cornflow 2.0.0a11__py3-none-any.whl → 2.0.0a12__py3-none-any.whl

cornflow/endpoints/login.py

@@ -1,16 +1,17 @@
 """
-External endpoint for the user to login to the cornflow webserver
+External endpoint for the user to log in to the cornflow webserver
 """
 
+from datetime import datetime, timezone, timedelta
+
 # Partial imports
-from flask import current_app
+from flask import current_app, request
 from flask_apispec import use_kwargs, doc
 from sqlalchemy.exc import IntegrityError, DBAPIError
-from datetime import datetime, timedelta
 
 # Import from internal modules
 from cornflow.endpoints.meta_resource import BaseMetaResource
-from cornflow.models import UserModel, UserRoleModel
+from cornflow.models import UserModel, UserRoleModel, PermissionsDAG
 from cornflow.schemas.user import LoginEndpointRequest, LoginOpenAuthRequest
 from cornflow.shared import db
 from cornflow.shared.authentication import Auth, LDAPBase
@@ -18,15 +19,11 @@ from cornflow.shared.const import (
     AUTH_DB,
     AUTH_LDAP,
     AUTH_OID,
-    OID_AZURE,
-    OID_GOOGLE,
-    OID_NONE,
 )
 from cornflow.shared.exceptions import (
     ConfigurationError,
     InvalidCredentials,
     InvalidUsage,
-    EndpointNotImplemented,
 )
 
 
@@ -45,7 +42,7 @@ class LoginBaseEndpoint(BaseMetaResource):
         This method is in charge of performing the log in of the user
 
         :param kwargs: keyword arguments passed for the login, these can be username, password or a token
-        :return: the response of the login or it raises an error. The correct response is a dict
+        :return: the response of the login, or it raises an error. The correct response is a dict
         with the newly issued token and the user id, and a status code of 200
         :rtype: dict
         """
@@ -55,10 +52,37 @@ class LoginBaseEndpoint(BaseMetaResource):
         if auth_type == AUTH_DB:
             user = self.auth_db_authenticate(**kwargs)
             response.update({"change_password": check_last_password_change(user)})
+            current_app.logger.info(
+                f"User {user.id} logged in successfully using database authentication"
+            )
         elif auth_type == AUTH_LDAP:
             user = self.auth_ldap_authenticate(**kwargs)
+            current_app.logger.info(
+                f"User {user.id} logged in successfully using LDAP authentication"
+            )
         elif auth_type == AUTH_OID:
-            user = self.auth_oid_authenticate(**kwargs)
+            if kwargs.get("username") and kwargs.get("password"):
+                if not current_app.config.get("SERVICE_USER_ALLOW_PASSWORD_LOGIN", 0):
+                    raise InvalidUsage(
+                        "Must provide a token in Authorization header. Cannot log in with username and password",
+                        400,
+                    )
+                user = self.auth_oid_authenticate(
+                    username=kwargs["username"], password=kwargs["password"]
+                )
+                current_app.logger.info(
+                    f"Service user {user.id} logged in successfully using password"
+                )
+                token = self.auth_class.generate_token(user.id)
+            else:
+                token = self.auth_class().get_token_from_header(request.headers)
+                user = self.auth_oid_authenticate(token=token)
+                current_app.logger.info(
+                    f"User {user.id} logged in successfully using OpenID authentication"
+                )
+
+            response.update({"token": token, "id": user.id})
+            return response, 200
         else:
             raise ConfigurationError()
 
@@ -77,7 +101,7 @@ class LoginBaseEndpoint(BaseMetaResource):
 
         :param str username: the username of the user to log in
         :param str password:  the password of the user to log in
-        :return: the user object or it raises an error if it has not been possible to log in
+        :return: the user object, or it raises an error if it has not been possible to log in
         :rtype: :class:`UserModel`
         """
         user = self.data_model.get_one_object(username=username)
@@ -96,7 +120,7 @@ class LoginBaseEndpoint(BaseMetaResource):
 
