iatoolkit 0.56.0__py3-none-any.whl → 0.58.0__py3-none-any.whl

iatoolkit/common/routes.py

@@ -21,7 +21,6 @@ def register_views(injector, app):
 
     from iatoolkit.views.index_view import IndexView
     from iatoolkit.views.init_context_api_view import InitContextApiView
-    from iatoolkit.views.llmquery_web_view import LLMQueryWebView
     from iatoolkit.views.llmquery_api_view import LLMQueryApiView
     from iatoolkit.views.tasks_view import TaskView
     from iatoolkit.views.tasks_review_view import TaskReviewView
@@ -67,8 +66,8 @@ def register_views(injector, app):
                      view_func=ChatTokenRequestView.as_view('chat-token'))
 
     # init (reset) the company context (with api-key)
-    app.add_url_rule('/<company_short_name>/api/init_context_api',
-                     view_func=InitContextApiView.as_view('init_context_api'))
+    app.add_url_rule('/<company_short_name>/api/init-context',
+                     view_func=InitContextApiView.as_view('init-context'))
 
     # register new user, account verification and forgot password
     app.add_url_rule('/<company_short_name>/signup',view_func=SignupView.as_view('signup'))
@@ -80,13 +79,8 @@ def register_views(injector, app):
 
     # main chat query, used by the JS in the browser (with credentials)
     # can be used also for executing iatoolkit prompts
-    app.add_url_rule('/<company_short_name>/llm_query', view_func=LLMQueryWebView.as_view('llm_query_web'))
-
-    # this is the same function as above, but with api-key
     app.add_url_rule('/<company_short_name>/api/llm_query', view_func=LLMQueryApiView.as_view('llm_query_api'))
 
-    # chat buttons are here on
-
     # open the promt directory
     app.add_url_rule('/<company_short_name>/api/prompts', view_func=PromptApiView.as_view('prompt'))
 

iatoolkit/iatoolkit.py

@@ -19,7 +19,7 @@ from werkzeug.middleware.proxy_fix import ProxyFix
 from injector import Binder, singleton, Injector
 from importlib.metadata import version as _pkg_version, PackageNotFoundError
 
-IATOOLKIT_VERSION = "0.56.0"
+IATOOLKIT_VERSION = "0.57.0"
 
 # global variable for the unique instance of IAToolkit
 _iatoolkit_instance: Optional['IAToolkit'] = None

iatoolkit/repositories/models.py

@@ -3,9 +3,10 @@
 #
 # IAToolkit is open source software.
 
-from sqlalchemy import Column, Integer, String, DateTime, Enum, Text, JSON, Boolean, ForeignKey, Table
+from sqlalchemy import Column, Integer, BigInteger, String, DateTime, Enum, Text, JSON, Boolean, ForeignKey, Table
 from sqlalchemy.orm import DeclarativeBase
 from sqlalchemy.orm import relationship, class_mapper, declarative_base
+from sqlalchemy.sql import func
 from datetime import datetime
 from pgvector.sqlalchemy import Vector
 from enum import Enum as PyEnum
@@ -307,3 +308,27 @@ class Prompt(Base):
 
     company = relationship("Company", back_populates="prompts")
     category = relationship("PromptCategory", back_populates="prompts")
+
+class AccessLog(Base):
+    # Modelo ORM para registrar cada intento de acceso a la plataforma.
+    __tablename__ = 'iat_access_log'
+
+    id = Column(BigInteger, primary_key=True)
+
+    timestamp = Column(DateTime(timezone=True), server_default=func.now(), nullable=False, index=True)
+    company_short_name = Column(String(100), nullable=False, index=True)
+    user_identifier = Column(String(255), index=True)
+
+    # Cómo y el Resultado
+    auth_type = Column(String(20), nullable=False) # 'local', 'external_api', 'redeem_token', etc.
+    outcome = Column(String(10), nullable=False)   # 'success' o 'failure'
+    reason_code = Column(String(50))               # Causa de fallo, ej: 'INVALID_CREDENTIALS'
+
+    # Contexto de la Petición
+    source_ip = Column(String(45), nullable=False)
+    user_agent_hash = Column(String(16))           # Hash corto del User-Agent
+    request_path = Column(String(255), nullable=False)
+
+    def __repr__(self):
+        return (f"<AccessLog(id={self.id}, company='{self.company_short_name}', "
+                f"user='{self.user_identifier}', outcome='{self.outcome}')>")

iatoolkit/services/auth_service.py

@@ -6,8 +6,12 @@
 from flask import request
 from injector import inject
 from iatoolkit.services.profile_service import ProfileService
+from iatoolkit.services.jwt_service import JWTService
+from iatoolkit.repositories.database_manager import DatabaseManager
+from iatoolkit.repositories.models import AccessLog
 from flask import request
 import logging
+import hashlib
 
 
 class AuthService:
@@ -17,11 +21,75 @@ class AuthService:
     """
 
     @inject
-    def __init__(self, profile_service: ProfileService):
-        """
-        Injects ProfileService to access session information and validate API keys.
-        """
+    def __init__(self, profile_service: ProfileService,
+                 jwt_service: JWTService,
+                 db_manager: DatabaseManager
+                 ):
         self.profile_service = profile_service
+        self.jwt_service = jwt_service
+        self.db_manager = db_manager
+
+    def login_local_user(self, company_short_name: str, email: str, password: str) -> dict:
+        # try to autenticate a local user, register the event and return the result
+        auth_response = self.profile_service.login(
+            company_short_name=company_short_name,
+            email=email,
+            password=password
+        )
+
+        if not auth_response.get('success'):
+            self.log_access(
+                company_short_name=company_short_name,
+                user_identifier=email,
+                auth_type='local',
+                outcome='failure',
+                reason_code='INVALID_CREDENTIALS',
+            )
+        else:
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='local',
+                outcome='success',
+                user_identifier=auth_response.get('user_identifier')
+            )
+
+        return auth_response
+
+    def redeem_token_for_session(self, company_short_name: str, token: str) -> dict:
+        # redeem a token for a session, register the event and return the result
+        payload = self.jwt_service.validate_chat_jwt(token)
+
+        if not payload:
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='redeem_token',
+                outcome='failure',
+                reason_code='JWT_INVALID'
+            )
+            return {'success': False, 'error': 'Token inválido o expirado'}
+
+        # 2. if token is valid, extract the user_identifier
+        user_identifier = payload.get('user_identifier')
+        try:
+            # create the Flask session
+            self.profile_service.set_session_for_user(company_short_name, user_identifier)
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='redeem_token',
+                outcome='success',
+                user_identifier=user_identifier
+            )
+            return {'success': True, 'user_identifier': user_identifier}
+        except Exception as e:
+            logging.error(f"Error al crear la sesión desde token para {user_identifier}: {e}")
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='redeem_token',
+                outcome='failure',
+                reason_code='SESSION_CREATION_FAILED',
+                user_identifier=user_identifier
+            )
+            return {'success': False, 'error': 'No se pudo crear la sesión del usuario'}
 
