cornflow 1.2.1__py3-none-any.whl → 1.2.3a1__py3-none-any.whl

cornflow/shared/utils_tables.py

@@ -2,6 +2,7 @@
 import inspect
 import os
 import sys
+import collections
 
 from importlib import import_module
 from sqlalchemy.dialects.postgresql import TEXT
@@ -31,14 +32,42 @@ def import_models():
 
 
 def all_subclasses(cls, models=None):
-    subclasses = set()
+    """Finds all direct and indirect subclasses of a given class.
+
+    Optionally filters a provided list of models first.
+
+    Args:
+        cls: The base class to find subclasses for.
+        models: An optional iterable of classes to pre-filter.
+
+    Returns:
+        A set containing all subclasses found.
+    """
+    filtered_subclasses = set()
     if models is not None:
         for val in models:
-            if issubclass(val, cls):
-                subclasses.add(val)
+            # Ensure val is a class before checking issubclass
+            if isinstance(val, type) and issubclass(val, cls):
+                filtered_subclasses.add(val)
+
+    all_descendants = set()
+    # Use a deque for efficient pop(0)
+    queue = collections.deque(cls.__subclasses__())
+    # Keep track of visited classes during the traversal to handle potential complex hierarchies
+    # (though direct subclass relationships shouldn't form cycles)
+    # Initialize with direct subclasses as they are the starting point.
+    visited_for_queue = set(cls.__subclasses__())
+
+    while queue:
+        current_sub = queue.popleft()
+        all_descendants.add(current_sub)
+
+        for grandchild in current_sub.__subclasses__():
+            if grandchild not in visited_for_queue:
+                visited_for_queue.add(grandchild)
+                queue.append(grandchild)
 
-    return subclasses.union(set(cls.__subclasses__()).union(
-        [s for c in cls.__subclasses__() for s in all_subclasses(c)]))
+    return filtered_subclasses.union(all_descendants)
 
 
 type_converter = {
@@ -76,6 +105,5 @@ def item_as_dict(item):
 
 def items_as_dict_list(ls):
     return [
-        {c.name: getattr(item, c.name) for c in item.__table__.columns}
-        for item in ls
-    ]
+        {c.name: getattr(item, c.name) for c in item.__table__.columns} for item in ls
+    ]

cornflow/shared/validators.py

@@ -1,12 +1,12 @@
 """
 This file has several validators
 """
+
 import re
 from typing import Tuple, Union
 
 from jsonschema import Draft7Validator, validators
 from disposable_email_domains import blocklist
-from jsonschema.protocols import Validator
 
 
 def is_special_character(character):

cornflow/tests/const.py

@@ -17,6 +17,7 @@ INSTANCE_GC_20 = _get_file("./data/gc_20_7.json")
 INSTANCE_FILE_FAIL = _get_file("./unit/test_instances.py")
 
 EXECUTION_PATH = _get_file("./data/new_execution.json")
+CUSTOM_CONFIG_PATH = _get_file("./data/new_execution_custom_config.json")
 BAD_EXECUTION_PATH = _get_file("./data/bad_execution.json")
 EXECUTION_SOLUTION_PATH = _get_file("./data/new_execution_solution.json")
 EXECUTIONS_LIST = [EXECUTION_PATH, _get_file("./data/new_execution_2.json")]

cornflow/tests/custom_test_case.py

@@ -635,9 +635,9 @@ class BaseTestCases:
             # (we patch the request to airflow to check if the schema is valid)
             # we create 4 instances
             data_many = [self.payload for _ in range(4)]
-            data_many[-1] = {**data_many[-1], **dict(schema="timer")}
-            allrows = self.get_rows(self.url, data_many)
-            self.apply_filter(self.url, dict(schema="timer"), allrows.json[:1])
+
+            self.get_rows(self.url, data_many)
+            self.apply_filter(self.url, dict(schema="timer"), [])
 
         def test_opt_filters_date_lte(self):
             """
@@ -1117,7 +1117,7 @@ class LoginTestCases:
 
             self.assertEqual(400, response.status_code)
             self.assertEqual(
-                "Invalid token issuer. Token must be issued by a valid provider",
+                "Invalid token format or signature",
                 response.json["error"],
             )
 