         :param str username: the username of the user to log in
         :param str password:  the password of the user to log in
-        :return: the user object or it raises an error if it has not been possible to log in
+        :return: the user object, or it raises an error if it has not been possible to log in
         :rtype: :class:`UserModel`
         """
         ldap_obj = self.ldap_class(current_app.config)
@@ -141,49 +165,20 @@ class LoginBaseEndpoint(BaseMetaResource):
         self, token: str = None, username: str = None, password: str = None
     ):
         """
-        Method  in charge of performing the log in with the token issued by an Open ID provider.
-        It has an exception and thus accepts username and password for service users if needed.
+        Method in charge of performing the authentication using OpenID Connect tokens.
+        Supports any OIDC provider configured via provider_url.
 
-        :param str token: the token that the user has obtained from the Open ID provider
-        :param str username: the username of the user to log in
-        :param str password: the password of the user to log in
-        :return: the user object or it raises an error if it has not been possible to log in
+        :param str token: the JWT token from the OIDC provider
+        :param str username: username for service users
+        :param str password: password for service users
+        :return: the user object, or it raises an error if it has not been possible to log in
         :rtype: :class:`UserModel`
         """
-
         if token:
 
-            oid_provider = int(current_app.config["OID_PROVIDER"])
-
-            client_id = current_app.config["OID_CLIENT_ID"]
-            tenant_id = current_app.config["OID_TENANT_ID"]
-            issuer = current_app.config["OID_ISSUER"]
-
-            if client_id is None or tenant_id is None or issuer is None:
-                raise ConfigurationError("The OID provider configuration is not valid")
-
-            if oid_provider == OID_AZURE:
-                decoded_token = self.auth_class().validate_oid_token(
-                    token, client_id, tenant_id, issuer, oid_provider
-                )
-
-            elif oid_provider == OID_GOOGLE:
-                raise EndpointNotImplemented(
-                    "The selected OID provider is not implemented"
-                )
-            elif oid_provider == OID_NONE:
-                raise EndpointNotImplemented(
-                    "The OID provider configuration is not valid"
-                )
-            else:
-                raise EndpointNotImplemented(
-                    "The OID provider configuration is not valid"
-                )
+            decoded_token = self.auth_class().decode_token(token)
 
-            username = decoded_token["preferred_username"]
-            email = decoded_token.get("email", f"{username}@test.org")
-            first_name = decoded_token.get("given_name", "")
-            last_name = decoded_token.get("family_name", "")
+            username = decoded_token.get("sub")
 
             user = self.data_model.get_one_object(username=username)
 
@@ -192,6 +187,10 @@ class LoginBaseEndpoint(BaseMetaResource):
                     f"OpenID user {username} does not exist and is created"
                 )
 
+                email = decoded_token.get("email", f"{username}@cornflow.org")
+                first_name = decoded_token.get("given_name", "")
+                last_name = decoded_token.get("family_name", "")
+
                 data = {
                     "username": username,
                     "email": email,
@@ -208,33 +207,52 @@ class LoginBaseEndpoint(BaseMetaResource):
                         "role_id": int(current_app.config["DEFAULT_ROLE"]),
                     }
                 )
-
                 user_role.save()
+                if int(current_app.config["OPEN_DEPLOYMENT"]) == 1:
+                    PermissionsDAG.add_all_permissions_to_user(user.id)
 
             return user
-        elif (
-            username
-            and password
-            and current_app.config["SERVICE_USER_ALLOW_PASSWORD_LOGIN"] == 1
-        ):
 