     def verify(self) -> dict:
         """
@@ -74,4 +142,40 @@ class AuthService:
         # --- Failure: No valid credentials found ---
         logging.info(f"Authentication required. No session cookie or API Key provided.")
         return {"success": False, "error": "Authentication required. No session cookie or API Key provided.",
-                "status_code": 402}
+                "status_code": 402}
+
+    def log_access(self,
+                   company_short_name: str,
+                   auth_type: str,
+                   outcome: str,
+                   user_identifier: str = None,
+                   reason_code: str = None):
+        """
+        Registra un intento de acceso en la base de datos.
+        Es "best-effort" y no debe interrumpir el flujo de autenticación.
+        """
+        session = self.db_manager.scoped_session()
+        try:
+            # Capturar datos del contexto de la petición de Flask
+            source_ip = request.headers.get('X-Forwarded-For', request.remote_addr)
+            path = request.path
+            ua = request.headers.get('User-Agent', '')
+            ua_hash = hashlib.sha256(ua.encode()).hexdigest()[:16] if ua else None
+
+            # Crear la entrada de log
+            log_entry = AccessLog(
+                company_short_name=company_short_name,
+                user_identifier=user_identifier,
+                auth_type=auth_type,
+                outcome=outcome,
+                reason_code=reason_code,
+                source_ip=source_ip,
+                user_agent_hash=ua_hash,
+                request_path=path,
+            )
+            session.add(log_entry)
+            session.commit()
+
+        except Exception as e:
+            logging.error(f"Fallo al escribir en AccessLog: {e}", exc_info=False)
+            session.rollback()

iatoolkit/services/profile_service.py

@@ -66,16 +66,18 @@ class ProfileService:
                 "extras": {}
             }
 
-            # 2. Call the session creation helper with the pre-built profile.
-            # user_identifier = str(user.id)
-            self.create_web_session(company, user_identifier, user_profile)
+            # 2. create user_profile in context
+            self.save_user_profile(company, user_identifier, user_profile)
+
+            # 3. create the web session
+            self.set_session_for_user(company.short_name, user_identifier)
             return {'success': True, "user_identifier": user_identifier, "message": "Login exitoso"}
         except Exception as e:
             return {'success': False, "message": str(e)}
 
-    def create_external_user_session(self, company: Company, user_identifier: str):
+    def create_external_user_profile_context(self, company: Company, user_identifier: str):
         """
-        Public method for views to create a web session for an external user.
+        Public method for views to create a user profile context for an external user.
         """
         # 1. Fetch the external user profile via Dispatcher.
         external_user_profile = self.dispatcher.get_user_info(
@@ -84,12 +86,12 @@ class ProfileService:
         )
 
         # 2. Call the session creation helper with external_user_id as user_identifier
-        self.create_web_session(
+        self.save_user_profile(
             company=company,
             user_identifier=user_identifier,
             user_profile=external_user_profile)
 
-    def create_web_session(self, company: Company, user_identifier: str, user_profile: dict):
+    def save_user_profile(self, company: Company, user_identifier: str, user_profile: dict):
         """
         Private helper: Takes a pre-built profile, saves it to Redis, and sets the Flask cookie.
         """
@@ -102,10 +104,8 @@ class ProfileService:
         # save user_profile in Redis session
         self.session_context.save_profile_data(company.short_name, user_identifier, user_profile)
 
-        # save a min Flask session cookie for this user
-        self.set_session_for_user(company.short_name, user_identifier)
-
     def set_session_for_user(self, company_short_name: str, user_identifier:str ):
+        # save a min Flask session cookie for this user
         SessionManager.set('company_short_name', company_short_name)
         SessionManager.set('user_identifier', user_identifier)
 

iatoolkit/services/query_service.py

@@ -66,9 +66,6 @@ class QueryService:
 
         # Get the user profile from the single source of truth.
         user_profile = self.profile_service.get_profile_by_identifier(company_short_name, user_identifier)
-        if not user_profile:
-            # This might happen if a session exists for a user that was deleted.
-            return None, None
 
         # render the iatoolkit main system prompt with the company/user information
         system_prompt_template = self.prompt_service.get_system_prompt()

iatoolkit/services/user_session_context_service.py

@@ -23,7 +23,7 @@ class UserSessionContextService:
         return f"session:{company_short_name}/{user_identifier}"
 
     def clear_all_context(self, company_short_name: str, user_identifier: str):
-        """Limpia el contexto de sesión para un usuario de forma atómica."""
+        """Limpia el contexto del LLM en la sesión para un usuario de forma atómica."""
         session_key = self._get_session_key(company_short_name, user_identifier)
         if session_key:
             # RedisSessionManager.remove(session_key)

iatoolkit/static/js/chat_main.js

@@ -6,7 +6,7 @@ let selectedPrompt = null; // Will hold a lightweight prompt object
 
