sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into feature/task_data_api_refactor

This commit is contained in:
jasquat 2023-02-23 17:10:23 -05:00
parent d53b79b18a 441bd62652
commit 1f95fe7037
3 changed files with 79 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json
View File

@ -485,43 +485,20 @@
"groups" : [ ]
}, {
"id" : "d959fd73-92b5-43f4-a210-9457c0b89296",
"createdTimestamp" : 1677179613554,
"createdTimestamp" : 1677187934315,
"username" : "app.program-lead",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "app.program-lead@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "191" ]
},
"credentials" : [ {
"id" : "000ae6fa-5311-4fb2-b421-996e4c28b8bc",
"type" : "password",
"createdDate" : 1677179613588,
"secretData" : "{\"value\":\"Gj1+qvjgYdEBGEntfWmbajQQur0YGatrhvB6+2osF6lpVgMLCfTUWSyP5C8glYk8ky8dHKM2vLiMymkM9teRrw==\",\"salt\":\"Z4QSlVGz+YwsLNWu2Li7Ig==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "27b5bdce-1c02-4249-b8ba-521f9bcae2d3",
"createdTimestamp" : 1676302139921,
"username" : "app.program.lead",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "app.program.lead@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "121" ]
},
"credentials" : [ {
"id" : "8cd62c66-7357-4c8f-ae57-e45a10150f2d",
"id" : "d959fd73-92b5-43f4-a210-9457c0b89296",
"type" : "password",
"createdDate" : 1676302139956,
"secretData" : "{\"value\":\"NhRRaTaL4o8TLmLgFrfIlLo1lBGRgAcoQ+ct7ypw/osYNXcF1zIC7i0AYrwrSSWQ60Wxcx6RZTFRQsZobwCbUw==\",\"salt\":\"nOhBgYVO/Me08wmfOatRdQ==\",\"additionalParameters\":{}}",
"createdDate" : 1677187934366,
"secretData" : "{\"value\":\"6njfc7gdZ1NTsmiyMXOztog8H7yKDSYgBsCFjTod0IszE0zq3WrekGKuT3GDHTHE5xVLO0SZbDQ4V5uRm0auPQ==\",\"salt\":\"eNwudU7v/gvIFX/WNtPu9w==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
@ -554,6 +531,29 @@
},
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "7721b278-b117-45c6-9e98-d66efa6272a4",
"createdTimestamp" : 1677187934488,
"username" : "codex.project-lead",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "codex.project-lead@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "153" ]
},
"credentials" : [ {
"id" : "4ed0c40f-bd6f-41a2-87c0-f35e826d196c",
"type" : "password",
"createdDate" : 1677187934523,
"secretData" : "{\"value\":\"0xkk4BBlMNVl/xL2b4KLf25PP9h8uY1d2n9kTwEJVm0oOhqnaSEpyKTGlS+oV33DhpNnBDqME922xP+j8kYNgQ==\",\"salt\":\"g20ITxwFU1PnkD4LGdEeIA==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "5e2a535e-056e-485c-b0af-c49bf0d64106",
"createdTimestamp" : 1677181799609,
@ -1708,6 +1708,29 @@
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "8a03f00f-310d-4bae-b918-f6f128f98095",
"createdTimestamp" : 1677187934419,
"username" : "logos.program-lead",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "logos.program-lead@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "160" ]
},
"credentials" : [ {
"id" : "57e95f47-feb4-4328-88a6-8c8abde98db9",
"type" : "password",
"createdDate" : 1677187934455,
"secretData" : "{\"value\":\"2JMhNDo3jhT8M5w38JLVHiAN/njcXc6moaa9d6L0LYe8yOCxoxmVSqejFDQTyESxeMChBU7qj2NXIGhJMIsBiw==\",\"salt\":\"O5NxbiEqrDNzN041mEz/8Q==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "588e69b9-7534-4073-861d-500475b12b24",
"createdTimestamp" : 1675718484566,
@ -3704,7 +3727,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper" ]
}
}, {
"id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd",
@ -3722,7 +3745,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper" ]
}
}, {
"id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c",
@ -3812,7 +3835,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"id" : "3b3acde6-e6e2-4105-91f5-be5fbcdbe1a6",
"id" : "0b29a0e8-a9f1-4a0b-a3e1-c34ad366085b",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@ -3834,7 +3857,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "bcae03f5-d26d-4c4c-bfba-a0ae63c50b4f",
"id" : "281a2794-4b11-49f1-af6d-5ef9f9797773",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@ -3863,7 +3886,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "eeb4c36f-1d46-4601-b198-b2281b7988b6",
"id" : "a650b68f-d110-4d5a-a347-5e457b49f28b",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -3885,7 +3908,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "22eb750b-07cf-4468-9679-2e66891e85d3",
"id" : "f0c159ec-505a-4812-960f-2efd72838a43",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -3907,7 +3930,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "e11c702b-a974-4065-91af-cd7d22ff5cad",
"id" : "2c60d3a0-fe71-4eb0-819e-0511b8d83ce0",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -3929,7 +3952,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "0ca7340b-4ffa-43e5-9919-a5a466d35e8c",
"id" : "0555dcbe-c82f-460d-96c7-9ce423b286d5",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
@ -3951,7 +3974,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "be74102b-f828-41c7-b82e-1cba0e1f5d4c",
"id" : "c508d2c3-f13b-4465-83a3-2ee02c1f170c",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
@ -3973,7 +3996,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "31248ca8-5ff7-4080-acd3-b73ac32a4946",
"id" : "2882cc8c-5a13-4b42-8435-545bac4e10e1",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@ -3996,7 +4019,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "d992ca09-7a16-4eb3-83d6-e0d7b34c7f67",
"id" : "0d066dbe-245e-4c63-ac0c-1a309230f8d0",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@ -4018,7 +4041,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "63b5c8f8-d888-48cb-9753-c3da613b8e2c",
"id" : "73e90009-96d6-4d92-bb50-c5a6bdd2fa6e",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@ -4054,7 +4077,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "548f86bf-2145-455e-a317-798a8a1aa11f",
"id" : "ef1e1a5f-e0db-47f4-a009-bc17ef52a959",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@ -4090,7 +4113,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "117c7a16-6401-4d88-bbed-1b697e847c22",
"id" : "ed2100d4-29f6-40e9-9eb2-a6e0298c2d3a",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@ -4119,7 +4142,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "8e4c44a0-bbc5-4389-b2c6-0504d0e2b6c9",
"id" : "ad6bce88-c2f2-4579-89eb-38ef5d152e12",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@ -4134,7 +4157,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "53d0e6cd-9dab-42d6-9e0a-845c3e16ef82",
"id" : "4398a26c-795d-4bb9-8d16-0b882cf9b874",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@ -4157,7 +4180,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "d7f08bd3-21e7-4adb-b42b-d008e48fef16",
"id" : "acfa397a-de36-494d-8f2d-404a9194ce02",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@ -4179,7 +4202,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "df0f3ad6-2d9e-4af5-9c07-52b7a131b1b1",
"id" : "fc2b0244-a560-48c8-af2a-fc041f64705e",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
@ -4201,7 +4224,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "b61e3c4c-3bf3-4e87-8f1d-6c21e12f3814",
"id" : "442e1c6f-6304-4218-8299-3c367d011605",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@ -4217,7 +4240,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "170440b9-7b1a-4def-a6cb-f7fb762155b7",
"id" : "5694642d-6b92-415b-a2b8-e98b95c6a922",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@ -4253,7 +4276,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "413fb195-73fb-4bac-9903-b9e3d80989c7",
"id" : "159570d6-29d6-4529-a987-498135387cef",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
@ -4289,7 +4312,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "ff86f15f-09c6-4e9c-b55e-06832c8a7120",
"id" : "bc93f9db-795f-4c61-9c11-30f9fa20222a",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@ -4305,13 +4328,13 @@
} ]
} ],
"authenticatorConfig" : [ {
"id" : "9942d132-d399-4cda-ae74-b239c6baef83",
"id" : "1909b9bd-fd14-4c04-8be9-09ccbc204269",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"id" : "10569875-a274-4a4a-8cb6-6a9fd32fe3b1",
"id" : "24663ab9-0c4b-4dd6-9c50-abf76c76c6f4",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"

