PyPI - ethyca-fides - Versions diffs - 2.58.2b5__py2.py3-none-any.whl → 2.58.2rc0__py2.py3-none-any.whl - Mend

ethyca-fides 2.58.2b5py2.py3-none-any.whl → 2.58.2rc0py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

fides/api/models/privacy_experience.py CHANGED Viewed

@@ -20,7 +20,6 @@ from fides.api.models import (
 from fides.api.models.location_regulation_selections import PrivacyNoticeRegion
 from fides.api.models.privacy_notice import PrivacyNotice
 from fides.api.models.property import Property
-from fides.api.models.tcf_publisher_restrictions import TCFConfiguration
 from fides.api.schemas.language import SupportedLanguage
@@ -47,21 +46,6 @@ class Layer1ButtonOption(Enum):
     ACKNOWLEDGE = "acknowledge"
     OPT_IN_OPT_OUT = "opt_in_opt_out"
-    OPT_IN_ONLY = "opt_in_only"
-class RejectAllMechanism(Enum):
-    """
-    Reject all mechanism options - not formalized in the db.
-    Used to configure the behavior of the reject all button in TCF experiences
-    """
-    # Reject both consent and legitimate interest preferences (all purposes, special features, vendors)
-    # This is the default behavior
-    REJECT_ALL = "reject_all"
-    # Reject only consent preferences (all purposes, special features, vendors).
-    # Do not reject any legitimate interest preferences.
-    REJECT_CONSENT_ONLY = "reject_consent_only"
 # Fides JS UX Types - there should only be one of these defined per region
@@ -195,10 +179,6 @@ class PrivacyExperienceConfig(PrivacyExperienceConfigBase, Base):
     The Privacy Experience Configuration model that stores shared configuration for Privacy Experiences.
     - Translations, Notices, and Regions (via Privacy Experiences) are linked to this resource.
-    If you're adding a new PrivacyExperienceConfig, make sure to use the `create` method since it has
-    custom logic that ensures other resources are created/updated as needed, as well as setting the
-    expected values for some fields in the experience config itself.
     """
     allow_language_selection = Column(
@@ -223,20 +203,6 @@ class PrivacyExperienceConfig(PrivacyExperienceConfigBase, Base):
         String, ForeignKey(ExperienceConfigTemplate.id_field_path)
     )  # The template from which this config was created if applicable
-    # Mechanism to use when the reject all button is clicked in a TCF experience
-    # Nullable because this is not applicable for other experience types
-    reject_all_mechanism = Column(
-        EnumColumn(RejectAllMechanism),
-        nullable=True,
-    )
-    # Optional FK to a TCF Configuration
-    tcf_configuration_id = Column(
-        String,
-        ForeignKey(TCFConfiguration.id_field_path, ondelete="SET NULL"),
-        nullable=True,
-    )
     # Relationships
     experiences = relationship(
         "PrivacyExperience",
@@ -266,12 +232,6 @@ class PrivacyExperienceConfig(PrivacyExperienceConfigBase, Base):
         lazy="selectin",
     )
-    tcf_configuration: RelationshipProperty[Optional[TCFConfiguration]] = relationship(
-        "TCFConfiguration",
-        back_populates="privacy_experience_configs",
-        lazy="selectin",
-    )
     @property
     def regions(self) -> List[PrivacyNoticeRegion]:
         """Return the regions using this experience config"""
@@ -344,15 +304,6 @@ class PrivacyExperienceConfig(PrivacyExperienceConfigBase, Base):
         # Link Properties to this Privacy Experience config via the PrivacyExperienceConfigProperty table
         link_properties_to_experience_config(db, properties, experience_config)
-        # If the reject all mechanism is not set and the experience config is a TCF experience,
-        # set the reject all mechanism to REJECT_ALL
-        if (
-            experience_config.component == ComponentType.tcf_overlay
-            and experience_config.reject_all_mechanism is None
-        ):
-            experience_config.reject_all_mechanism = RejectAllMechanism.REJECT_ALL  # type: ignore
-            experience_config.save(db)
         return experience_config
     def update(self, db: Session, *, data: dict[str, Any]) -> PrivacyExperienceConfig:
@@ -556,24 +507,6 @@ class PrivacyExperienceConfigHistory(
         index=True,
     )  # If a translation is deleted, this is set to null, but the overall record remains in the database for reporting purposes
-    # Mechanism to use when the reject all button is clicked in a TCF experience
-    # Nullable because this is not applicable for other experience types
-    reject_all_mechanism = Column(
-        EnumColumn(RejectAllMechanism),
-        nullable=True,
-    )
-    # Optional FK to a TCF Configuration
-    tcf_configuration_id = Column(
-        String,
-        ForeignKey(TCFConfiguration.id_field_path, ondelete="SET NULL"),
-        nullable=True,
-    )
-    tcf_configuration: RelationshipProperty[Optional[TCFConfiguration]] = relationship(
-        "TCFConfiguration",
-        lazy="selectin",
-    )
     version = Column(Float, nullable=False, default=1.0)
@@ -636,7 +569,6 @@ class PrivacyExperience(Base):
     tcf_special_features: List = []
     tcf_system_consents: List = []
     tcf_system_legitimate_interests: List = []
-    tcf_publisher_restrictions: List = []
     gvl: Optional[Dict] = {}
     # TCF Developer-Friendly Meta added at runtime as the result of build_tc_data_for_mobile
     meta: Dict = {}