 $(document).ready(function () {
     // Gatilla el redeem sin esperar ni manejar respuesta aquí
-        if (window.redeemToken !== '') {
+        if (window.redeemToken) {
             const url = `/api/redeem_token`;
             // No await: dejamos que callToolkit maneje todo internamente
             callToolkit(url, {'token': window.redeemToken}, "POST").catch(() => {});
@@ -183,7 +183,7 @@ const handleChatMessage = async function () {
             user_identifier: window.user_identifier
         };
 
-        const responseData = await callToolkit("/llm_query", data, "POST");
+        const responseData = await callToolkit("/api/llm_query", data, "POST");
         if (responseData && responseData.answer) {
             const answerSection = $('<div>').addClass('answer-section llm-output').append(responseData.answer);
             displayBotMessage(answerSection);

iatoolkit/templates/_login_widget.html

@@ -14,7 +14,8 @@
           method="post">
       <div class="mb-3">
         <label for="email" class="form-label d-block">Correo Electrónico</label>
-        <input type="email" id="email" name="email" class="form-control" required>
+        <input type="email" id="email" name="email" class="form-control"
+               required value="{{ form_data.email or '' }}">
       </div>
       <div class="mb-3">
         <label for="password" class="form-label d-block">Contraseña</label>

iatoolkit/templates/chat.html

@@ -183,11 +183,12 @@
     // --- Global Configuration from Backend ---
     window.companyShortName = "{{ company_short_name }}";
     window.user_identifier = "{{ user_identifier }}";
-    window.redeemToken = "{{ redeem_token }}";
+    window.redeemToken = {{ redeem_token | tojson | default('null') }};
     window.iatoolkit_base_url = "{{ iatoolkit_base_url }}";
     window.availablePrompts = {{ prompts.message | tojson }};
     window.onboardingCards = {{ onboarding_cards | tojson }};
     window.sendButtonColor = "{{ branding.send_button_color }}";
+
 </script>
 
 <!-- Carga de los scripts JS externos después de definir las variables globales -->
@@ -195,7 +196,7 @@
 <script src="{{ url_for('static', filename='js/chat_filepond.js', _external=True) }}"></script>
 <script src="{{ url_for('static', filename='js/chat_history.js', _external=True) }}"></script>
 <script src="{{ url_for('static', filename='js/chat_feedback.js', _external=True) }}"></script>
-<script src="{{ url_for('static', filename='js/chat_main.js', _external=True) }}"></script>
+    <script src="{{ url_for('static', filename='js/chat_context_reload.js', _external=True) }}"></script><script src="{{ url_for('static', filename='js/chat_main.js', _external=True) }}"></script>
 
 <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/toastr.min.css">
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
@@ -223,67 +224,6 @@
         })
     });
 
-document.addEventListener('DOMContentLoaded', function() {
-    const reloadButton = document.getElementById('force-reload-button');
-    if (!reloadButton) return;
-
-    const originalIconClass = 'bi bi-arrow-clockwise';
-    const spinnerIconClass = 'spinner-border spinner-border-sm';
-
-    // Configuración de Toastr para que aparezca abajo a la derecha
-    toastr.options = { "positionClass": "toast-bottom-right", "preventDuplicates": true };
-
-    reloadButton.addEventListener('click', function(event) {
-        event.preventDefault();
-
-        if (reloadButton.disabled) return; // Prevenir doble clic
-
-        // 1. Deshabilitar y mostrar spinner
-        reloadButton.disabled = true;
-        const icon = reloadButton.querySelector('i');
-        icon.className = spinnerIconClass;
-        toastr.info('Iniciando recarga de contexto en segundo plano...');
-
-        // 2. Construir la URL dinámicamente
-        const company = window.companyShortName;
-        const reloadUrl = `/${company}/api/init_context_api`;
-
-        // 3. Hacer la llamada AJAX con POST
-        fetch(reloadUrl, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json'
-            },
-            // Envía un cuerpo vacío o los datos necesarios
-            body: JSON.stringify({})
-        })
-        .then(response => {
-            if (!response.ok) {
-                return response.json().then(err => {
-                    throw new Error(err.error_message || `Error del servidor: ${response.status}`);
-                });
-            }
-            return response.json();
-        })
-        .then(data => {
-            if (data.status === 'OK') {
-                toastr.success(data.message || 'Contexto recargado exitosamente.');
-            } else {
-                toastr.error(data.error_message || 'Ocurrió un error desconocido.');
-            }
-        })
-        .catch(error => {
-            console.error('Error durante la recarga del contexto:', error);
-            toastr.error(error.message || 'Error de red al intentar recargar.');
-        })
-        .finally(() => {
-            // 4. Restaurar el botón
-            reloadButton.disabled = false;
-            icon.className = originalIconClass;
-        });
-    });
-});
-
 // Inicialización del modal de onboarding
 document.addEventListener('DOMContentLoaded', function () {
   const btn = document.getElementById('onboarding-button');

iatoolkit/views/base_login_view.py

@@ -8,11 +8,13 @@ from flask.views import MethodView
 from flask import render_template, url_for
 from injector import inject
 from iatoolkit.services.profile_service import ProfileService
+from iatoolkit.services.auth_service import AuthService
 from iatoolkit.services.query_service import QueryService
 from iatoolkit.services.branding_service import BrandingService
 from iatoolkit.services.onboarding_service import OnboardingService
 from iatoolkit.services.prompt_manager_service import PromptService
 from iatoolkit.services.jwt_service import JWTService
+from iatoolkit.repositories.models import Company
 
 
 class BaseLoginView(MethodView):
@@ -23,6 +25,7 @@ class BaseLoginView(MethodView):
     @inject
     def __init__(self,
                  profile_service: ProfileService,
+                 auth_service: AuthService,
                  jwt_service: JWTService,
                  branding_service: BrandingService,
                  prompt_service: PromptService,
@@ -30,6 +33,7 @@ class BaseLoginView(MethodView):
                  query_service: QueryService
                  ):
         self.profile_service = profile_service
+        self.auth_service = auth_service
         self.jwt_service = jwt_service
         self.branding_service = branding_service
         self.prompt_service = prompt_service
@@ -37,44 +41,26 @@ class BaseLoginView(MethodView):
         self.query_service = query_service
 