+        elif username and password:
             user = self.auth_db_authenticate(username, password)
-
             if user.is_service_user():
                 return user
-            else:
-                raise InvalidUsage("Invalid request")
+            raise InvalidUsage("Invalid request")
         else:
             raise InvalidUsage("Invalid request")
 
 
 def check_last_password_change(user):
+    """
+    Check if the user needs to change their password based on the password rotation time.
+
+    :param user: The user object to check
+    :return: True if password needs to be changed, False otherwise
+    :rtype: bool
+    """
     if user.pwd_last_change:
-        if (
-            user.pwd_last_change
-            + timedelta(days=int(current_app.config["PWD_ROTATION_TIME"]))
-            < datetime.utcnow()
-        ):
+        # Handle the case where pwd_last_change is already a datetime object
+        if isinstance(user.pwd_last_change, datetime):
+            # If it's a naive datetime (no timezone info), make it timezone-aware
+            if user.pwd_last_change.tzinfo is None:
+                last_change = user.pwd_last_change.replace(tzinfo=timezone.utc)
+            else:
+                # Already timezone-aware
+                last_change = user.pwd_last_change
+        else:
+            # It's a timestamp (integer), convert to datetime
+            last_change = datetime.fromtimestamp(user.pwd_last_change, timezone.utc)
+
+        # Get current time with UTC timezone for proper comparison
+        current_time = datetime.now(timezone.utc)
+
+        # Calculate the expiration time based on the password rotation setting
+        expiration_time = last_change + timedelta(
+            days=int(current_app.config["PWD_ROTATION_TIME"])
+        )
+
+        # Compare the timezone-aware datetimes
+        if expiration_time < current_time:
             return True
     return False
 

cornflow/endpoints/meta_resource.py

@@ -13,6 +13,7 @@ from cornflow.shared.const import ALL_DEFAULT_ROLES
 from cornflow.shared.exceptions import InvalidUsage, ObjectDoesNotExist, NoPermission
 
 
+
 class BaseMetaResource(Resource, MethodResource):
     """
     The base resource from all methods inherit from.
@@ -175,11 +176,18 @@ class BaseMetaResource(Resource, MethodResource):
     METHODS USED FOR ACTIVATING / DISABLING RECORDS IN CASE WE DO NOT WANT TO DELETE THEM STRAIGHT AWAY
     """
 
-    def disable_detail(self):
+    def disable_detail(self, idx):
         """
-        Method not implemented yet
+        Method to DISABLE an object from the database
+
+        :param idx: the idx which identifies the object
+        :return: the object and a status code.
         """
-        raise NotImplemented
+        row = self.data_model.query.get(idx)
+        if row is None:
+            raise ObjectDoesNotExist(f"Object with id {idx} not found.")
+        row.disable()
+        return {"message": "Object marked as disabled"}, 200
 
     def activate_detail(self, **kwargs):
         """

cornflow/migrations/versions/999b98e24225.py

@@ -0,0 +1,34 @@
+"""
+Rename dag_run_id column to run_id in executions table
+
+Revision ID: 999b98e24225
+Revises: 991b98e24225
+Create Date: 2024-04-08 12:00:00.000000
+
+"""
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = "abc123456789"
+down_revision = "991b98e24225"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("executions", schema=None) as batch_op:
+        batch_op.alter_column("dag_run_id", new_column_name="run_id")
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("executions", schema=None) as batch_op:
+        batch_op.alter_column("run_id", new_column_name="dag_run_id")
+
+    # ### end Alembic commands ###

cornflow/models/base_data_model.py

@@ -1,14 +1,13 @@
 """
 
 """
-# Import from libraries
+
 from flask import current_app
 from sqlalchemy import desc
 from sqlalchemy.dialects.postgresql import JSON
 from sqlalchemy.dialects.postgresql import TEXT
 from sqlalchemy.ext.declarative import declared_attr
 
-# Import from internal modules
 from cornflow.models.meta_models import TraceAttributesModel
 from cornflow.shared import db
 from cornflow.shared.utils import hash_json_256
@@ -39,7 +38,7 @@ class BaseDataModel(TraceAttributesModel):
 