cornflow/tests/unit/test_alarms.py

@@ -91,7 +91,6 @@ class TestAlarmsEndpoint(CustomTestCase):
 class TestAlarmsDetailEndpoint(TestAlarmsEndpoint, BaseTestCases.DetailEndpoint):
     def setUp(self):
         super().setUp()
-        self.url = self.url
         self.idx = 0
         self.payload = {
             "name": "Alarm 1",
@@ -138,4 +137,4 @@ class TestAlarmsDetailEndpoint(TestAlarmsEndpoint, BaseTestCases.DetailEndpoint)
                 # We check deleted at has a value
                 self.assertIsNotNone(row.deleted_at)
             else:
-                self.assertIsNone(row.deleted_at)
+                self.assertIsNone(row.deleted_at)

cornflow/tests/unit/test_cases.py

@@ -42,6 +42,7 @@ import zlib
 
 # Import from internal modules
 from cornflow.models import CaseModel, ExecutionModel, InstanceModel, UserModel
+from cornflow.shared.const import DATA_DOES_NOT_EXIST_MSG
 from cornflow.shared.utils import hash_json_256
 from cornflow.tests.const import (
     INSTANCE_URL,
@@ -227,12 +228,8 @@ class TestCasesFromInstanceExecutionEndpoint(CustomTestCase):
             "execution_id": execution_id,
             "schema": "solve_model_dag",
         }
-        self.instance = InstanceModel.get_one_object(
-            user=self.user, idx=instance_id
-        )
-        self.execution = ExecutionModel.get_one_object(
-            user=self.user, idx=execution_id
-        )
+        self.instance = InstanceModel.get_one_object(user=self.user, idx=instance_id)
+        self.execution = ExecutionModel.get_one_object(user=self.user, idx=execution_id)
 
     def test_new_case_execution(self):
         """
@@ -729,7 +726,7 @@ class TestCaseToInstanceEndpoint(CustomTestCase):
             headers=self.get_header_with_auth(self.token),
         )
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json["error"], "The object does not exist")
+        self.assertEqual(response.json["error"], DATA_DOES_NOT_EXIST_MSG)
 
 
 class TestCaseJsonPatch(CustomTestCase):

cornflow/tests/unit/test_commands.py

@@ -29,6 +29,7 @@ from cornflow.app import (
     register_dag_permissions,
     register_roles,
     register_views,
+    register_base_assignations,
 )
 from cornflow.commands.dag import register_deployed_dags_command_test
 from cornflow.endpoints import resources, alarms_resources
@@ -494,3 +495,92 @@ class TestCommands(TestCase):
             },
         )
         self.assertEqual(403, response.status_code)
+
+    def test_permissions_not_deleted_when_roles_removed_from_code(self):
+        """
+        Test that permissions are NOT deleted when roles are removed from ROLES_WITH_ACCESS.
+
+        This test demonstrates the current bug: when a role is removed from
+        ROLES_WITH_ACCESS in an endpoint's code, the corresponding permissions
+        in the database are not automatically deleted. This happens because
+        the deletion logic in register_base_permissions_command is commented out.
+
+        The test should currently FAIL to demonstrate the bug exists.
+        """
+        # First, initialize the access system normally
+        self.runner.invoke(access_init)
+
+        # Get the original ROLES_WITH_ACCESS for ExampleDataListEndpoint
+        from cornflow.endpoints.example_data import ExampleDataListEndpoint
+
+        original_roles = ExampleDataListEndpoint.ROLES_WITH_ACCESS.copy()
+
+        # Verify initial permissions are created for all three roles
+        # Get the view ID for the endpoint
+        from cornflow.models import ViewModel
+
+        view = ViewModel.query.filter_by(name="example-data").first()
+        self.assertIsNotNone(view, "example-data view should exist")
+
+        # Check permissions exist for all original roles
+        from cornflow.shared.const import ACTIONS_MAP
+        from cornflow.models import PermissionViewRoleModel
+
+        # Check GET action permissions (action_id=1 is typically GET)
+        get_action_id = 1
+        initial_permissions = PermissionViewRoleModel.query.filter_by(
+            api_view_id=view.id, action_id=get_action_id
+        ).all()
+
+        initial_role_ids = [perm.role_id for perm in initial_permissions]
+        self.assertEqual(
+            len(original_roles),
+            len(initial_permissions),
+            f"Should have permissions for all {len(original_roles)} original roles",
+        )
+
+        # Now simulate removing PLANNER_ROLE from ROLES_WITH_ACCESS
+        from cornflow.shared.const import PLANNER_ROLE, VIEWER_ROLE, ADMIN_ROLE
+
+        modified_roles = [VIEWER_ROLE, ADMIN_ROLE]  # Remove PLANNER_ROLE
+
+        # Temporarily modify the ROLES_WITH_ACCESS
+        ExampleDataListEndpoint.ROLES_WITH_ACCESS = modified_roles
+
+        try:
+
+            # Run the permission registration again
+            # (this simulates redeploying the app with modified roles)
+            self.runner.invoke(register_base_assignations, ["-v"])
+
+            # Check permissions after the "code change"
+            updated_permissions = PermissionViewRoleModel.query.filter_by(
+                api_view_id=view.id, action_id=get_action_id
+            ).all()
+
+            updated_role_ids = [perm.role_id for perm in updated_permissions]
+
+            # THIS IS THE BUG: The permission for PLANNER_ROLE should be deleted
+            # but it's not because the deletion logic is commented out
+            # So we expect this assertion to FAIL, demonstrating the bug
+            self.assertEqual(
+                len(modified_roles),
+                len(updated_permissions),
+                f"After removing PLANNER_ROLE from code, should only have {len(modified_roles)} permissions, "
+                f"but still has {len(updated_permissions)} permissions. "
+                f"This demonstrates the bug: permissions are not deleted when roles are removed from ROLES_WITH_ACCESS.",
+            )
+
+            # Also check that PLANNER_ROLE permission was actually removed
+            planner_permissions = [
+                perm for perm in updated_permissions if perm.role_id == PLANNER_ROLE
+            ]
+            self.assertEqual(
+                0,
+                len(planner_permissions),
+                "PLANNER_ROLE permission should have been deleted but still exists",
+            )
+
+        finally:
+            # Restore original ROLES_WITH_ACCESS to avoid affecting other tests
+            ExampleDataListEndpoint.ROLES_WITH_ACCESS = original_roles