 
-    def _handle_login_path(self, company_short_name: str, user_identifier: str, company):
+    def _handle_login_path(self,
+                           company: Company,
+                           user_identifier: str,
+                           target_url: str,
+                           redeem_token: str = None):
         """
         Centralized logic to decide between the fast path and the slow path.
         """
-        # --- Get the company branding ---
+        # --- Get the company branding and onboarding_cards
         branding_data = self.branding_service.get_company_branding(company)
+        onboarding_cards = self.onboarding_service.get_onboarding_cards(company)
+        company_short_name = company.short_name
 
         # this service decides is the context needs to be rebuilt or not
         prep_result = self.query_service.prepare_context(
-            company_short_name=company_short_name, user_identifier=user_identifier
+            company_short_name=company.short_name, user_identifier=user_identifier
         )
 
-        # generate continuation token for external login
-        redeem_token = ''
-        if self.__class__.__name__ == 'ExternalLoginView':
-            redeem_token = self.jwt_service.generate_chat_jwt(
-                company_short_name=company_short_name,
-                user_identifier=user_identifier,
-                expires_delta_seconds=300
-            )
-
-            if not redeem_token:
-                return "Error al generar el redeem_token para login externo.", 500
-
         if prep_result.get('rebuild_needed'):
             # --- SLOW PATH: Render the loading shell ---
-            onboarding_cards = self.onboarding_service.get_onboarding_cards(company)
-
-            # callback url to call when the context finish loading
-            if redeem_token:
-                target_url = url_for('finalize_with_token',
-                                     company_short_name=company_short_name,
-                                     token=redeem_token,
-                                     _external=True)
-            else:
-                target_url = url_for('finalize_no_token',
-                                     company_short_name=company_short_name,
-                                     _external=True)
             return render_template(
                 "onboarding_shell.html",
                 iframe_src_url=target_url,
@@ -84,13 +70,12 @@ class BaseLoginView(MethodView):
         else:
             # --- FAST PATH: Render the chat page directly ---
             prompts = self.prompt_service.get_user_prompts(company_short_name)
-            onboarding_cards = self.onboarding_service.get_onboarding_cards(company)
             return render_template(
                 "chat.html",
                 company_short_name=company_short_name,
                 user_identifier=user_identifier,
-                branding=branding_data,
                 prompts=prompts,
+                branding=branding_data,
                 onboarding_cards=onboarding_cards,
                 redeem_token=redeem_token
             )

iatoolkit/views/external_login_view.py

@@ -5,46 +5,19 @@
 
 import os
 import logging
-from flask import request, jsonify
-from flask.views import MethodView
+from flask import request, jsonify, url_for
 from injector import inject
-from iatoolkit.services.auth_service import AuthService
 from iatoolkit.views.base_login_view import BaseLoginView
 
 # Importar los servicios que necesita la clase base
 from iatoolkit.services.profile_service import ProfileService
 from iatoolkit.services.jwt_service import JWTService
-from iatoolkit.services.branding_service import BrandingService
-from iatoolkit.services.onboarding_service import OnboardingService
-from iatoolkit.services.query_service import QueryService
-from iatoolkit.services.prompt_manager_service import PromptService
 
 class ExternalLoginView(BaseLoginView):
     """
     Handles login for external users via API.
     Authenticates and then delegates the path decision (fast/slow) to the base class.
     """
-    @inject
-    def __init__(self,
-                 iauthentication: AuthService,
-                 jwt_service: JWTService,
-                 profile_service: ProfileService,
-                 branding_service: BrandingService,
-                 prompt_service: PromptService,
-                 onboarding_service: OnboardingService,
-                 query_service: QueryService):
-        # Pass the dependencies for the base class to its __init__
-        super().__init__(
-            profile_service=profile_service,
-            jwt_service=jwt_service,
-            branding_service=branding_service,
-            onboarding_service=onboarding_service,
-            query_service=query_service,
-            prompt_service=prompt_service,
-        )
-        # Handle the dependency specific to this child class
-        self.iauthentication = iauthentication
-
     def post(self, company_short_name: str):
         data = request.get_json()
         if not data or 'user_identifier' not in data:
@@ -59,52 +32,52 @@ class ExternalLoginView(BaseLoginView):
             return jsonify({"error": "missing user_identifier"}), 404
 
         # 1. Authenticate the API call.
-        iaut = self.iauthentication.verify()
-        if not iaut.get("success"):
-            return jsonify(iaut), 401
+        auth_response = self.auth_service.verify()
+        if not auth_response.get("success"):
+            return jsonify(auth_response), 401
 
         # 2. Create the external user session.
-        self.profile_service.create_external_user_session(company, user_identifier)
+        self.profile_service.create_external_user_profile_context(company, user_identifier)
+
+        # 3. create a redeem_token for create session at the end of the process
+        redeem_token = self.jwt_service.generate_chat_jwt(
+            company_short_name=company_short_name,
+            user_identifier=user_identifier,
+            expires_delta_seconds=300
+        )
+
+        if not redeem_token:
+            return jsonify({"error": "Error al generar el redeem_token para login externo."}), 403
+
+        # 4. define URL to call when slow path is finished
+        target_url = url_for('finalize_with_token',
+                             company_short_name=company_short_name,
+                             token=redeem_token,
+                             _external=True)
 
-        # 3. Delegate the path decision to the centralized logic.
+        # 5. Delegate the path decision to the centralized logic.
         try:
-            return self._handle_login_path(company_short_name, user_identifier, company)
+            return self._handle_login_path(company, user_identifier, target_url, redeem_token)
         except Exception as e:
             logging.exception(f"Error processing external login path for {company_short_name}/{user_identifier}: {e}")
             return jsonify({"error": f"Internal server error while starting chat. {str(e)}"}), 500
 
