spiff-arena/spiffworkflow-backend/conftest.py

# noqa
import os
import shutil

import pytest
from flask.app import Flask
from spiffworkflow_backend.models.bpmn_process import BpmnProcessModel
from spiffworkflow_backend.models.db import db
from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.services.authorization_service import AuthorizationService
from spiffworkflow_backend.services.process_model_service import ProcessModelService

from tests.spiffworkflow_backend.helpers.base_test import BaseTest

# We need to call this before importing spiffworkflow_backend
# otherwise typeguard cannot work. hence the noqa: E402
if os.environ.get("RUN_TYPEGUARD") == "true":
    from typeguard import install_import_hook

    install_import_hook(packages="spiffworkflow_backend")


from spiffworkflow_backend import create_app  # noqa: E402


@pytest.fixture(scope="session")
def app() -> Flask:  # noqa
    os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "unit_testing"
    os.environ["FLASK_SESSION_SECRET_KEY"] = (
        "e7711a3ba96c46c68e084a86952de16f"  # noqa: S105, do not care about security when running unit tests
    )
    app = create_app()

    return app


@pytest.fixture()
def with_db_and_bpmn_file_cleanup() -> None:
    """Do it cleanly!"""
    meta = db.metadata
    db.session.execute(db.update(BpmnProcessModel).values(top_level_process_id=None))
    db.session.execute(db.update(BpmnProcessModel).values(direct_parent_process_id=None))

    for table in reversed(meta.sorted_tables):
        db.session.execute(table.delete())
    db.session.commit()

    try:
        yield
    finally:
        if os.path.exists(ProcessModelService.root_path()):
            shutil.rmtree(ProcessModelService.root_path())


@pytest.fixture()
def with_super_admin_user() -> UserModel:  # noqa
    # this loads all permissions from yaml everytime this function is called which is slow
    # so default to just setting a simple super admin and only run with the "real" permissions in ci
    if os.environ.get("SPIFFWORKFLOW_BACKEND_RUNNING_IN_CI") == "true":
        user = BaseTest.find_or_create_user(username="testadmin1")
        AuthorizationService.import_permissions_from_yaml_file(user)
    else:
        user = BaseTest.create_user_with_permission("super_admin")
    return user
only test admin permissions in ci since it takes longer run w/ burnettk 2023-05-24 15:10:40 +00:00			`# noqa`
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5 2022-10-12 14:22:22 +00:00			`import os`
			`import shutil`

			`import pytest`
			`from flask.app import Flask`
pyl and fixed cypress tests w/ burnettk 2023-03-06 16:59:33 +00:00			`from spiffworkflow_backend.models.bpmn_process import BpmnProcessModel`
Lots of adjustments from running pyl Main change is in the ErrorDisplay.tsx to assure all error information is provided. and index.css to make it "pretty" 2023-01-19 17:36:45 +00:00			`from spiffworkflow_backend.models.db import db`
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d 2022-10-20 20:00:12 +00:00			`from spiffworkflow_backend.models.user import UserModel`
fixed tests related to new permissions w/ burnettk 2023-05-22 18:58:51 +00:00			`from spiffworkflow_backend.services.authorization_service import AuthorizationService`
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5 2022-10-12 14:22:22 +00:00			`from spiffworkflow_backend.services.process_model_service import ProcessModelService`

let ruff sort imports and ditch duplicative pre-commit linters 2023-05-27 00:01:08 +00:00			`from tests.spiffworkflow_backend.helpers.base_test import BaseTest`
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5 2022-10-12 14:22:22 +00:00
			`# We need to call this before importing spiffworkflow_backend`
			`# otherwise typeguard cannot work. hence the noqa: E402`
			`if os.environ.get("RUN_TYPEGUARD") == "true":`
updated typeguard and fixed issues w/ burnettk 2023-05-01 19:26:29 +00:00			`from typeguard import install_import_hook`
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5 2022-10-12 14:22:22 +00:00
			`install_import_hook(packages="spiffworkflow_backend")`


			`from spiffworkflow_backend import create_app # noqa: E402`


			`@pytest.fixture(scope="session")`
only test admin permissions in ci since it takes longer run w/ burnettk 2023-05-24 15:10:40 +00:00			`def app() -> Flask: # noqa`
renamed development env to local_development and testing to unit_testing w/ burnettk 2023-02-07 20:02:47 +00:00			`os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "unit_testing"`
enable flake8-bandit, cut off all http requests at 15 seconds to avoid hanging process, ignore xml lib spiff uses 2023-05-30 23:53:26 +00:00			`os.environ["FLASK_SESSION_SECRET_KEY"] = (`
			`"e7711a3ba96c46c68e084a86952de16f" # noqa: S105, do not care about security when running unit tests`
			`)`
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5 2022-10-12 14:22:22 +00:00			`app = create_app()`

			`return app`


			`@pytest.fixture()`
			`def with_db_and_bpmn_file_cleanup() -> None:`
run_pyl 2023-02-20 17:34:42 +00:00			`"""Do it cleanly!"""`
work in progress - * Link between message instance and correlations is now a link table and many-to-many relationships as recommended by SQLAlchemy * Use the correlation keys, not the process id when accepting api messages. 2023-02-17 15:44:03 +00:00			`meta = db.metadata`
updated sqlalchemy to 2.0 due to safety complaints w/ burnettk 2023-03-28 19:56:00 +00:00			`db.session.execute(db.update(BpmnProcessModel).values(top_level_process_id=None))`
			`db.session.execute(db.update(BpmnProcessModel).values(direct_parent_process_id=None))`
some stuff is passing but still needs the process_instance_data w/ burnettk 2023-03-03 21:51:24 +00:00
work in progress - * Link between message instance and correlations is now a link table and many-to-many relationships as recommended by SQLAlchemy * Use the correlation keys, not the process id when accepting api messages. 2023-02-17 15:44:03 +00:00			`for table in reversed(meta.sorted_tables):`
			`db.session.execute(table.delete())`
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d 2022-10-20 20:00:12 +00:00			`db.session.commit()`
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5 2022-10-12 14:22:22 +00:00
			`try:`
			`yield`
			`finally:`
no reason to instantiate a ProcessModelService 2023-05-17 14:16:09 +00:00			`if os.path.exists(ProcessModelService.root_path()):`
			`shutil.rmtree(ProcessModelService.root_path())`
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5 2022-10-12 14:22:22 +00:00

Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d 2022-10-20 20:00:12 +00:00			`@pytest.fixture()`
only test admin permissions in ci since it takes longer run w/ burnettk 2023-05-24 15:10:40 +00:00			`def with_super_admin_user() -> UserModel: # noqa`
			`# this loads all permissions from yaml everytime this function is called which is slow`
			`# so default to just setting a simple super admin and only run with the "real" permissions in ci`
			`if os.environ.get("SPIFFWORKFLOW_BACKEND_RUNNING_IN_CI") == "true":`
			`user = BaseTest.find_or_create_user(username="testadmin1")`
			`AuthorizationService.import_permissions_from_yaml_file(user)`
			`else:`
			`user = BaseTest.create_user_with_permission("super_admin")`
fixed tests related to new permissions w/ burnettk 2023-05-22 18:58:51 +00:00			`return user`