diff --git a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json index 5821841e8..e0fdae08e 100644 --- a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json +++ b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json @@ -485,43 +485,20 @@ "groups" : [ ] }, { "id" : "d959fd73-92b5-43f4-a210-9457c0b89296", - "createdTimestamp" : 1677179613554, + "createdTimestamp" : 1677187934315, "username" : "app.program-lead", "enabled" : true, "totp" : false, "emailVerified" : false, "email" : "app.program-lead@status.im", - "attributes" : { - "spiffworkflow-employeeid" : [ "191" ] - }, - "credentials" : [ { - "id" : "000ae6fa-5311-4fb2-b421-996e4c28b8bc", - "type" : "password", - "createdDate" : 1677179613588, - "secretData" : "{\"value\":\"Gj1+qvjgYdEBGEntfWmbajQQur0YGatrhvB6+2osF6lpVgMLCfTUWSyP5C8glYk8ky8dHKM2vLiMymkM9teRrw==\",\"salt\":\"Z4QSlVGz+YwsLNWu2Li7Ig==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-spiffworkflow" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "27b5bdce-1c02-4249-b8ba-521f9bcae2d3", - "createdTimestamp" : 1676302139921, - "username" : "app.program.lead", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "email" : "app.program.lead@status.im", "attributes" : { "spiffworkflow-employeeid" : [ "121" ] }, "credentials" : [ { - "id" : "8cd62c66-7357-4c8f-ae57-e45a10150f2d", + "id" : "d959fd73-92b5-43f4-a210-9457c0b89296", "type" : "password", - "createdDate" : 1676302139956, - "secretData" : "{\"value\":\"NhRRaTaL4o8TLmLgFrfIlLo1lBGRgAcoQ+ct7ypw/osYNXcF1zIC7i0AYrwrSSWQ60Wxcx6RZTFRQsZobwCbUw==\",\"salt\":\"nOhBgYVO/Me08wmfOatRdQ==\",\"additionalParameters\":{}}", + "createdDate" : 1677187934366, + "secretData" : "{\"value\":\"6njfc7gdZ1NTsmiyMXOztog8H7yKDSYgBsCFjTod0IszE0zq3WrekGKuT3GDHTHE5xVLO0SZbDQ4V5uRm0auPQ==\",\"salt\":\"eNwudU7v/gvIFX/WNtPu9w==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes" : [ ], @@ -554,6 +531,29 @@ }, "notBefore" : 0, "groups" : [ ] + }, { + "id" : "7721b278-b117-45c6-9e98-d66efa6272a4", + "createdTimestamp" : 1677187934488, + "username" : "codex.project-lead", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "codex.project-lead@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "153" ] + }, + "credentials" : [ { + "id" : "4ed0c40f-bd6f-41a2-87c0-f35e826d196c", + "type" : "password", + "createdDate" : 1677187934523, + "secretData" : "{\"value\":\"0xkk4BBlMNVl/xL2b4KLf25PP9h8uY1d2n9kTwEJVm0oOhqnaSEpyKTGlS+oV33DhpNnBDqME922xP+j8kYNgQ==\",\"salt\":\"g20ITxwFU1PnkD4LGdEeIA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "5e2a535e-056e-485c-b0af-c49bf0d64106", "createdTimestamp" : 1677181799609, @@ -1708,6 +1708,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "8a03f00f-310d-4bae-b918-f6f128f98095", + "createdTimestamp" : 1677187934419, + "username" : "logos.program-lead", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "logos.program-lead@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "160" ] + }, + "credentials" : [ { + "id" : "57e95f47-feb4-4328-88a6-8c8abde98db9", + "type" : "password", + "createdDate" : 1677187934455, + "secretData" : "{\"value\":\"2JMhNDo3jhT8M5w38JLVHiAN/njcXc6moaa9d6L0LYe8yOCxoxmVSqejFDQTyESxeMChBU7qj2NXIGhJMIsBiw==\",\"salt\":\"O5NxbiEqrDNzN041mEz/8Q==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "588e69b9-7534-4073-861d-500475b12b24", "createdTimestamp" : 1675718484566, @@ -3704,7 +3727,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper" ] } }, { "id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd", @@ -3722,7 +3745,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper" ] } }, { "id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c", @@ -3812,7 +3835,7 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "3b3acde6-e6e2-4105-91f5-be5fbcdbe1a6", + "id" : "0b29a0e8-a9f1-4a0b-a3e1-c34ad366085b", "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", @@ -3834,7 +3857,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "bcae03f5-d26d-4c4c-bfba-a0ae63c50b4f", + "id" : "281a2794-4b11-49f1-af6d-5ef9f9797773", "alias" : "Authentication Options", "description" : "Authentication options.", "providerId" : "basic-flow", @@ -3863,7 +3886,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "eeb4c36f-1d46-4601-b198-b2281b7988b6", + "id" : "a650b68f-d110-4d5a-a347-5e457b49f28b", "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3885,7 +3908,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "22eb750b-07cf-4468-9679-2e66891e85d3", + "id" : "f0c159ec-505a-4812-960f-2efd72838a43", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3907,7 +3930,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e11c702b-a974-4065-91af-cd7d22ff5cad", + "id" : "2c60d3a0-fe71-4eb0-819e-0511b8d83ce0", "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3929,7 +3952,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "0ca7340b-4ffa-43e5-9919-a5a466d35e8c", + "id" : "0555dcbe-c82f-460d-96c7-9ce423b286d5", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -3951,7 +3974,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "be74102b-f828-41c7-b82e-1cba0e1f5d4c", + "id" : "c508d2c3-f13b-4465-83a3-2ee02c1f170c", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -3973,7 +3996,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "31248ca8-5ff7-4080-acd3-b73ac32a4946", + "id" : "2882cc8c-5a13-4b42-8435-545bac4e10e1", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -3996,7 +4019,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "d992ca09-7a16-4eb3-83d6-e0d7b34c7f67", + "id" : "0d066dbe-245e-4c63-ac0c-1a309230f8d0", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -4018,7 +4041,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "63b5c8f8-d888-48cb-9753-c3da613b8e2c", + "id" : "73e90009-96d6-4d92-bb50-c5a6bdd2fa6e", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -4054,7 +4077,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "548f86bf-2145-455e-a317-798a8a1aa11f", + "id" : "ef1e1a5f-e0db-47f4-a009-bc17ef52a959", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -4090,7 +4113,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "117c7a16-6401-4d88-bbed-1b697e847c22", + "id" : "ed2100d4-29f6-40e9-9eb2-a6e0298c2d3a", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -4119,7 +4142,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "8e4c44a0-bbc5-4389-b2c6-0504d0e2b6c9", + "id" : "ad6bce88-c2f2-4579-89eb-38ef5d152e12", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -4134,7 +4157,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "53d0e6cd-9dab-42d6-9e0a-845c3e16ef82", + "id" : "4398a26c-795d-4bb9-8d16-0b882cf9b874", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -4157,7 +4180,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "d7f08bd3-21e7-4adb-b42b-d008e48fef16", + "id" : "acfa397a-de36-494d-8f2d-404a9194ce02", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -4179,7 +4202,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "df0f3ad6-2d9e-4af5-9c07-52b7a131b1b1", + "id" : "fc2b0244-a560-48c8-af2a-fc041f64705e", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -4201,7 +4224,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "b61e3c4c-3bf3-4e87-8f1d-6c21e12f3814", + "id" : "442e1c6f-6304-4218-8299-3c367d011605", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -4217,7 +4240,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "170440b9-7b1a-4def-a6cb-f7fb762155b7", + "id" : "5694642d-6b92-415b-a2b8-e98b95c6a922", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -4253,7 +4276,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "413fb195-73fb-4bac-9903-b9e3d80989c7", + "id" : "159570d6-29d6-4529-a987-498135387cef", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -4289,7 +4312,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "ff86f15f-09c6-4e9c-b55e-06832c8a7120", + "id" : "bc93f9db-795f-4c61-9c11-30f9fa20222a", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -4305,13 +4328,13 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "9942d132-d399-4cda-ae74-b239c6baef83", + "id" : "1909b9bd-fd14-4c04-8be9-09ccbc204269", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "10569875-a274-4a4a-8cb6-6a9fd32fe3b1", + "id" : "24663ab9-0c4b-4dd6-9c50-abf76c76c6f4", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" diff --git a/spiffworkflow-backend/keycloak/test_user_lists/status b/spiffworkflow-backend/keycloak/test_user_lists/status index 7f6763c0f..70803bcac 100644 --- a/spiffworkflow-backend/keycloak/test_user_lists/status +++ b/spiffworkflow-backend/keycloak/test_user_lists/status @@ -1,7 +1,8 @@ email,spiffworkflow-employeeid # admin@spiffworkflow.org amir@status.im -app.program.lead@status.im,121 +app.program-lead@status.im,121 +codex.project-lead@status.im,153 codex.sme@status.im,185 codex1.sme@status.im,186 codex2.sme@status.im,187 @@ -46,6 +47,7 @@ legal2.sme@status.im,165 legal3.sme@status.im,166 legal4.sme@status.im,177 legal5.sme@status.im,178 +logos.program-lead@status.im,160 manuchehr@status.im,110 peopleops.partner.sme@status.im,148 peopleops.partner1.sme@status.im,149 diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py index 117bc41a0..68fee58a6 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py @@ -218,7 +218,7 @@ def configure_sentry(app: flask.app.Flask) -> None: # profiling doesn't work on windows, because of an issue like https://github.com/nvdv/vprof/issues/62 # but also we commented out profiling because it was causing segfaults (i guess it is marked experimental) - profiles_sample_rate = 0 if sys.platform.startswith("win") else 1 + # profiles_sample_rate = 0 if sys.platform.startswith("win") else 1 sentry_sdk.init( dsn=app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN"), @@ -235,6 +235,6 @@ def configure_sentry(app: flask.app.Flask) -> None: traces_sample_rate=float(sentry_traces_sample_rate), traces_sampler=traces_sampler, # The profiles_sample_rate setting is relative to the traces_sample_rate setting. - _experiments={"profiles_sample_rate": profiles_sample_rate}, + # _experiments={"profiles_sample_rate": profiles_sample_rate}, before_send=before_send, )