )
         try:
-            payload = jwt.decode(
+            return jwt.decode(
                 token, current_app.config["SECRET_BI_KEY"], algorithms="HS256"
             )
-            return {"username": payload["sub"]}
+
         except jwt.InvalidTokenError:
             raise InvalidCredentials(
                 "Invalid token, please try again with a new token",
@@ -466,9 +448,7 @@ class BIAuth(Auth):
             )
 
         payload = {
-            "exp": datetime.utcnow()
-            + timedelta(hours=float(current_app.config["TOKEN_DURATION"])),
-            "iat": datetime.utcnow(),
+            "iat": datetime.now(timezone.utc),
             "sub": user.username,
             "iss": INTERNAL_TOKEN_ISSUER,
         }

cornflow/tests/const.py

@@ -9,6 +9,7 @@ def _get_file(relative_path):
 
 PREFIX = ""
 INSTANCE_PATH = _get_file("./data/new_instance.json")
+EMPTY_INSTANCE_PATH = _get_file("./data/empty_instance.json")
 INSTANCES_LIST = [INSTANCE_PATH, _get_file("./data/new_instance_2.json")]
 INSTANCE_URL = PREFIX + "/instance/"
 INSTANCE_MPS = _get_file("./data/test_mps.mps")

cornflow/tests/custom_test_case.py

@@ -14,16 +14,16 @@ LoginTestCases
     Test cases for login functionality
 """
 
+import json
+
 # Import from libraries
 import logging as log
-from datetime import datetime, timedelta
-
+from datetime import datetime, timedelta, timezone
 from typing import List
 
+import jwt
 from flask import current_app
 from flask_testing import TestCase
-import json
-import jwt
 
 # Import from internal modules
 from cornflow.app import create_app
@@ -31,8 +31,15 @@ from cornflow.models import UserRoleModel, UserModel
 from cornflow.commands.access import access_init_command
 from cornflow.commands.dag import register_deployed_dags_command_test
 from cornflow.commands.permissions import register_dag_permissions_command
+from cornflow.models import UserRoleModel
+from cornflow.shared import db
 from cornflow.shared.authentication import Auth
-from cornflow.shared.const import ADMIN_ROLE, PLANNER_ROLE, SERVICE_ROLE, INTERNAL_TOKEN_ISSUER
+from cornflow.shared.const import (
+    ADMIN_ROLE,
+    PLANNER_ROLE,
+    SERVICE_ROLE,
+    INTERNAL_TOKEN_ISSUER,
+)
 from cornflow.shared import db
 from cornflow.tests.const import (
     LOGIN_URL,
@@ -122,7 +129,7 @@ class CustomTestCase(TestCase):
         ).json["token"]
 
         data = Auth().decode_token(self.token)
-        self.user = UserModel.get_one_object(username=data["username"])
+        self.user = UserModel.get_one_object(username=data["sub"])
         self.url = None
         self.model = None
         self.copied_items = set()
@@ -588,6 +595,14 @@ class BaseTestCases:
             allrows = self.get_rows(self.url, data_many)
             self.apply_filter(self.url, dict(limit=1), [allrows.json[0]])
 
+        def test_opt_filters_limit_none(self):
+            """
+            Tests the limit filter option
+            """
+            data_many = [self.payload for _ in range(4)]
+            allrows = self.get_rows(self.url, data_many)
+            self.apply_filter(self.url, dict(limit=None), allrows.json)
+
         def test_opt_filters_offset(self):
             """
             Tests the offset filter option.
@@ -597,6 +612,22 @@ class BaseTestCases:
             allrows = self.get_rows(self.url, data_many)
             self.apply_filter(self.url, dict(offset=1, limit=2), allrows.json[1:3])
 
+        def test_opt_filters_offset_zero(self):
+            """
+            Tests the offset filter option with a zero value.
+            """
+            data_many = [self.payload for _ in range(4)]
+            allrows = self.get_rows(self.url, data_many)
+            self.apply_filter(self.url, dict(offset=0), allrows.json)
+
+        def test_opt_filters_offset_none(self):
+            """
+            Tests the offset filter option with a None value.
+            """
+            data_many = [self.payload for _ in range(4)]
+            allrows = self.get_rows(self.url, data_many)
+            self.apply_filter(self.url, dict(offset=None), allrows.json)
+
         def test_opt_filters_schema(self):
             """
             Tests the schema filter option.
@@ -1005,7 +1036,7 @@ class LoginTestCases:
             expired_token = jwt.encode(
                 expired_payload,
                 current_app.config["SECRET_TOKEN_KEY"],
-                algorithm="HS256"
+                algorithm="HS256",
             )
 
