Merge remote-tracking branch 'origin/main' into feature/tenant-specific-fields-from-openid

This commit is contained in:
burnettk 2023-02-06 10:20:40 -05:00
commit d6d960e20f
6 changed files with 117 additions and 31 deletions

View File

@ -13,10 +13,9 @@ services:
- "${SPIFF_FRONTEND_PORT:-8001}:${SPIFF_FRONTEND_PORT:-8001}/tcp" - "${SPIFF_FRONTEND_PORT:-8001}:${SPIFF_FRONTEND_PORT:-8001}/tcp"
spiffworkflow-backend: spiffworkflow-backend:
# container_name: spiffworkflow-backend container_name: spiffworkflow-backend
build: ./spiffworkflow-backend/. build: ./spiffworkflow-backend/.
# dockerfile: Dockerfile image: ghcr.io/sartography/spiffworkflow-backend:latest
# image: ghcr.io/sartography/spiffworkflow-backend:latest
depends_on: depends_on:
spiffworkflow-db: spiffworkflow-db:
condition: service_healthy condition: service_healthy

View File

@ -1328,6 +1328,86 @@
"realmRoles" : [ "default-roles-spiffworkflow" ], "realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0, "notBefore" : 0,
"groups" : [ ] "groups" : [ ]
}, {
"id" : "3bfb62f7-527d-4df5-94d0-6cdc23353fa3",
"createdTimestamp" : 1675695752975,
"username" : "peopleops.talent.program-lead",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "peopleops.talent.program-lead@status.im",
"credentials" : [ {
"id" : "624b34ec-9a8a-45cd-bf50-6fe24a125b4e",
"type" : "password",
"createdDate" : 1675695753041,
"secretData" : "{\"value\":\"K/8rrCMCBlq+PzZudTFBBjIXPLOs35f4aW9cLSH4XLlTgS/IGkMv1EMPXwkSHJayxxF5TdwDOkLB6a7QDR3nvA==\",\"salt\":\"KZonqKccY/OcmZktAPXzLw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "cfadd1f9-eb8f-4b0a-ae04-4c8b98b5244a",
"createdTimestamp" : 1675695753095,
"username" : "peopleops.talent.project-lead",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "peopleops.talent.project-lead@status.im",
"credentials" : [ {
"id" : "c64e4b50-7535-4ed4-941a-e474093c9ed1",
"type" : "password",
"createdDate" : 1675695753133,
"secretData" : "{\"value\":\"OIPhql7gjZGNV0AW3EVzo9VbdrK6+7n9hMqo0BXi4nUU1U3ljWS+/gmP3WbrRHi7tZme0ytrATi8KvY2dCKZKg==\",\"salt\":\"r3Ti57CEWUTKvp6Tr5ApEQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "90697442-0ceb-452b-8d6c-d3be528f1b54",
"createdTimestamp" : 1675695753161,
"username" : "peopleops.talent.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "peopleops.talent.sme@status.im",
"credentials" : [ {
"id" : "5b335757-d786-454e-941e-2c001a44fff6",
"type" : "password",
"createdDate" : 1675695753198,
"secretData" : "{\"value\":\"VRI6HxuZ+Oq/vi20d4UEQxxPQb4YyYpWhNtD7Q4CDmgyNnxsRvrbPYtvgaMHUZpHReCSXU4nYBNT1NHDi2KpYA==\",\"salt\":\"Rj1RljhwnjzqxTcLwVLbyg==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "0c0c2fa1-e043-4f50-8331-68d2df73e0c3",
"createdTimestamp" : 1675695753226,
"username" : "peopleops.talent1.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "peopleops.talent1.sme@status.im",
"credentials" : [ {
"id" : "548b5d7c-df97-462b-b7db-abc1a40a916e",
"type" : "password",
"createdDate" : 1675695753261,
"secretData" : "{\"value\":\"OX9q+pOP7BSVfZhlg6FeAsVCG+tYGuKPdFPGluuKxmdEHGgixJp8X6D4btxZb1HXOX8NR8hukf3npGeCKSqohQ==\",\"salt\":\"mUju+e0jzVc1nGktGz77iw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, { }, {
"id" : "c832f75b-7a0e-4d8a-8aee-f2e0f2aaf9d4", "id" : "c832f75b-7a0e-4d8a-8aee-f2e0f2aaf9d4",
"createdTimestamp" : 1674743245003, "createdTimestamp" : 1674743245003,
@ -2870,7 +2950,7 @@
"subType" : "authenticated", "subType" : "authenticated",
"subComponents" : { }, "subComponents" : { },
"config" : { "config" : {
"allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ] "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ]
} }
}, { }, {
"id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd", "id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd",
@ -2888,7 +2968,7 @@
"subType" : "anonymous", "subType" : "anonymous",
"subComponents" : { }, "subComponents" : { },
"config" : { "config" : {
"allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ] "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper" ]
} }
}, { }, {
"id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c", "id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c",
@ -2978,7 +3058,7 @@
"internationalizationEnabled" : false, "internationalizationEnabled" : false,
"supportedLocales" : [ ], "supportedLocales" : [ ],
"authenticationFlows" : [ { "authenticationFlows" : [ {
"id" : "cb39eda2-18c2-4b03-9d7c-672a2bd47d19", "id" : "946724d3-fc95-4d8b-8e80-1b5441d16133",
"alias" : "Account verification options", "alias" : "Account verification options",
"description" : "Method with which to verity the existing account", "description" : "Method with which to verity the existing account",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3000,7 +3080,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "96d4e28f-51ad-4737-87b4-5a10484ceb8b", "id" : "f1e5a918-3f15-4ff9-80fa-e1800a9ceb76",
"alias" : "Authentication Options", "alias" : "Authentication Options",
"description" : "Authentication options.", "description" : "Authentication options.",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3029,7 +3109,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "8f4c884d-93cd-4404-bc3a-1fa717b070c5", "id" : "a91fda66-1614-4360-8741-6ece523feda5",
"alias" : "Browser - Conditional OTP", "alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication", "description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3051,7 +3131,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "166d1879-dd61-4fb4-b4f6-0a4d69f49da8", "id" : "38d95d5b-ba7e-4f69-acd6-fd9a5d9b252f",