 
-class RedeemTokenApiView(MethodView):
+class RedeemTokenApiView(BaseLoginView):
     # this endpoint is only used ONLY by chat_main.js to redeem a chat token
-    @inject
-    def __init__(self,
-                 profile_service: ProfileService,
-                 jwt_service: JWTService):
-        self.profile_service = profile_service
-        self.jwt_service = jwt_service
-
     def post(self, company_short_name: str):
         data = request.get_json()
         if not data or 'token' not in data:
             return jsonify({"error": "Falta token de validación"}), 400
 
-        # 1. validate the token
+        # get the token and validate with auth service
         token = data.get('token')
-        payload = self.jwt_service.validate_chat_jwt(token)
-        if not payload:
-            logging.warning("Intento de canjear un token inválido o expirado.")
-            return {"error": "Token inválido o expirado."}, 401
-
-        # 2. if token is valid, extract the user_identifier
-        user_identifier = payload.get('user_identifier')
-
-        try:
-            # 3. create the Flask session
-            self.profile_service.set_session_for_user(company_short_name, user_identifier)
-            logging.info(f"Token de sesión canjeado exitosamente para {user_identifier}.")
+        redeem_result = self.auth_service.redeem_token_for_session(
+            company_short_name=company_short_name,
+            token=token
+        )
 
-            return {"status": "ok"}, 200
+        if not redeem_result['success']:
+            return {"error": redeem_result['error']}, 401
 
-        except Exception as e:
-            logging.error(f"Error al crear la sesión desde token para {user_identifier}: {e}")
-            return {"error": "No se pudo crear la sesión del usuario."}, 500
+        return {"status": "ok"}, 200

iatoolkit/views/init_context_api_view.py

@@ -42,6 +42,7 @@ class InitContextApiView(MethodView):
             self.query_service.session_context.clear_all_context(company_short_name, user_identifier)
             logging.info(f"Context for {company_short_name}/{user_identifier} has been cleared.")
 
+            # LLM context is clean, now we can load it again
             self.query_service.prepare_context(
                 company_short_name=company_short_name,
                 user_identifier=user_identifier
@@ -52,7 +53,7 @@ class InitContextApiView(MethodView):
                 user_identifier=user_identifier
             )
 
-            logging.info(f"Context for {company_short_name}/{user_identifier} rebuilt successfully.")
+            # logging.info(f"Context for {company_short_name}/{user_identifier} rebuilt successfully.")
 
             # 3. Respond with JSON, as this is an API endpoint.
             return jsonify({'status': 'OK', 'message': 'Context has been reloaded successfully.'}), 200

iatoolkit/views/llmquery_api_view.py

@@ -32,12 +32,6 @@ class LLMQueryApiView(MethodView):
         if not data:
             return jsonify({"error": "Invalid JSON body"}), 400
 
-        # 3. Ensure session state exists for this API user (lazy creation).
-        profile = self.profile_service.get_profile_by_identifier(company_short_name, user_identifier)
-        if not profile:
-            company = self.profile_service.get_company_by_short_name(company_short_name)
-            self.profile_service.create_external_user_session(company, user_identifier)
-
         # 4. Call the unified query service method.
         result = self.query_service.llm_query(
             company_short_name=company_short_name,

iatoolkit/views/login_view.py

@@ -7,6 +7,7 @@ from flask.views import MethodView
 from flask import request, redirect, render_template, url_for
 from injector import inject
 from iatoolkit.services.profile_service import ProfileService
+from iatoolkit.services.auth_service import AuthService
 from iatoolkit.services.jwt_service import JWTService
 from iatoolkit.services.query_service import QueryService
 from iatoolkit.services.prompt_manager_service import PromptService
@@ -21,7 +22,6 @@ class LoginView(BaseLoginView):
     Handles login for local users.
     Authenticates and then delegates the path decision (fast/slow) to the base class.
     """
-
     def post(self, company_short_name: str):
         company = self.profile_service.get_company_by_short_name(company_short_name)
         if not company:
@@ -30,8 +30,8 @@ class LoginView(BaseLoginView):
         email = request.form.get('email')
         password = request.form.get('password')
 
-        # 1. Authenticate user and create the session for internal user
-        auth_response = self.profile_service.login(
+        # 1. Authenticate internal user
+        auth_response = self.auth_service.login_local_user(
             company_short_name=company_short_name,
             email=email,
             password=password
@@ -51,9 +51,14 @@ class LoginView(BaseLoginView):
 
         user_identifier = auth_response['user_identifier']
 
+        # 3. define URL to call when slow path is finished
+        target_url = url_for('finalize_no_token',
+                             company_short_name=company_short_name,
+                             _external=True)
+
         # 2. Delegate the path decision to the centralized logic.
         try:
-            return self._handle_login_path(company_short_name, user_identifier, company)
+            return self._handle_login_path(company, user_identifier, target_url)
         except Exception as e:
             return render_template("error.html", company=company, company_short_name=company_short_name,
                                    message=f"Error processing login path: {str(e)}"), 500
@@ -67,6 +72,7 @@ class FinalizeContextView(MethodView):
     @inject
     def __init__(self,
                  profile_service: ProfileService,
+                 auth_service: AuthService,
                  query_service: QueryService,
                  prompt_service: PromptService,
                  branding_service: BrandingService,

{iatoolkit-0.56.0.dist-info → iatoolkit-0.58.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: iatoolkit
-Version: 0.56.0
+Version: 0.58.0
 Summary: IAToolkit
 Author: Fernando Libedinsky
 License-Expression: MIT