4
spiffworkflow-backend/keycloak/test_user_lists/status
View File

@ -1,7 +1,8 @@
email,spiffworkflow-employeeid
# admin@spiffworkflow.org
amir@status.im
app.program.lead@status.im,121
app.program-lead@status.im,121
codex.project-lead@status.im,153
codex.sme@status.im,185
codex1.sme@status.im,186
codex2.sme@status.im,187
@ -46,6 +47,7 @@ legal2.sme@status.im,165
legal3.sme@status.im,166
legal4.sme@status.im,177
legal5.sme@status.im,178
logos.program-lead@status.im,160
manuchehr@status.im,110
peopleops.partner.sme@status.im,148
peopleops.partner1.sme@status.im,149

4
spiffworkflow-backend/src/spiffworkflow_backend/__init__.py
View File

@ -218,7 +218,7 @@ def configure_sentry(app: flask.app.Flask) -> None:
# profiling doesn't work on windows, because of an issue like https://github.com/nvdv/vprof/issues/62
# but also we commented out profiling because it was causing segfaults (i guess it is marked experimental)
profiles_sample_rate = 0 if sys.platform.startswith("win") else 1
# profiles_sample_rate = 0 if sys.platform.startswith("win") else 1
sentry_sdk.init(
dsn=app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN"),
@ -235,6 +235,6 @@ def configure_sentry(app: flask.app.Flask) -> None:
traces_sample_rate=float(sentry_traces_sample_rate),
traces_sampler=traces_sampler,
# The profiles_sample_rate setting is relative to the traces_sample_rate setting.
_experiments={"profiles_sample_rate": profiles_sample_rate},
# _experiments={"profiles_sample_rate": profiles_sample_rate},
before_send=before_send,
)