     def __init__(self, data):
         self.user_id = data.get("user_id")
-        self.data = data.get("data") or data.get("execution_results")
+        self.data = data.get("data")
         self.data_hash = hash_json_256(self.data)
         self.name = data.get("name")
         self.description = data.get("description")
@@ -50,23 +49,16 @@ class BaseDataModel(TraceAttributesModel):
     @classmethod
     def get_all_objects(
         cls,
-        user,
         schema=None,
         creation_date_gte=None,
         creation_date_lte=None,
         deletion_date_gte=None,
         deletion_date_lte=None,
-        id=None,
         update_date_gte=None,
         update_date_lte=None,
-        user_name=None,
-        last_name=None,
-        email=None,
-        role_id=None,
-        url_rule=None,
-        description=None,
         offset=0,
         limit=10,
+        user=None,
     ):
         """
         Query to get all objects from a user
@@ -77,13 +69,6 @@ class BaseDataModel(TraceAttributesModel):
         :param string creation_date_lte: created_at needs to be smaller or equal to this
         :param string deletion_date_gte: deletion_at needs to be larger or equal to this
         :param string deletion_date_lte: deletion_at needs to be smaller or equal to this
-        :param string id: user id
-        :param string user_name: user first name
-        :param string last_name: user last name
-        :param string email: user email
-        :param int role_id: user role id
-        :param string url_rule: url_rule
-        :param string description: description
         :param string update_date_gte: update_at needs to be larger or equal to this
         :param string update_date_lte: update_at needs to be smaller or equal to this
         :param int offset: query offset for pagination
@@ -114,20 +99,7 @@ class BaseDataModel(TraceAttributesModel):
         if update_date_gte:
             query = query.filter(cls.update_at >= update_date_gte)
         if update_date_lte:
-            query = query.filter(cls.updat_at <= update_date_lte)
-        if user_name:
-            query = query.filter(cls.user_name == user_name)
-        if last_name:
-            query = query.filter(cls.last_name == last_name)
-        if email:
-            query = query.filter(cls.email == email)
-        if role_id:
-            query = query.filter(cls.role_id == role_id)
-        if url_rule:
-            query = query.filter(cls.url_rule == url_rule)
-        if description:
-            query = query.filter(cls.description == description)
-        # if airflow they also return total_entries = query.count(), for some reason
+            query = query.filter(cls.update_at <= update_date_lte)
 
         return query.order_by(desc(cls.created_at)).offset(offset).limit(limit).all()
 

cornflow/models/execution.py

@@ -55,7 +55,7 @@ class ExecutionModel(BaseDataModel):
         db.String(256), db.ForeignKey("instances.id"), nullable=False
     )
     config = db.Column(JSON, nullable=False)
-    dag_run_id = db.Column(db.String(256), nullable=True)
+    run_id = db.Column(db.String(256), nullable=True)
     log_text = db.Column(TEXT, nullable=True)
     log_json = db.Column(JSON, nullable=True)
     state = db.Column(db.SmallInteger, default=DEFAULT_EXECUTION_CODE, nullable=False)
@@ -78,8 +78,7 @@ class ExecutionModel(BaseDataModel):
                 + str(self.instance_id)
             ).encode()
         ).hexdigest()
-        # TODO AGA: modificar a run_id, tanto la columna como el parámetro.
-        self.dag_run_id = data.get("dag_run_id")
+        self.run_id = data.get("run_id")
         self.state = data.get("state", DEFAULT_EXECUTION_CODE)
         self.state_message = EXECUTION_STATE_MESSAGE_DICT[self.state]
         self.config = data.get("config")

cornflow/models/meta_models.py

@@ -1,13 +1,13 @@
 """
 This file contains the base abstract models from which the rest of the models inherit
 """
-# Imports from libraries
-from datetime import datetime
+
+from datetime import datetime, timezone
+from typing import Dict, List
+
 from flask import current_app
 from sqlalchemy.exc import DBAPIError, IntegrityError
-from typing import Dict, List
 
-# Imports from internal modules
 from cornflow.shared import db
 from cornflow.shared.exceptions import InvalidData
 