             # Try to use the expired token
@@ -1020,8 +1051,7 @@ class LoginTestCases:
 
             self.assertEqual(400, response.status_code)
             self.assertEqual(
-                "The token has expired, please login again",
-                response.json["error"]
+                "The token has expired, please login again", response.json["error"]
             )
 
         def test_bad_format_token(self):
@@ -1072,7 +1102,7 @@ class LoginTestCases:
             invalid_token = jwt.encode(
                 invalid_payload,
                 current_app.config["SECRET_TOKEN_KEY"],
-                algorithm="HS256"
+                algorithm="HS256",
             )
 
             # Try to use the invalid token
@@ -1113,7 +1143,7 @@ class LoginTestCases:
             )
 
             self.assertAlmostEqual(
-                datetime.utcnow(),
-                datetime.utcfromtimestamp(decoded_token["iat"]),
+                datetime.now(timezone.utc),
+                datetime.fromtimestamp(decoded_token["iat"], timezone.utc),
                 delta=timedelta(seconds=2),
             )

cornflow/tests/unit/test_alarms.py

@@ -13,9 +13,10 @@ TestAlarmsEndpoint
 """
 
 # Imports from internal modules
+import json
 from cornflow.models import AlarmsModel
 from cornflow.tests.const import ALARMS_URL
-from cornflow.tests.custom_test_case import CustomTestCase
+from cornflow.tests.custom_test_case import BaseTestCases, CustomTestCase
 
 
 class TestAlarmsEndpoint(CustomTestCase):
@@ -85,3 +86,56 @@ class TestAlarmsEndpoint(CustomTestCase):
                 self.assertIn(key, rows_data[i])
                 if key in data[i]:
                     self.assertEqual(rows_data[i][key], data[i][key])
+
+
+class TestAlarmsDetailEndpoint(TestAlarmsEndpoint, BaseTestCases.DetailEndpoint):
+    def setUp(self):
+        super().setUp()
+        self.url = self.url
+        self.idx = 0
+        self.payload = {
+            "name": "Alarm 1",
+            "description": "Description Alarm 1",
+            "criticality": 1,
+        }
+
+    def test_disable_alarm_detail(self):
+        """
+        The idea would be to read the alarm_id from the query and be able to disable the entire row for that alarm in the database.
+        To check this, I would use an example data set of different alarms and, after giving a specific id, be able to return the same data set,
+        excluding those related to the given alarm_id.
+
+        Verifies:
+        - Retrieval of a single alarm using its ID
+        - Correct validation of alarm data fields
+
+        """
+
+        data = {
+            "name": "Alarm 1",
+            "description": "Description Alarm 1",
+            "criticality": 1,
+        }
+        id = self.create_new_row(self.url, self.model, data)
+        data = {
+            "name": "Alarm 2",
+            "description": "Description Alarm 2",
+            "criticality": 1,
+        }
+        self.idx = id
+        url = self.url + str(id) + "/"
+        response = self.client.delete(
+            url,
+            data=json.dumps(data),
+            follow_redirects=True,
+            headers=self.get_header_with_auth(self.token),
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json, {"message": "Object marked as disabled"})
+        all_rows = AlarmsModel.query.all()
+        for row in all_rows:
+            if row.id == id:
+                # We check deleted at has a value
+                self.assertIsNotNone(row.deleted_at)
+            else:
+                self.assertIsNone(row.deleted_at)

cornflow/tests/unit/test_apiview.py

@@ -13,7 +13,8 @@ TestApiViewListEndpoint
 """
 
 # Import from internal modules
-from cornflow.endpoints import ApiViewListEndpoint, resources
+from cornflow.endpoints import ApiViewListEndpoint, resources, alarms_resources
+from cornflow.models import ViewModel
 from cornflow.shared.const import ROLES_MAP
 from cornflow.tests.const import APIVIEW_URL
 from cornflow.tests.custom_test_case import CustomTestCase
@@ -102,3 +103,107 @@ class TestApiViewListEndpoint(CustomTestCase):
                 )
 