"alias" : "Direct Grant - Conditional OTP", "alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication", "description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3073,7 +3153,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "18cab8f9-f010-4226-a86e-8da2f1632304", "id" : "bba1cfc6-c391-47c4-b1f9-26178cc70b73",
"alias" : "First broker login - Conditional OTP", "alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication", "description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3095,7 +3175,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "04d8d1d1-5253-4644-b55d-8c9317818b33", "id" : "9532380c-6a4f-4bde-8822-24d2125f2f9a",
"alias" : "Handle Existing Account", "alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3117,7 +3197,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "2bf21e1d-ff7e-4d52-8be7-31355945c302", "id" : "f81bae40-7ac5-4641-8933-588c17a62754",
"alias" : "Reset - Conditional OTP", "alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3139,7 +3219,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "fa8636a5-9969-41a5-9fef-9c825cceb819", "id" : "51dfe92b-25bc-4c00-b5e2-6678fb018398",
"alias" : "User creation or linking", "alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives", "description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3162,7 +3242,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "8656a884-6645-40b5-b075-c40736e27811", "id" : "0778fbd6-37d2-4eac-8ee9-a2bfdc081a48",
"alias" : "Verify Existing Account by Re-authentication", "alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account", "description" : "Reauthentication of existing account",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3184,7 +3264,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "0d88d334-bfa4-4cf1-9fa3-17d0df0151d1", "id" : "5b5049d4-b785-451f-bd91-bd8ed97df297",
"alias" : "browser", "alias" : "browser",
"description" : "browser based authentication", "description" : "browser based authentication",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3220,7 +3300,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "9b195d67-e3e6-4983-8607-533b739ebd97", "id" : "921359fe-b30f-4f48-8565-9d745ee6216c",
"alias" : "clients", "alias" : "clients",
"description" : "Base authentication for clients", "description" : "Base authentication for clients",
"providerId" : "client-flow", "providerId" : "client-flow",
@ -3256,7 +3336,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "fd0273a1-f6f4-4df1-a057-54ac4e91f4a9", "id" : "1ae55b9d-fe3d-491c-a613-5bfc070334dc",
"alias" : "direct grant", "alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant", "description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3285,7 +3365,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "b457cba8-ef31-473b-a481-c095b2f4eb48", "id" : "bb23c1a5-6bca-4fee-b155-db6e219bb14b",
"alias" : "docker auth", "alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP", "description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3300,7 +3380,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "97519504-fd69-4c08-bd27-15d26fbc9b76", "id" : "34dca5ce-cc7a-479d-bfa0-3eac6185e0ea",
"alias" : "first broker login", "alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3323,7 +3403,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "fc6a4468-1a78-410d-ac97-cf9f05814850", "id" : "67c2a159-5ce7-46e0-ab24-d4a3d3504be1",
"alias" : "forms", "alias" : "forms",
"description" : "Username, password, otp and other auth forms.", "description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3345,7 +3425,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "97a25d8a-25a0-4bf4-be6d-a6f019cf3a32", "id" : "85b95d44-d930-4a54-ae1a-ecdb763f0382",
"alias" : "http challenge", "alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3367,7 +3447,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "671e8ec7-af31-4c54-b6bb-96ebe69881de", "id" : "ba58a228-ebea-4dd0-a94c-538ba4cae9b7",
"alias" : "registration", "alias" : "registration",
"description" : "registration flow", "description" : "registration flow",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3383,7 +3463,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "24d6aaaa-5202-4401-99c3-bb15925bd5be", "id" : "91e9d8a6-0270-4b24-b9bf-3e6df67b07d4",
"alias" : "registration form", "alias" : "registration form",
"description" : "registration form", "description" : "registration form",
"providerId" : "form-flow", "providerId" : "form-flow",
@ -3419,7 +3499,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "f948bd43-ff05-4245-be30-a0a0dad2b7f0", "id" : "70dac74c-13bc-4ff5-b26a-661b335c74b0",
"alias" : "reset credentials", "alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something", "description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3455,7 +3535,7 @@
"userSetupAllowed" : false "userSetupAllowed" : false
} ] } ]
}, { }, {
"id" : "7e4aaea7-05ca-4aa0-b934-4c81614620a8", "id" : "d226a0ad-398c-426a-bf29-3d8019ec685e",
"alias" : "saml ecp", "alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow", "description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow", "providerId" : "basic-flow",
@ -3471,13 +3551,13 @@
} ] } ]
} ], } ],
"authenticatorConfig" : [ { "authenticatorConfig" : [ {
"id" : "14ca1058-25e7-41f6-85ce-ad0bfce2c67c", "id" : "9e659f3e-613d-4b69-9ed5-e511a0ba541f",
"alias" : "create unique user config", "alias" : "create unique user config",
"config" : { "config" : {
"require.password.update.after.registration" : "false" "require.password.update.after.registration" : "false"
} }
}, { }, {
"id" : "16803de1-f7dc-4293-acde-fd0eae264377", "id" : "779aa3ef-3e89-4b36-b902-a9f95830c799",
"alias" : "review profile config", "alias" : "review profile config",
"config" : { "config" : {
"update.profile.on.first.login" : "missing" "update.profile.on.first.login" : "missing"