@@ -33,7 +33,9 @@ class EmptyBaseModel(db.Model):
 
         try:
             db.session.commit()
-            current_app.logger.debug(f"Transaction type: {action}, performed correctly on {self}")
+            current_app.logger.debug(
+                f"Transaction type: {action}, performed correctly on {self}"
+            )
         except IntegrityError as err:
             db.session.rollback()
             current_app.logger.error(f"Integrity error on {action} data: {err}")
@@ -99,7 +101,10 @@ class EmptyBaseModel(db.Model):
         action = "bulk create"
         try:
             db.session.commit()
-            current_app.logger.debug(f"Transaction type: {action}, performed correctly on {cls}")
+            current_app.logger.debug(
+                f"Transaction type: {action}, performed correctly on {cls}"
+            )
+
         except IntegrityError as err:
             db.session.rollback()
             current_app.logger.error(f"Integrity error on {action} data: {err}")
@@ -120,7 +125,10 @@ class EmptyBaseModel(db.Model):
         action = "bulk create update"
         try:
             db.session.commit()
-            current_app.logger.debug(f"Transaction type: {action}, performed correctly on {cls}")
+            current_app.logger.debug(
+                f"Transaction type: {action}, performed correctly on {cls}"
+            )
+
         except IntegrityError as err:
             db.session.rollback()
             current_app.logger.error(f"Integrity error on {action} data: {err}")
@@ -136,12 +144,7 @@ class EmptyBaseModel(db.Model):
         return instances
 
     @classmethod
-    def get_all_objects(
-        cls,
-        offset=0,
-        limit=None,
-        **kwargs
-    ):
+    def get_all_objects(cls, offset=0, limit=None, **kwargs):
         """
         Method to get all the objects from the database applying the filters passed as keyword arguments
 
@@ -154,7 +157,9 @@ class EmptyBaseModel(db.Model):
         """
         if "user" in kwargs:
             kwargs.pop("user")
-        query = cls.query.filter_by(**kwargs).offset(offset)
+        query = cls.query.filter_by(**kwargs)
+        if offset:
+            query = query.offset(offset)
         if limit:
             query = query.limit(limit)
         return query
@@ -208,8 +213,8 @@ class TraceAttributesModel(EmptyBaseModel):
     deleted_at = db.Column(db.DateTime, nullable=True)
 
     def __init__(self):
-        self.created_at = datetime.utcnow()
-        self.updated_at = datetime.utcnow()
+        self.created_at = datetime.now(timezone.utc)
+        self.updated_at = datetime.now(timezone.utc)
         self.deleted_at = None
 
     def update(self, data):
@@ -220,11 +225,11 @@ class TraceAttributesModel(EmptyBaseModel):
         :return: None
         :rtype: None
         """
-        self.updated_at = datetime.utcnow()
+        self.updated_at = datetime.now(timezone.utc)
         super().update(data)
 
     def pre_update(self, data):
-        self.updated_at = datetime.utcnow()
+        self.updated_at = datetime.now(timezone.utc)
         super().pre_update(data)
 
     def disable(self):
@@ -234,7 +239,7 @@ class TraceAttributesModel(EmptyBaseModel):
         :return: None
         :rtype: None
         """
-        self.deleted_at = datetime.utcnow()
+        self.deleted_at = datetime.now(timezone.utc)
         db.session.add(self)
         self.commit_changes("disabling")
 
@@ -245,7 +250,7 @@ class TraceAttributesModel(EmptyBaseModel):
         :return: None
         :rtype: None
         """
-        self.updated_at = datetime.utcnow()
+        self.updated_at = datetime.now(timezone.utc)
         self.deleted_at = None
         db.session.add(self)
         self.commit_changes("activating")
@@ -261,7 +266,7 @@ class TraceAttributesModel(EmptyBaseModel):
         update_date_lte=None,
         offset=0,
         limit=None,
-        **kwargs
+        **kwargs,
     ):
         """
         Method to get all the objects from the database applying the filters passed as keyword arguments
@@ -300,7 +305,8 @@ class TraceAttributesModel(EmptyBaseModel):
         if creation_date_lte:
             query = query.filter(cls.created_at <= creation_date_lte)
 