fides/api/models/privacy_request/privacy_request.py CHANGED Viewed

@@ -39,14 +39,10 @@ from fides.api.graph.config import (
     CollectionAddress,
 )
 from fides.api.migrations.hash_migration_mixin import HashMigrationMixin
-from fides.api.models.attachment import (
-    Attachment,
-    AttachmentReference,
-    AttachmentReferenceType,
-)
+from fides.api.models.attachment import Attachment, AttachmentReference
 from fides.api.models.audit_log import AuditLog
 from fides.api.models.client import ClientDetail
-from fides.api.models.comment import Comment, CommentReference, CommentReferenceType
+from fides.api.models.comment import Comment, CommentReference
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.manual_webhook import AccessManualWebhook
 from fides.api.models.policy import (
@@ -173,25 +169,18 @@ class PrivacyRequest(
         backref="privacy_requests",
     )
     attachments = relationship(
-        "Attachment",
+        Attachment,
         secondary="attachment_reference",
-        primaryjoin="and_(PrivacyRequest.id == AttachmentReference.reference_id, "
-        "AttachmentReference.reference_type == 'privacy_request')",
+        primaryjoin="PrivacyRequest.id == AttachmentReference.reference_id",
         secondaryjoin="Attachment.id == AttachmentReference.attachment_id",
         order_by="Attachment.created_at",
-        viewonly=True,
-        uselist=True,
     )
     comments = relationship(
-        "Comment",
+        Comment,
         secondary="comment_reference",
-        primaryjoin="and_(PrivacyRequest.id == CommentReference.reference_id, "
-        "CommentReference.reference_type == 'privacy_request')",
+        primaryjoin="PrivacyRequest.id == CommentReference.reference_id",
         secondaryjoin="Comment.id == CommentReference.comment_id",
         order_by="Comment.created_at",
-        viewonly=True,
-        uselist=True,
     )
     property_id = Column(String, nullable=True)
@@ -334,12 +323,6 @@ class PrivacyRequest(
         deleting this object from the database
         """
         self.clear_cached_values()
-        Attachment.delete_attachments_for_reference_and_type(
-            db, self.id, AttachmentReferenceType.privacy_request
-        )
-        Comment.delete_comments_for_reference_and_type(
-            db, self.id, CommentReferenceType.privacy_request
-        )
         for provided_identity in self.provided_identities:  # type: ignore[attr-defined]
             provided_identity.delete(db=db)