cornflow/tests/unit/test_executions.py

@@ -18,6 +18,7 @@ from cornflow.tests.const import (
     DAG_URL,
     BAD_EXECUTION_PATH,
     EXECUTION_SOLUTION_PATH,
+    CUSTOM_CONFIG_PATH,
 )
 from cornflow.tests.custom_test_case import CustomTestCase, BaseTestCases
 from cornflow.tests.unit.tools import patch_af_client
@@ -43,6 +44,7 @@ class TestExecutionsListEndpoint(BaseTestCases.ListFilters):
         self.bad_payload = load_file_fk(BAD_EXECUTION_PATH)
         self.payloads = [load_file_fk(f) for f in EXECUTIONS_LIST]
         self.solution = load_file_fk(EXECUTION_SOLUTION_PATH)
+        self.custom_config_payload = load_file_fk(CUSTOM_CONFIG_PATH)
         self.keys_to_check = [
             "data_hash",
             "created_at",
@@ -57,11 +59,25 @@ class TestExecutionsListEndpoint(BaseTestCases.ListFilters):
             "instance_id",
             "name",
             "indicators",
+            "username",
+            "updated_at"
         ]
 
     def test_new_execution(self):
         self.create_new_row(self.url, self.model, payload=self.payload)
 
+    def test_get_custom_config(self):
+        id = self.create_new_row(
+            self.url, self.model, payload=self.custom_config_payload
+        )
+        url = EXECUTION_URL + "/" + str(id) + "/" + "?run=0"
+
+        response = self.get_one_row(
+            url,
+            payload={**self.custom_config_payload, **dict(id=id)},
+        )
+        self.assertEqual(response["config"]["block_model"]["solver"], "mip.gurobi")
+
     @patch("cornflow.endpoints.execution.Airflow")
     def test_new_execution_run(self, af_client_class):
         patch_af_client(af_client_class)
@@ -260,6 +276,8 @@ class TestExecutionsDetailEndpointMock(CustomTestCase):
             "schema",
             "user_id",
             "indicators",
+            "username",
+            "updated_at"
         }
         # we only check the following because this endpoint does not return data
         self.items_to_check = ["name", "description"]
@@ -274,7 +292,6 @@ class TestExecutionsDetailEndpoint(
 ):
     def setUp(self):
         super().setUp()
-        self.url = self.url
         self.query_arguments = {"run": 0}
 