-        query = query.offset(offset)
+        if offset:
+            query = query.offset(offset)
         if limit:
             query = query.limit(limit)
         return query

cornflow/models/user.py

@@ -1,10 +1,11 @@
 """
 This file contains the UserModel
 """
+
 # Imports from external libraries
 import random
 import string
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 
 # Imports from internal modules
 from cornflow.models.meta_models import TraceAttributesModel
@@ -55,9 +56,7 @@ class UserModel(TraceAttributesModel):
     pwd_last_change = db.Column(db.DateTime, nullable=True)
     email = db.Column(db.String(128), nullable=False, unique=True)
 
-    user_roles = db.relationship(
-        "UserRoleModel", cascade="all,delete", backref="users"
-    )
+    user_roles = db.relationship("UserRoleModel", cascade="all,delete", backref="users")
 
     instances = db.relationship(
         "InstanceModel",
@@ -95,15 +94,14 @@ class UserModel(TraceAttributesModel):
         self.first_name = data.get("first_name")
         self.last_name = data.get("last_name")
         self.username = data.get("username")
-        self.pwd_last_change = datetime.utcnow()
+        self.pwd_last_change = datetime.now(timezone.utc)
         # TODO: handle better None passwords that can be found when using ldap
         check_pass, msg = check_password_pattern(data.get("password"))
         if check_pass:
             self.password = self.__generate_hash(data.get("password"))
         else:
             raise InvalidCredentials(
-                msg,
-                log_txt="Error while trying to create a new user. " + msg
+                msg, log_txt="Error while trying to create a new user. " + msg
             )
 
         check_email, msg = check_email_pattern(data.get("email"))
@@ -111,8 +109,7 @@ class UserModel(TraceAttributesModel):
             self.email = data.get("email")
         else:
             raise InvalidCredentials(
-                msg,
-                log_txt="Error while trying to create a new user. " + msg
+                msg, log_txt="Error while trying to create a new user. " + msg
             )
 
     def update(self, data):
@@ -126,7 +123,7 @@ class UserModel(TraceAttributesModel):
         if new_password:
             new_password = self.__generate_hash(new_password)
             data["password"] = new_password
-            data["pwd_last_change"] = datetime.utcnow()
+            data["pwd_last_change"] = datetime.now(timezone.utc)
         super().update(data)
 
     def comes_from_external_provider(self):

cornflow/schemas/alarms.py

@@ -1,6 +1,7 @@
 """
 This file contains the schemas used for the table alarms defined in the application None
 """
+
 from marshmallow import fields, Schema
 
 
@@ -18,3 +19,10 @@ class AlarmsResponse(AlarmsPostRequest):
 class QueryFiltersAlarms(Schema):
     schema = fields.Str(required=False)
     criticality = fields.Number(required=False)
+
+
+class AlarmEditRequest(Schema):
+    name = fields.Str(required=False)
+    criticality = fields.Number(required=False)
+    description = fields.Str(required=False)
+    schema = fields.Str(required=False)

cornflow/schemas/execution.py

@@ -43,7 +43,7 @@ class ExecutionSchema(Schema):
     name = fields.Str()
     description = fields.Str()
     schema = fields.Str(required=False)
-    dag_run_id = fields.Str(required=False, dump_only=True)
+    run_id = fields.Str(required=False, dump_only=True)
     config = fields.Nested(ConfigSchema, required=True)
     data = fields.Raw(dump_only=True)
     checks = fields.Raw(required=False, allow_none=True)

cornflow/schemas/query.py

@@ -1,13 +1,14 @@
 """
 This file contains the schemas used to query the results of a GET request
 """
+
 from marshmallow import fields, Schema
 
 
 class BaseQueryFilters(Schema):
     """This is the schema of the base query arguments"""
 
-    limit = fields.Int(required=False, dump_default=20)
+    limit = fields.Int(required=False, dump_default=10)
     offset = fields.Int(required=False, dump_default=0)
     creation_date_gte = fields.DateTime(required=False)
     creation_date_lte = fields.DateTime(required=False)