fides/api/schemas/connection_configuration/connection_config.py CHANGED Viewed

@@ -71,23 +71,29 @@ def mask_sensitive_fields(
     return new_connection_secrets
-class ConnectionConfigSecretsMixin(BaseModel):
+class ConnectionConfigurationResponse(BaseModel):
     """
-    A schema mixin to declare a connection config `secrets` attribute
-    and handle masking of sensitive values based on `connection_type`
-    and (optionally) a `saas_config`.
+    Describes the returned schema for a ConnectionConfiguration.
     """
+    name: Optional[str] = None
+    key: FidesKey
+    description: Optional[str] = None
     connection_type: ConnectionType
-    secrets: Optional[Dict[str, Any]] = None
+    access: AccessLevel
+    created_at: datetime
+    updated_at: Optional[datetime] = None
+    disabled: Optional[bool] = False
+    last_test_timestamp: Optional[datetime] = None
+    last_test_succeeded: Optional[bool] = None
     saas_config: Optional[SaaSConfigBase] = None
+    secrets: Optional[Dict[str, Any]] = None
+    authorized: Optional[bool] = False
+    enabled_actions: Optional[List[ActionType]] = None
     @model_validator(mode="after")
-    def mask_sensitive_values(self) -> "ConnectionConfigSecretsMixin":
-        """
-        Mask sensitive values in the `secrets` attribute based on `connection_type`
-        and (optionally) a `saas_config`.
-        """
+    def mask_sensitive_values(self) -> "ConnectionConfigurationResponse":
+        """Mask sensitive values in the response."""
         if self.secrets is None:
             return self
@@ -110,26 +116,6 @@ class ConnectionConfigSecretsMixin(BaseModel):
         self.secrets = mask_sensitive_fields(cast(dict, self.secrets), secret_schema)
         return self
-class ConnectionConfigurationResponse(ConnectionConfigSecretsMixin):
-    """
-    Describes the returned schema for a ConnectionConfiguration.
-    The mixin base class ensures that `secrets` sensitive values are masked.
-    """
-    name: Optional[str] = None
-    key: FidesKey
-    description: Optional[str] = None
-    access: AccessLevel
-    created_at: datetime
-    updated_at: Optional[datetime] = None
-    disabled: Optional[bool] = False
-    last_test_timestamp: Optional[datetime] = None
-    last_test_succeeded: Optional[bool] = None
-    authorized: Optional[bool] = False
-    enabled_actions: Optional[List[ActionType]] = None
     model_config = ConfigDict(from_attributes=True)

fides/api/schemas/user.py CHANGED Viewed

@@ -3,7 +3,7 @@ from datetime import datetime
 from enum import Enum
 from typing import Optional
-from pydantic import ConfigDict, EmailStr, field_validator
+from pydantic import EmailStr, field_validator
 from fides.api.cryptography.cryptographic_util import decode_password
 from fides.api.schemas.base_class import FidesSchema
@@ -27,8 +27,6 @@ class UserCreate(FidesSchema):
     last_name: Optional[str] = None
     disabled: bool = False
-    model_config = ConfigDict(extra="ignore")
     @field_validator("username")
     @classmethod
     def validate_username(cls, username: str) -> str:
@@ -142,8 +140,6 @@ class UserUpdate(FidesSchema):
     first_name: Optional[str] = None
     last_name: Optional[str] = None
-    model_config = ConfigDict(extra="ignore")
 class DisabledReason(Enum):
     """Reasons for why a user is disabled"""

fides/api/service/deps.py CHANGED Viewed

@@ -8,7 +8,6 @@ from fides.service.dataset.dataset_config_service import DatasetConfigService
 from fides.service.dataset.dataset_service import DatasetService
 from fides.service.messaging.messaging_service import MessagingService
 from fides.service.privacy_request.privacy_request_service import PrivacyRequestService
-from fides.service.user.user_service import UserService
 def get_messaging_service(
@@ -33,11 +32,3 @@ def get_dataset_service(db: Session = Depends(get_db)) -> DatasetService:
 def get_dataset_config_service(db: Session = Depends(get_db)) -> DatasetConfigService:
     return DatasetConfigService(db)
-def get_user_service(
-    db: Session = Depends(get_db),
-    config: FidesConfig = Depends(get_config),
-    config_proxy: ConfigProxy = Depends(get_config_proxy),
-) -> UserService:
-    return UserService(db, config, config_proxy)

fides/api/service/storage/s3.py CHANGED Viewed

@@ -64,7 +64,7 @@ def generic_upload_to_s3(  # pylint: disable=R0913
     size_threshold: int = LARGE_FILE_THRESHOLD,  # 5 MB threshold
 ) -> Optional[AnyHttpUrlString]:
     """
-    Uploads file like objects to S3.
+    Uploads arbitrary data to S3 returned from an access request.
     Handles both small and large uploads.
     :param storage_secrets: S3 storage secrets
@@ -75,19 +75,6 @@ def generic_upload_to_s3(  # pylint: disable=R0913
     """
     logger.info("Starting S3 Upload of {}", file_key)
-    # Validate that the document is a file-like object
-    if not hasattr(document, "read") or not hasattr(document, "seek"):
-        raise TypeError(
-            f"The 'document' parameter must be a file-like object supporting 'read' and 'seek'. "
-            f"Received: {type(document)}"
-        )
-    # Ensure the file pointer is at the beginning
-    try:
-        document.seek(0)
-    except Exception as e:
-        raise ValueError(f"Failed to reset file pointer for document: {e}")
     s3_client = maybe_get_s3_client(auth_method, storage_secrets)
     # Define a transfer configuration for multipart uploads