     # TODO: this test should be moved as it is not using the detail endpoint
@@ -303,6 +320,8 @@ class TestExecutionsDetailEndpoint(
             "name",
             "created_at",
             "state",
+            "username",
+            "updated_at"
         ]
         execution = self.get_one_row(
             self.url + idx,
@@ -450,6 +469,8 @@ class TestExecutionsLogEndpoint(TestExecutionsDetailEndpointMock):
             "user_id",
             "config",
             "indicators",
+            "username",
+            "updated_at"
         ]
 
     def test_get_one_execution(self):

cornflow/tests/unit/test_health.py

@@ -4,7 +4,7 @@ from cornflow.shared import db
 
 from cornflow.app import create_app
 from cornflow.commands import access_init_command
-from cornflow.shared.const import STATUS_HEALTHY
+from cornflow.shared.const import STATUS_HEALTHY, CORNFLOW_VERSION
 from cornflow.tests.const import HEALTH_URL
 from cornflow.tests.custom_test_case import CustomTestCase
 
@@ -29,6 +29,9 @@ class TestHealth(CustomTestCase):
         self.assertEqual(200, response.status_code)
         cf_status = response.json["cornflow_status"]
         af_status = response.json["airflow_status"]
+        cf_version = response.json["cornflow_version"]
+        expected_version = CORNFLOW_VERSION
         self.assertEqual(str, type(cf_status))
         self.assertEqual(str, type(af_status))
         self.assertEqual(cf_status, STATUS_HEALTHY)
+        self.assertEqual(cf_version, expected_version)

cornflow/tests/unit/test_log_in.py

@@ -135,11 +135,20 @@ class TestLogInOpenAuth(CustomTestCase):
         Tests token validation failure when the kid is not found in public keys
         """
         # Import the real exceptions to ensure they are preserved
-        from jwt.exceptions import InvalidTokenError, ExpiredSignatureError
+        from jwt.exceptions import (
+            InvalidTokenError,
+            ExpiredSignatureError,
+            InvalidIssuerError,
+            InvalidSignatureError,
+            DecodeError,
+        )
 
         # Keep the real exception classes in the mock
         mock_jwt.ExpiredSignatureError = ExpiredSignatureError
         mock_jwt.InvalidTokenError = InvalidTokenError
+        mock_jwt.InvalidIssuerError = InvalidIssuerError
+        mock_jwt.InvalidSignatureError = InvalidSignatureError
+        mock_jwt.DecodeError = DecodeError
 
         mock_jwt.get_unverified_header.return_value = {"kid": "test_kid"}
 
@@ -165,7 +174,7 @@ class TestLogInOpenAuth(CustomTestCase):
 
         self.assertEqual(400, response.status_code)
         self.assertEqual(
-            response.json["error"], "Invalid token: Unknown key identifier (kid)"
+            response.json["error"], "Invalid token format, signature, or configuration"
         )
 
     @mock.patch("cornflow.shared.authentication.auth.jwt")
@@ -174,11 +183,20 @@ class TestLogInOpenAuth(CustomTestCase):
         Tests token validation failure when the token header is missing the kid
         """
         # Import the real exceptions to ensure they are preserved
-        from jwt.exceptions import InvalidTokenError, ExpiredSignatureError
+        from jwt.exceptions import (
+            InvalidTokenError,
+            ExpiredSignatureError,
+            InvalidIssuerError,
+            InvalidSignatureError,
+            DecodeError,
+        )
 
         # Keep the real exception classes in the mock
         mock_jwt.ExpiredSignatureError = ExpiredSignatureError
         mock_jwt.InvalidTokenError = InvalidTokenError
+        mock_jwt.InvalidIssuerError = InvalidIssuerError
+        mock_jwt.InvalidSignatureError = InvalidSignatureError
+        mock_jwt.DecodeError = DecodeError
 
         # Mock jwt.get_unverified_header to return a header without kid
         mock_jwt.get_unverified_header.return_value = {"alg": "RS256"}
@@ -194,8 +212,7 @@ class TestLogInOpenAuth(CustomTestCase):
 
         self.assertEqual(400, response.status_code)
         self.assertEqual(
-            response.json["error"],
-            "Invalid token: Missing key identifier (kid) in token header",
+            "Invalid token format, signature, or configuration", response.json["error"]
         )
 