{iatoolkit-0.56.0.dist-info → iatoolkit-0.58.0.dist-info}/RECORD

@@ -2,10 +2,10 @@ iatoolkit/__init__.py,sha256=4PWjMJjktixtrxF6BY405qyA50Sv967kEP2x-oil6qk,1120
 iatoolkit/base_company.py,sha256=nfF-G0h63jy3Qh9kCnvx8Ozx76IjG2p7a34HpweWhOk,4608
 iatoolkit/cli_commands.py,sha256=G5L9xQXZ0lVFXQWBaE_KEZHyfuiT6PL1nTQRoSdnBzc,2302
 iatoolkit/company_registry.py,sha256=tduqt3oV8iDX_IB1eA7KIgvIxE4edTcy-3qZIXh3Lzw,2549
-iatoolkit/iatoolkit.py,sha256=ve63cb-1L-m_RLPsU7KRG9IPhhMREb1fDQjqOIgHx9w,17583
+iatoolkit/iatoolkit.py,sha256=tFx-D1Q0usCdOc3vSNdtz94mTCWhUGcyRkDISI2QMMs,17583
 iatoolkit/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 iatoolkit/common/exceptions.py,sha256=EXx40n5htp7UiOM6P1xfJ9U6NMcADqm62dlFaKz7ICU,1154
-iatoolkit/common/routes.py,sha256=c8kRk8pEK_nV-2P1LiYXRERmW_QoW21Hk6CZkkizv6Y,6419
+iatoolkit/common/routes.py,sha256=vwPGZExbyYNM_-HXHRInSf8Py6uWjiOxifv2hbn_sGo,6145
 iatoolkit/common/session_manager.py,sha256=UeKfD15bcEA3P5e0WSURfotLqpsiIMp3AXxAMhtgHs0,471
 iatoolkit/common/util.py,sha256=w9dTd3csK0gKtFSp-a4t7XmCPZiYDhiON92uXRbTT8A,14624
 iatoolkit/infra/__init__.py,sha256=5JqK9sZ6jBuK83zDQokUhxQ0wuJJJ9DXB8pYCLkX7X4,102
@@ -29,12 +29,12 @@ iatoolkit/repositories/__init__.py,sha256=5JqK9sZ6jBuK83zDQokUhxQ0wuJJJ9DXB8pYCL
 iatoolkit/repositories/database_manager.py,sha256=QgV8hNnVv9RmeOvUdomdj_mfk0bf3Rl8Ti41a-5zIAY,3700
 iatoolkit/repositories/document_repo.py,sha256=Y7bF1kZB1HWJsAGjWdF7P2aVYeTYNufq9ngQXp7mDkY,1124
 iatoolkit/repositories/llm_query_repo.py,sha256=YT_t7cYGQk8rwzH_17-28aTzO-e2jUfa2rvXy8tugvA,3612
-iatoolkit/repositories/models.py,sha256=3YbIJXNMZiTkMbPyiSOiyzqUKEQF0JIfN4VSWYzwr44,13146
+iatoolkit/repositories/models.py,sha256=qM95kiKm_92JoPNXiwMT4HTjr5BjalnrDiatG3Rte-M,14300
 iatoolkit/repositories/profile_repo.py,sha256=21am3GP7XCG0nq6i3pArQ7mfGsrRn8rdcWT98fsdwlU,4397
 iatoolkit/repositories/tasks_repo.py,sha256=icVO_r2oPagGnnBhwVFzznnvEEU2EAx-2dlWuWvoDC4,1745
 iatoolkit/repositories/vs_repo.py,sha256=UkpmQQiocgM5IwRBmmWhw3HHzHP6zK1nN3J3TcQgjhc,5300
 iatoolkit/services/__init__.py,sha256=5JqK9sZ6jBuK83zDQokUhxQ0wuJJJ9DXB8pYCLkX7X4,102
-iatoolkit/services/auth_service.py,sha256=XHG2F0Vf2wDFjylc_OdDEIJL8I4cdhxeUIZIltgE4DU,2936
+iatoolkit/services/auth_service.py,sha256=vBVKkFJWsaPhhR-LvfLXfIrR-mmR-P5Y8Ya_5p1pgC8,7126
 iatoolkit/services/benchmark_service.py,sha256=CdbFYyS3FHFhNzWQEa9ZNjUlmON10DT1nKNbZQ1EUi8,5880
 iatoolkit/services/branding_service.py,sha256=gXj9Lj6EIFNIHT6wAHia5lr4_2a2sD-ExMbewno5YD8,7505
 iatoolkit/services/dispatcher_service.py,sha256=Qdn2x4cozpgpKg2448sUxkhO6tuplzb8xPWUxdTTFBE,12772
@@ -46,19 +46,19 @@ iatoolkit/services/jwt_service.py,sha256=W2kQVNQheQSLkNLS7RZ4jd3hmySBPLbHAS5hvBr
 iatoolkit/services/load_documents_service.py,sha256=ZpB0BZ3qX1fGJGBtZtMLbFdWWx0hkPoeCS3OqJKwCTs,7291
 iatoolkit/services/mail_service.py,sha256=2h-fcF3swZDya_o7IpgXkmuj3iEVHVCiHi7oVxU99sQ,2182
 iatoolkit/services/onboarding_service.py,sha256=cMO2Ho1-G3wAeVNl-j25LwCMJjRwj3yKHpYKnZUFLDE,2001
-iatoolkit/services/profile_service.py,sha256=uWlCsoGAPZaJkvVTBZVBWdh6Rk5LHcpDHWgYqi5vTp4,20317
+iatoolkit/services/profile_service.py,sha256=TuWV5wVR7gUYylOPKcUR0KdxHAglRv0cXxO18kCgng0,20300
 iatoolkit/services/prompt_manager_service.py,sha256=U-XmSpkeXvv1KRN4dytdMxSYBMRSB7y-UHcb18mk0nA,8342
-iatoolkit/services/query_service.py,sha256=J42KzthYIIsUX8cUS2E7vcXA6IZOJ28Y8I637m-9za4,17649
+iatoolkit/services/query_service.py,sha256=zv2xIy-Ukppso-1UEl7e2Gq31pherrOZ-TbeuUU4oZM,17509
 iatoolkit/services/search_service.py,sha256=i1xGWu7ORKIIDH0aAQBkF86dVVbLQ0Yrooz5TiZ6aGo,1823
 iatoolkit/services/sql_service.py,sha256=MIslAtpJWnTMgSD74nnqTvQj27p-lHiyRXc6OiA2C_c,2172
 iatoolkit/services/tasks_service.py,sha256=itREO5rDnUIgsqtyCOBKDtH30QL5v1egs4qPTiBK8xU,6865
 iatoolkit/services/user_feedback_service.py,sha256=ooy750qWmYOeJi-IJQofu8pLG4svGjGU_JKpKMURZkw,2353
-iatoolkit/services/user_session_context_service.py,sha256=TeYi4xF04Xk-4Qnp6cVTmxuNzA4B1nMVUuFDjTHeiZQ,6764
+iatoolkit/services/user_session_context_service.py,sha256=vYF_vWM37tPB_ZyPBJ6f6WTJVjT2j-4L8JfZbqbI93k,6775
 iatoolkit/static/images/fernando.jpeg,sha256=W68TYMuo5hZVpbP-evwH6Nu4xWFv2bc8pJzSKDoLTeQ,100612
 iatoolkit/static/js/chat_feedback.js,sha256=zlLEDQfEocGK7RKG2baqI-9fyQlqe6hVuAHOKTPmWek,4399
 iatoolkit/static/js/chat_filepond.js,sha256=mzXafm7a506EpM37KATTK3zvAswO1E0KSUY1vKbwuRc,3163
 iatoolkit/static/js/chat_history.js,sha256=4h6ldU7cDvgkW84fMKB8JReoxCX0NKSQAir_4CzAF9I,4382
-iatoolkit/static/js/chat_main.js,sha256=3ZsMy6NauobPRaYDvSJAws26l16FDslXGm8kGfXLt_E,18538
+iatoolkit/static/js/chat_main.js,sha256=o1ZNkeaBgGG9d07e5BxTL9OI0aJ26z1bvca1lGoQ-Uo,18535
 iatoolkit/static/js/chat_onboarding.js,sha256=b6ofiFcPhuCaPmSFIvDQZqcMUVvbI7LpIsjZOZJUSAU,3185