fides/api/service/user/fides_user_service.py ADDED Viewed

@@ -0,0 +1,128 @@
+import uuid
+from datetime import datetime
+from typing import Optional, Tuple
+from loguru import logger
+from sqlalchemy.orm import Session
+from fides.api.api.v1.endpoints.messaging_endpoints import user_email_invite_status
+from fides.api.common_exceptions import AuthorizationError
+from fides.api.models.client import ClientDetail
+from fides.api.models.fides_user import FidesUser
+from fides.api.models.fides_user_invite import FidesUserInvite
+from fides.api.schemas.messaging.messaging import (
+    MessagingActionType,
+    UserInviteBodyParams,
+)
+from fides.api.schemas.redis_cache import Identity
+from fides.api.service.messaging.message_dispatch_service import dispatch_message
+from fides.config import FidesConfig
+from fides.config.config_proxy import ConfigProxy
+def invite_user(db: Session, config_proxy: ConfigProxy, user: FidesUser) -> None:
+    """
+    Generates a user invite and sends the invite code to the user via email.
+    This is a no-op if email messaging isn't configured.
+    """
+    # invite user via email if email messaging is enabled and the Admin UI URL is defined
+    if user_email_invite_status(db=db, config_proxy=config_proxy).enabled:
+        invite_code = str(uuid.uuid4())
+        FidesUserInvite.create(
+            db=db, data={"username": user.username, "invite_code": invite_code}
+        )
+        user.update(db, data={"disabled": True})
+        dispatch_message(
+            db,
+            action_type=MessagingActionType.USER_INVITE,
+            to_identity=Identity(email=user.email_address),
+            service_type=config_proxy.notifications.notification_service_type,
+            message_body_params=UserInviteBodyParams(
+                username=user.username, invite_code=invite_code
+            ),
+        )
+def accept_invite(
+    db: Session, config: FidesConfig, user: FidesUser, new_password: str
+) -> Tuple[FidesUser, str]:
+    """
+    Updates the user password and enables the user. Also removes the user invite from the database.
+    Returns a tuple of the updated user and their access code.
+    """
+    # update password and enable
+    user.update_password(db=db, new_password=new_password)
+    user.update(
+        db,
+        data={"disabled": False, "disabled_reason": None},
+    )
+    db.refresh(user)
+    # delete invite
+    if user.username:
+        invite = FidesUserInvite.get_by(db=db, field="username", value=user.username)
+        if invite:
+            invite.delete(db)
+    else:
+        logger.warning("Username is missing, skipping invite deletion.")
+    client = perform_login(
+        db,
+        config.security.oauth_client_id_length_bytes,
+        config.security.oauth_client_secret_length_bytes,
+        user,
+    )
+    logger.info("Creating login access token")
+    access_code = client.create_access_code_jwe(config.security.app_encryption_key)
+    return user, access_code
+def perform_login(
+    db: Session,
+    client_id_byte_length: int,
+    client_secret_byte_length: int,
+    user: FidesUser,
+    skip_save: Optional[bool] = False,
+) -> ClientDetail:
+    """Performs a login by updating the FidesUser instance and creating and returning
+    an associated ClientDetail.
+    If the username or password was bad, skip_save should be True. We still run through
+    parallel operations to keep the timing of operations similar, but should skip
+    saving to the database.
+    """
+    client = user.client
+    if not client:
+        logger.info("Creating client for login")
+        client, _ = ClientDetail.create_client_and_secret(
+            db,
+            client_id_byte_length,
+            client_secret_byte_length,
+            scopes=[],  # type: ignore
+            roles=user.permissions.roles,  # type: ignore
+            systems=user.system_ids,  # type: ignore
+            user_id=user.id,
+            in_memory=skip_save,  # If login flow has already errored, don't persist this to the database
+        )
+    else:
+        # Refresh the client just in case - for example, scopes and roles were added via the db directly.
+        client.roles = user.permissions.roles  # type: ignore
+        client.systems = user.system_ids  # type: ignore
+        if not skip_save:
+            client.save(db)
+    if user.permissions and (not user.permissions.roles and not user.systems):  # type: ignore
+        logger.warning("User {} needs roles or systems to login.", user.id)
+        raise AuthorizationError(detail="Not Authorized for this action")
+    if not skip_save:
+        user.last_login_at = datetime.utcnow()
+        user.save(db)
+    return client

fides/api/task/graph_task.py CHANGED Viewed

@@ -10,7 +10,7 @@ from loguru import logger
 from ordered_set import OrderedSet
 from sqlalchemy.orm import Session
-from fides.api.api.deps import get_autoclose_db_session as get_db
+from fides.api.api.deps import get_db_contextmanager as get_db
 from fides.api.common_exceptions import (
     ActionDisabled,
     AwaitingAsyncTaskCallback,