View File

@ -29,6 +29,10 @@ legal.sme@status.im
legal1.sme@status.im legal1.sme@status.im
manuchehr@status.im manuchehr@status.im
peopleops.partner@status.im peopleops.partner@status.im
peopleops.talent.program-lead@status.im
peopleops.talent.project-lead@status.im
peopleops.talent.sme@status.im
peopleops.talent1.sme@status.im
peopleops.talent@status.im peopleops.talent@status.im
ppg.ba.program-lead@status.im ppg.ba.program-lead@status.im
ppg.ba.project-lead@status.im ppg.ba.project-lead@status.im

View File

@ -457,6 +457,7 @@ class AuthorizationService:
human_task = HumanTaskModel.query.filter_by( human_task = HumanTaskModel.query.filter_by(
task_name=spiff_task.task_spec.name, task_name=spiff_task.task_spec.name,
process_instance_id=process_instance_id, process_instance_id=process_instance_id,
completed=False,
).first() ).first()
if human_task is None: if human_task is None:
raise HumanTaskNotFoundError( raise HumanTaskNotFoundError(

View File

@ -243,5 +243,5 @@ class DBHandler(logging.Handler):
# so at some point we are going to insert logs. # so at some point we are going to insert logs.
# we don't want to insert on every log, so we will insert every 100 logs, which is just about as fast as inserting # we don't want to insert on every log, so we will insert every 100 logs, which is just about as fast as inserting
# on every 1,000 logs. if we get deadlocks in the database, this can be changed to 1 in order to insert on every log. # on every 1,000 logs. if we get deadlocks in the database, this can be changed to 1 in order to insert on every log.
if len(self.logs) % 100 == 0: if len(self.logs) % 1 == 0:
self.bulk_insert_logs() self.bulk_insert_logs()

View File

@ -42,9 +42,12 @@ export default function TaskShow() {
HttpService.makeCallToBackend({ HttpService.makeCallToBackend({
path: url, path: url,
successCallback: (tasks: any) => { successCallback: (tasks: any) => {
setDisabled(false);
setUserTasks(tasks); setUserTasks(tasks);
}, },
onUnauthorized: () => {}, onUnauthorized: () => {
setDisabled(false);
},
failureCallback: (error: any) => { failureCallback: (error: any) => {
addError(error); addError(error);
}, },
@ -61,7 +64,6 @@ export default function TaskShow() {
const processSubmitResult = (result: any) => { const processSubmitResult = (result: any) => {
removeError(); removeError();
setDisabled(false);
if (result.ok) { if (result.ok) {
navigate(`/tasks`); navigate(`/tasks`);
} else if (result.process_instance_id) { } else if (result.process_instance_id) {