 iatoolkit/static/styles/chat_iatoolkit.css,sha256=aA-PZ2TGl_k82JSVVBC2-CJT0NiZAuLOGoiaJhdeVUU,11416
 iatoolkit/static/styles/chat_info.css,sha256=17DbgoNYE21VYWfb5L9-QLCpD2R1idK4imKRLwXtJLY,1058
@@ -70,12 +70,12 @@ iatoolkit/system_prompts/format_styles.prompt,sha256=MSMe1qvR3cF_0IbFshn8R0z6Wx6
 iatoolkit/system_prompts/query_main.prompt,sha256=D2Wjf0uunQIQsQiJVrY-BTQz6PemM5En6ftmw_c5t4E,2808
 iatoolkit/system_prompts/sql_rules.prompt,sha256=y4nURVnb9AyFwt-lrbMNBHHtZlhk6kC9grYoOhRnrJo,59174
 iatoolkit/templates/_branding_styles.html,sha256=x0GJmY1WWpPxKBUoqmxh685_1c6-4uLJWNPU6r81uAc,1912
-iatoolkit/templates/_login_widget.html,sha256=p7Xz0P1Xd3Otn41uVQTA3GmDswMrUVMIn9doDNJojAA,1852
+iatoolkit/templates/_login_widget.html,sha256=JeqVqUlFqst7_qrZ5vbE_MjmqVJC6bCKnrhJwDboxew,1903
 iatoolkit/templates/_navbar.html,sha256=o1PvZE5ueLmVpGUAmsjtu-vS_WPROTlJc2sTXl6AS4Y,360
 iatoolkit/templates/about.html,sha256=ciC08grUVz5qLzdzDDqDX31xirg5PrJIRYabWpV9oA8,294
 iatoolkit/templates/base.html,sha256=hHfBqZJsPcZGlb4BxAbHvpJFcSjckLIAVTYTmoyXrz0,2323
 iatoolkit/templates/change_password.html,sha256=G5a3hYLTpz_5Q_eZ4LNcYSqLeW-CuT4NCHD8bkhAd9k,3573
-iatoolkit/templates/chat.html,sha256=usmyuke0Moh6jNMWvxK2p_N15V6UzHNeXyXDd45XWIU,14087
+iatoolkit/templates/chat.html,sha256=NdKj1cDqQWSLrjMjfne32IZcwBdg_DV9apm8BMeTQDI,11952
 iatoolkit/templates/chat_modals.html,sha256=NwwgPoOmVbjy4aO2eHsy1TUMXRiOfTOC5Jx_F2ehhcs,6947
 iatoolkit/templates/error.html,sha256=c3dxieMygsvdjQMiQu_sn6kqqag9zFtVu-z5FunX6so,580
 iatoolkit/templates/forgot_password.html,sha256=NRZqbNHJXSLNArF_KLbzuem-U57v07awS0ikI_DJbfM,2360
@@ -86,26 +86,25 @@ iatoolkit/templates/onboarding_shell.html,sha256=r1ivSR2ci8GrDSm1uaD-cf78rfO1bKT
 iatoolkit/templates/signup.html,sha256=9ArDvcNQgHFR2dwxy-37AXzGUOeOsT7Nz5u0y6fAB3U,4385
 iatoolkit/templates/test.html,sha256=rwNtxC83tbCl5COZFXYvmRBxxmgFJtPNuVBd_nq9KWY,133
 iatoolkit/views/__init__.py,sha256=5JqK9sZ6jBuK83zDQokUhxQ0wuJJJ9DXB8pYCLkX7X4,102
-iatoolkit/views/base_login_view.py,sha256=6AANVhwhs5MyT3WVjJqKZLoS1TwyErsrKnb1xhpqP4Y,3970
+iatoolkit/views/base_login_view.py,sha256=qoMMrAezCJvzjcfNzIbd2vwHhksALIQfNK8f_9E8m0o,3241
 iatoolkit/views/change_password_view.py,sha256=tM0woZyKdhY4XYjS_YXg2sKq3RYkXGfcq_eVAKrNvNM,4498
 iatoolkit/views/chat_token_request_view.py,sha256=wf32_A2Sq8NHYWshCwL10Tovd1znLoD0jQjzutR3sVE,4408
-iatoolkit/views/external_login_view.py,sha256=nuWebrl2Opnhj6H-UW6dUOHwi8pj4s1_-dN3VEKNQdY,4483
+iatoolkit/views/external_login_view.py,sha256=6EM1pfMo1yP5ofADIyq_d4m7wH-OppKgLa86KFdiyH0,3282
 iatoolkit/views/file_store_api_view.py,sha256=Uz9f6sey3_F5K8zuyQz6SwYRKAalCjD1ekf-Mkl_Kfo,2326
 iatoolkit/views/forgot_password_view.py,sha256=-qKJeeOBqJFdvDUk7rCNg1E1cDQnJQkozPpb0T0FgwA,3159
 iatoolkit/views/history_api_view.py,sha256=x-tZhB8UzqrD2n-WDIfmHK9iVhGZ9f0yncsGs9mxwt0,1953
 iatoolkit/views/index_view.py,sha256=P5aVdEWxsYOZGbzcXd6WFE733qZ7YXIoeqriUMAM6V8,1527
-iatoolkit/views/init_context_api_view.py,sha256=1j8NKfODfPrffbA5YO8TPMHh-ildlLNzReIxv_qO-W4,2586
-iatoolkit/views/llmquery_api_view.py,sha256=Rh-y-VENwwtNsDrYAD_SWKwjK16fW-pFRWlEvI-OYwY,2120
-iatoolkit/views/llmquery_web_view.py,sha256=WhjlA1mfsoL8hL9tlKQfjCUcaTzT43odlp_uQKmT314,1500
+iatoolkit/views/init_context_api_view.py,sha256=tWlAN01nr3otXchraDHZZdMCFxAEM_GI0SwiFuhehAQ,2649
+iatoolkit/views/llmquery_api_view.py,sha256=ANnspwka7Yxjf2X58tE6IippyBfjOP-RgwbJlbOO_tw,1740
 iatoolkit/views/login_simulation_view.py,sha256=0Qt-puRnltI2HZxlfdyJmOf26-hQp3xjknGV_jkwV7E,3484
-iatoolkit/views/login_view.py,sha256=sjM8ki_F7C9S0a9pukLd5jn5KnM2sbRabnAIrtIK8KQ,5373
+iatoolkit/views/login_view.py,sha256=ESJLKHGUKQw71STHK2AoxugQUJmxnPYlI13n7ZawLLg,5663
 iatoolkit/views/prompt_api_view.py,sha256=MP0r-MiswwKcbNc_5KY7aVbHkrR218I8XCiCX1D0yTA,1244
 iatoolkit/views/signup_view.py,sha256=BCjhM2lMiDPwYrlW_eEwPl-ZLupblbFfsonWtq0E4vU,3922
 iatoolkit/views/tasks_review_view.py,sha256=keLsLCyOTTlcoIapnB_lbuSvLwrPVZVpBiFC_7ChbLg,3388
 iatoolkit/views/tasks_view.py,sha256=a3anTXrJTTvbQuc6PSpOzidLKQFL4hWa7PI2Cppcz8w,4110
 iatoolkit/views/user_feedback_api_view.py,sha256=59XB9uQLHI4Q6QA4_XhK787HzfXb-c6EY7k1Ccyr4hI,2424
 iatoolkit/views/verify_user_view.py,sha256=7XLSaxvs8LjBr3cYOUDa9B8DqW_50IGlq0IvmOQcD0Y,2340
-iatoolkit-0.56.0.dist-info/METADATA,sha256=Td4cobpNkkpPaIPZALITKGwwBHowzfG3klOYoGANjsk,9301
-iatoolkit-0.56.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-iatoolkit-0.56.0.dist-info/top_level.txt,sha256=V_w4QvDx0b1RXiy8zTCrD1Bp7AZkFe3_O0-9fMiwogg,10
-iatoolkit-0.56.0.dist-info/RECORD,,
+iatoolkit-0.58.0.dist-info/METADATA,sha256=0dlpinBIYN54AdKHdawbfpToVXPHyCKbfa9dM1Vi6dw,9301
+iatoolkit-0.58.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+iatoolkit-0.58.0.dist-info/top_level.txt,sha256=V_w4QvDx0b1RXiy8zTCrD1Bp7AZkFe3_O0-9fMiwogg,10
+iatoolkit-0.58.0.dist-info/RECORD,,

iatoolkit/views/llmquery_web_view.py

@@ -1,38 +0,0 @@
-from flask.views import MethodView
-from flask import request, jsonify
-from injector import inject
-from iatoolkit.services.query_service import QueryService
-from iatoolkit.services.auth_service import AuthService  # Use AuthService for session check
-
-
-class LLMQueryWebView(MethodView):  # Renamed for clarity
-    """
-    Web-only endpoint for submitting queries from the chat UI.
-    Authenticates via Flask session cookie.
-    """
-
-    @inject
-    def __init__(self, auth_service: AuthService, query_service: QueryService):
-        self.auth_service = auth_service
-        self.query_service = query_service
-
-    def post(self, company_short_name: str):
-        # 1. Authenticate the web session request.
-        auth_result = self.auth_service.verify()
-        if not auth_result.get("success"):
-            return jsonify({"error": auth_result.get("error_message")}), auth_result.get("status_code", 401)
-
-        # 2. Get the guaranteed user_identifier from the auth result.
-        user_identifier = auth_result['user_identifier']
-        data = request.get_json() or {}
-
-        # 3. Call the unified query service method.
-        result = self.query_service.llm_query(
-            company_short_name=company_short_name,
-            user_identifier=user_identifier,
-            question=data.get('question', ''),
-            prompt_name=data.get('prompt_name'),
-            client_data=data.get('client_data', {}),
-            files=data.get('files', [])
-        )
-        return jsonify(result)