fides/api/util/collection_util.py CHANGED Viewed

@@ -122,7 +122,6 @@ def extract_key_for_address(
     return f"{dataset}:{collection}"
-# pylint: disable=too-many-branches
 def unflatten_dict(flat_dict: Dict[str, Any], separator: str = ".") -> Dict[str, Any]:
     """
     Converts a dictionary of paths/values into a nested dictionary
@@ -150,29 +149,17 @@ def unflatten_dict(flat_dict: Dict[str, Any], separator: str = ".") -> Dict[str,
         for i, current_key in enumerate(keys[:-1]):
             next_key = keys[i + 1]
             if next_key.isdigit():
-                if isinstance(target, dict):  # Only call setdefault on dictionaries
-                    target = target.setdefault(current_key, [])
-                elif isinstance(
-                    target, list
-                ):  # If target is a list, handle differently
-                    idx = int(current_key)
-                    while len(target) <= idx:
-                        target.append([])  # Add a list since next_key is a digit
-                    target = target[idx]
+                target = target.setdefault(current_key, [])
             else:
                 if isinstance(target, dict):
                     target = target.setdefault(current_key, {})
                 elif isinstance(target, list):
-                    idx = int(current_key)
-                    while len(target) <= idx:
+                    while len(target) <= int(current_key):
                         target.append({})
-                    target = target[idx]
+                    target = target[int(current_key)]
         try:
             if isinstance(target, list):
-                idx = int(keys[-1]) if keys[-1].isdigit() else len(target)
-                while len(target) <= idx:
-                    target.append(None)
-                target[idx] = value
+                target.append(value)
             else:
                 # If the value is a dictionary, add its components to the queue for processing
                 if isinstance(value, dict):
@@ -189,12 +176,10 @@ def unflatten_dict(flat_dict: Dict[str, Any], separator: str = ".") -> Dict[str,
     return output
-# pylint: disable=too-many-branches
 def flatten_dict(data: Any, prefix: str = "", separator: str = ".") -> Dict[str, Any]:
     """
     Recursively flatten a dictionary or list into a flat dictionary with dot-notation keys.
     Handles nested dictionaries and arrays with proper indices.
-    Preserves empty lists and dictionaries.
     example:
@@ -206,9 +191,7 @@ def flatten_dict(data: Any, prefix: str = "", separator: str = ".") -> Dict[str,
         "D": [
             {"E": "3"},
             {"E": "4"}
-        ],
-        "E": [],
-        "F": {}
+        ]
     }
     becomes
@@ -217,9 +200,7 @@ def flatten_dict(data: Any, prefix: str = "", separator: str = ".") -> Dict[str,
         "A.B": "1",
         "A.C": "2",
         "D.0.E": "3",
-        "D.1.E": "4",
-        "E": [],
-        "F": {}
+        "D.1.E": "4"
     }
     Args:
@@ -230,40 +211,20 @@ def flatten_dict(data: Any, prefix: str = "", separator: str = ".") -> Dict[str,
     Returns:
         A flattened dictionary with dot-notation keys
     """
-    items: Dict[str, Any] = {}
+    items = {}
     if isinstance(data, dict):
-        # Handle top-level empty dictionary case
-        if not data and not prefix:
-            return {}
-        # If the dictionary is empty but has a prefix, store it as is
-        if not data:
-            items[prefix] = {}
-            return items
         for k, v in data.items():
             new_key = f"{prefix}{separator}{k}" if prefix else k
             if isinstance(v, (dict, list)):
-                if not v:  # Handle empty dict or list
-                    items[new_key] = v
-                else:
-                    items.update(flatten_dict(v, new_key, separator))
+                items.update(flatten_dict(v, new_key, separator))
             else:
                 items[new_key] = v
     elif isinstance(data, list):
-        # If the list is empty, store it as is
-        if not data:
-            items[prefix] = []
-            return items
         for i, v in enumerate(data):
             new_key = f"{prefix}{separator}{i}"
             if isinstance(v, (dict, list)):
-                if not v:  # Handle empty dict or list
-                    items[new_key] = v
-                else:
-                    items.update(flatten_dict(v, new_key, separator))
+                items.update(flatten_dict(v, new_key, separator))
             else:
                 items[new_key] = v
     else:

ethyca-fides 2.58.2b5__py2.py3-none-any.whl → 2.58.2rc0__py2.py3-none-any.whl

ethyca-fides 2.58.2b5py2.py3-none-any.whl → 2.58.2rc0py2.py3-none-any.whl