     @mock.patch("cornflow.shared.authentication.auth.requests.get")
@@ -205,11 +222,20 @@ class TestLogInOpenAuth(CustomTestCase):
         Tests failure when trying to fetch public keys from the OIDC provider
         """
         # Import the real exceptions to ensure they are preserved
-        from jwt.exceptions import InvalidTokenError, ExpiredSignatureError
+        from jwt.exceptions import (
+            InvalidTokenError,
+            ExpiredSignatureError,
+            InvalidIssuerError,
+            InvalidSignatureError,
+            DecodeError,
+        )
 
         # Keep the real exception classes in the mock
         mock_jwt.ExpiredSignatureError = ExpiredSignatureError
         mock_jwt.InvalidTokenError = InvalidTokenError
+        mock_jwt.InvalidIssuerError = InvalidIssuerError
+        mock_jwt.InvalidSignatureError = InvalidSignatureError
+        mock_jwt.DecodeError = DecodeError
 
         # Clear the cache
         from cornflow.shared.authentication.auth import public_keys_cache
@@ -240,8 +266,8 @@ class TestLogInOpenAuth(CustomTestCase):
 
         self.assertEqual(400, response.status_code)
         self.assertEqual(
+            "Invalid token format, signature, or configuration",
             response.json["error"],
-            "Failed to fetch public keys from authentication provider",
         )
 
     @mock.patch("cornflow.shared.authentication.Auth.decode_token")
@@ -289,11 +315,20 @@ class TestLogInOpenAuth(CustomTestCase):
         the system fetches fresh keys from the provider.
         """
         # Import the real exceptions to ensure they are preserved
-        from jwt.exceptions import InvalidTokenError, ExpiredSignatureError
+        from jwt.exceptions import (
+            InvalidTokenError,
+            ExpiredSignatureError,
+            InvalidIssuerError,
+            InvalidSignatureError,
+            DecodeError,
+        )
 
         # Keep the real exception classes in the mock
         mock_jwt.ExpiredSignatureError = ExpiredSignatureError
         mock_jwt.InvalidTokenError = InvalidTokenError
+        mock_jwt.InvalidIssuerError = InvalidIssuerError
+        mock_jwt.InvalidSignatureError = InvalidSignatureError
+        mock_jwt.DecodeError = DecodeError
 
         # Mock jwt to return valid unverified header and payload
         mock_jwt.get_unverified_header.return_value = {"kid": "test_kid"}
@@ -531,4 +566,6 @@ class TestLogInOpenAuthService(CustomTestCase):
         )
 
         self.assertEqual(400, response.status_code)
-        self.assertEqual(response.json["error"], "Invalid token format or signature")
+        self.assertEqual(
+            response.json["error"], "Invalid token format, signature, or configuration"
+        )

cornflow/tests/unit/test_tables.py

@@ -11,7 +11,7 @@ from cornflow.app import create_app
 from cornflow.commands.access import access_init_command
 from cornflow.models import UserRoleModel
 from cornflow.shared import db
-from cornflow.shared.const import ADMIN_ROLE, SERVICE_ROLE
+from cornflow.shared.const import ADMIN_ROLE, SERVICE_ROLE, DATA_DOES_NOT_EXIST_MSG
 from cornflow.tests.const import LOGIN_URL, SIGNUP_URL, TABLES_URL
 
 
@@ -220,7 +220,7 @@ class TestTablesDetailEndpoint(TestCase):
             },
         )
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json["error"], "The object does not exist")
+        self.assertEqual(response.json["error"], DATA_DOES_NOT_EXIST_MSG)
 
 
 class TestTablesEndpointAdmin(TestCase):
@@ -291,4 +291,4 @@ class TestTablesEndpointAdmin(TestCase):
         self.assertEqual(response.status_code, 403)
         self.assertEqual(
             response.json["error"], "You do not have permission to access this endpoint"
-        )
+        )

{cornflow-1.2.1.dist-info → cornflow-1.2.3a1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cornflow
-Version: 1.2.1
+Version: 1.2.3a1
 Summary: cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones