infrahub-server 1.3.8__py3-none-any.whl → 1.3.9__py3-none-any.whl

infrahub/core/account.py

@@ -5,9 +5,10 @@ from typing import TYPE_CHECKING, Any
 
 from typing_extensions import Self
 
-from infrahub.core.constants import InfrahubKind, PermissionDecision
+from infrahub.core.constants import NULL_VALUE, InfrahubKind, PermissionDecision
 from infrahub.core.query import Query, QueryType
 from infrahub.core.registry import registry
+from infrahub.core.timestamp import Timestamp
 
 if TYPE_CHECKING:
     from infrahub.core.branch import Branch
@@ -519,47 +520,72 @@ class AccountTokenValidateQuery(Query):
         super().__init__(**kwargs)
 
     async def query_init(self, db: InfrahubDatabase, **kwargs: Any) -> None:  # noqa: ARG002
-        token_filter_perms, token_params = self.branch.get_query_filter_relationships(
-            rel_labels=["r1", "r2"], at=self.at, include_outside_parentheses=True
+        branch_filter, branch_params = self.branch.get_query_filter_path(
+            at=self.at.to_string(), branch_agnostic=self.branch_agnostic, is_isolated=False
         )
-        self.params.update(token_params)
-
-        account_filter_perms, account_params = self.branch.get_query_filter_relationships(
-            rel_labels=["r31", "r41", "r5", "r6"], at=self.at, include_outside_parentheses=True
+        self.params.update(branch_params)
+        self.params.update(
+            {
+                "token_attr_name": "token",
+                "token_relationship_name": "account__token",
+                "token_value": self.token,
+                "null_value": NULL_VALUE,
+            }
         )
-        self.params.update(account_params)
 
-        self.params["token_value"] = self.token
-
-        # ruff: noqa: E501
         query = """
-        MATCH (at:InternalAccountToken)-[r1:HAS_ATTRIBUTE]-(a:Attribute {name: "token"})-[r2:HAS_VALUE]-(av:AttributeValue { value: $token_value })
-        WHERE %s
-        WITH at
-        MATCH (at)-[r31]-(:Relationship)-[r41]-(acc:CoreGenericAccount)-[r5:HAS_ATTRIBUTE]-(an:Attribute {name: "name"})-[r6:HAS_VALUE]-(av:AttributeValue)
-        WHERE %s
-        """ % (
-            "\n AND ".join(token_filter_perms),
-            "\n AND ".join(account_filter_perms),
-        )
-
+// --------------
+// get the active token node for this token value, if it exists
+// --------------
+MATCH (token_node:%(token_node_kind)s)-[r1:HAS_ATTRIBUTE]->(:Attribute {name: $token_attr_name})
+    -[r2:HAS_VALUE]->(av:AttributeValue { value: $token_value })
+WHERE all(r in [r1, r2] WHERE (%(branch_filter)s))
+ORDER BY r1.branch_level DESC, r1.from DESC, r1.status ASC, r2.branch_level DESC, r2.from DESC, r2.status ASC
+LIMIT 1
+WITH token_node
+WHERE r1.status = "active" AND r2.status = "active"
+// --------------
+// get the expiration time
+// --------------
+OPTIONAL MATCH (token_node)-[r1:HAS_ATTRIBUTE]->(:Attribute {name: "expiration"})
+    -[r2:HAS_VALUE]->(av)
+WHERE all(r in [r1, r2] WHERE (%(branch_filter)s))
+ORDER BY r1.branch_level DESC, r1.from DESC, r1.status ASC, r2.branch_level DESC, r2.from DESC, r2.status ASC
+LIMIT 1
+WITH token_node, CASE
+    WHEN r1.status = "active" AND r2.status = "active" AND av.value <> $null_value THEN av.value
+    ELSE NULL
+END AS expiration
+// --------------
+// get the linked account node from the token node
+// --------------
+MATCH (token_node)-[r1:IS_RELATED]-(:Relationship {name: $token_relationship_name})-[r2:IS_RELATED]-(account_node:%(account_node_kind)s)
+WHERE all(r in [r1, r2] WHERE (%(branch_filter)s))
+ORDER BY r1.branch_level DESC, r1.from DESC, r1.status ASC, r2.branch_level DESC, r2.from DESC, r2.status ASC
+LIMIT 1
+WITH expiration, account_node
+WHERE r1.status = "active" AND r2.status = "active"
+        """ % {
+            "branch_filter": branch_filter,
+            "token_node_kind": InfrahubKind.ACCOUNTTOKEN,
+            "account_node_kind": InfrahubKind.GENERICACCOUNT,
+        }
         self.add_to_query(query)
-
-        self.return_labels = ["at", "av", "acc"]
-
-    def get_account_name(self) -> str | None:
-        """Return the account name that matched the query or None."""
-        if result := self.get_result():
-            return result.get("av").get("value")
-
-        return None
+        self.return_labels = ["account_node.uuid AS account_uuid", "expiration"]
 
     def get_account_id(self) -> str | None:
         """Return the account id that matched the query or a None."""
-        if result := self.get_result():
-            return result.get("acc").get("uuid")
-
-        return None
+        result = self.get_result()
+        if not result:
+            return None
+        account_uuid = result.get_as_str(label="account_uuid")
+        expiration_with_tz = result.get_as_str(label="expiration")
+        if expiration_with_tz is None:
+            return account_uuid
+        expiration = Timestamp(expiration_with_tz)
+        if expiration < Timestamp():
+            return None
+        return account_uuid
 
 
 async def validate_token(token: str, db: InfrahubDatabase, branch: Branch | str | None = None) -> str | None:

{infrahub_server-1.3.8.dist-info → infrahub_server-1.3.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: infrahub-server
-Version: 1.3.8
+Version: 1.3.9
 Summary: Infrahub is taking a new approach to Infrastructure Management by providing a new generation of datastore to organize and control all the data that defines how an infrastructure should run.
 License: Apache-2.0
 Author: OpsMill

{infrahub_server-1.3.8.dist-info → infrahub_server-1.3.9.dist-info}/RECORD

@@ -59,7 +59,7 @@ infrahub/constants/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
 infrahub/constants/database.py,sha256=WmV1iuOk4xulxZHOVvO3sS_VF1eTf7fKh0TPe_RnfV4,507
 infrahub/context.py,sha256=8SZRKSECkkcsNNzDaKEUJ7Nyr0EzUfToAy969LXjQVk,1554
 infrahub/core/__init__.py,sha256=z6EJBZyCYCBqinoBtX9li6BTBbbGV8WCkE_4CrEsmDA,104
-infrahub/core/account.py,sha256=s8ZC7J8rtEvQZQjbVuiKMlPhl6aQjtAjbZhBejLC0X8,26182
+infrahub/core/account.py,sha256=RHJfKad7uEsoJLfYCJy_Qzu-qGIJQ4tkEIxyc2AwkSY,27470
 infrahub/core/attribute.py,sha256=stmJ_dOr7rFTXzH80keuE64f6y3K3393GiSYeOaay3s,44257
 infrahub/core/branch/__init__.py,sha256=h0oIj0gHp1xI-N1cYW8_N6VZ81CBOmLuiUt5cS5nKuk,49
 infrahub/core/branch/enums.py,sha256=vGnaTCzikvMcLikKN25TJ8uCmhnD448dp1ve1_tLjwQ,186
@@ -810,8 +810,8 @@ infrahub_testcontainers/models.py,sha256=ASYyvl7d_WQz_i7y8-3iab9hwwmCl3OCJavqVbe
 infrahub_testcontainers/performance_test.py,sha256=hvwiy6tc_lWniYqGkqfOXVGAmA_IV15VOZqbiD9ezno,6149
 infrahub_testcontainers/plugin.py,sha256=I3RuZQ0dARyKHuqCf0y1Yj731P2Mwf3BJUehRJKeWrs,5645
 infrahub_testcontainers/prometheus.yml,sha256=610xQEyj3xuVJMzPkC4m1fRnCrjGpiRBrXA2ytCLa54,599
-infrahub_server-1.3.8.dist-info/LICENSE.txt,sha256=7GQO7kxVoQYnZtFrjZBKLRXbrGwwwimHPPOJtqXsozQ,11340
-infrahub_server-1.3.8.dist-info/METADATA,sha256=AM93SvBG4Wl4D53wWQ9ktQPK0ZqIa87Osu0e0EWFOBg,8189
-infrahub_server-1.3.8.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
-infrahub_server-1.3.8.dist-info/entry_points.txt,sha256=UXIeFWDsrV-4IllNvUEd6KieYGzQfn9paga2YyABOQI,393
-infrahub_server-1.3.8.dist-info/RECORD,,
+infrahub_server-1.3.9.dist-info/LICENSE.txt,sha256=7GQO7kxVoQYnZtFrjZBKLRXbrGwwwimHPPOJtqXsozQ,11340
+infrahub_server-1.3.9.dist-info/METADATA,sha256=g8W3hQDrz6WZLYsqp7mEd7iCaEWnDDtGd6jqNpZI86M,8189
+infrahub_server-1.3.9.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
+infrahub_server-1.3.9.dist-info/entry_points.txt,sha256=UXIeFWDsrV-4IllNvUEd6KieYGzQfn9paga2YyABOQI,393
+infrahub_server-1.3.9.dist-info/RECORD,,