                 self.assertEqual(403, response.status_code)
+
+
+class TestApiViewModel(CustomTestCase):
+    """
+    Test cases for the API views list endpoint.
+
+    This class tests the functionality of listing available API views, including:
+    - Authorization checks for different user roles
+    - Validation of returned API view data
+    - Access control for authorized and unauthorized roles
+    """
+
+    def setUp(self):
+        """
+        Set up test environment before each test.
+
+        Initializes test data including:
+        - Base test case setup
+        - Roles with access permissions
+        - Test payload with API view data
+        - Items to check in responses
+        """
+        super().setUp()
+        self.roles_with_access = ApiViewListEndpoint.ROLES_WITH_ACCESS
+        self.payload = [
+            {
+                "name": view["endpoint"],
+                "url_rule": view["urls"],
+                "description": view["resource"].DESCRIPTION,
+            }
+            for view in resources
+        ]
+        self.items_to_check = ["name", "description", "url_rule"]
+
+    def test_get_all_objects(self):
+        """
+        Test that the get_all_objects method works properly
+        """
+        expected_count = len(resources) + len(alarms_resources)
+        # Test getting all objects
+        all_instances = ViewModel.get_all_objects().all()
+        self.assertEqual(len(all_instances), expected_count)
+
+        # Check that all resources are included in the results
+        api_view_names = [view.name for view in all_instances]
+        expected_names = [view["endpoint"] for view in resources]
+
+        # Verify all expected resource names are in the results
+        for name in expected_names:
+            self.assertIn(name, api_view_names)
+
+        # Test with offset and limit
+        limited_instances = ViewModel.get_all_objects(offset=10, limit=10).all()
+        self.assertEqual(len(limited_instances), 10)
+
+        # Verify these are different from the first 10 results
+        first_ten = [view.id for view in all_instances[:10]]
+        offset_ten = [view.id for view in limited_instances]
+        self.assertNotEqual(first_ten, offset_ten)
+
+        # Test with only offset
+        offset_instances = ViewModel.get_all_objects(offset=10).all()
+        self.assertEqual(len(offset_instances), expected_count - 10)
+
+        # Verify these match with the correct slice of all results
+        offset_ids = [view.id for view in offset_instances]
+        expected_offset_ids = [view.id for view in all_instances[10:]]
+        self.assertEqual(offset_ids, expected_offset_ids)
+
+        # Test with only limit
+        limit_instances = ViewModel.get_all_objects(limit=10).all()
+        self.assertEqual(len(limit_instances), 10)
+
+        # Verify these match with the first 10 of all results
+        limit_ids = [view.id for view in limit_instances]
+        expected_limit_ids = [view.id for view in all_instances[:10]]
+        self.assertEqual(limit_ids, expected_limit_ids)
+
+    def test_get_one_object_by_name(self):
+        """
+        Test that the get_one_by_name method works properly
+        """
+        instance = ViewModel.get_one_by_name(name="instance")
+        self.assertEqual(instance.name, "instance")
+
+    def test_get_one_object(self):
+        """
+        Test that the get_one_object method works properly
+        """
+        instance = ViewModel.get_one_object(idx=1)
+        self.assertEqual(instance.name, "instance")
+
+    def test_get_one_object_without_idx(self):
+        """
+        Test that the get_one_object method works properly when called without any filters
+        """
+        # Call get_one_object without any filters
+        instance = ViewModel.get_one_object()
+
+        # It should return the first instance by default
+        first_instance = ViewModel.get_all_objects().first()
+        self.assertIsNotNone(instance)
+        self.assertEqual(instance.id, first_instance.id)
+        self.assertEqual(instance.name, first_instance.name)

cornflow/tests/unit/test_cli.py

@@ -33,6 +33,7 @@ from cornflow.models import (
 from cornflow.models import UserModel
 from cornflow.shared import db
 from cornflow.shared.exceptions import NoPermission, ObjectDoesNotExist
+from cornflow.endpoints import resources, alarms_resources
 
 
 class CLITests(TestCase):
@@ -281,7 +282,7 @@ class CLITests(TestCase):
         result = runner.invoke(cli, ["views", "init", "-v"])
         self.assertEqual(result.exit_code, 0)
         views = ViewModel.get_all_objects().all()
-        self.assertEqual(len(views), 49)
+        self.assertEqual(len(views), (len(resources) + len(alarms_resources)))
 
     def test_permissions_entrypoint(self):
         """
@@ -323,8 +324,8 @@ class CLITests(TestCase):
         permissions = PermissionViewRoleModel.get_all_objects().all()
         self.assertEqual(len(actions), 5)
         self.assertEqual(len(roles), 4)
-        self.assertEqual(len(views), 49)
-        self.assertEqual(len(permissions), 546)
+        self.assertEqual(len(views), (len(resources) + len(alarms_resources)))
+        self.assertEqual(len(permissions), 562)
 
     def test_permissions_base_command(self):
         """
@@ -348,8 +349,8 @@ class CLITests(TestCase):
         permissions = PermissionViewRoleModel.get_all_objects().all()
         self.assertEqual(len(actions), 5)
         self.assertEqual(len(roles), 4)
-        self.assertEqual(len(views), 49)
-        self.assertEqual(len(permissions), 546)
+        self.assertEqual(len(views), (len(resources) + len(alarms_resources)))
+        self.assertEqual(len(permissions), 562)
 
     def test_service_entrypoint(self):
         """

cornflow/tests/unit/test_dags.py

@@ -234,7 +234,6 @@ class TestDagDetailEndpoint(TestExecutionsDetailEndpointMock):
         )
         self.assertEqual(data["data"], instance_data["data"])
         self.assertEqual(data["config"], self.payload["config"])
-        return
 
     def test_get_no_dag(self):
         """