Merge remote-tracking branch 'origin/main' into feature/more-secret-secrets

.github/workflows/backend_tests.yml

@@ -84,7 +84,7 @@ jobs:
         uses: actions/checkout@v3.3.0
 
       - name: Set up Python ${{ matrix.python }}
-        uses: actions/setup-python@v4.6.0
+        uses: actions/setup-python@v4.6.1
         with:
           python-version: ${{ matrix.python }}
 
@@ -195,7 +195,7 @@ jobs:
       - name: Check out the repository
         uses: actions/checkout@v3.3.0
       - name: Set up Python
-        uses: actions/setup-python@v4.6.0
+        uses: actions/setup-python@v4.6.1
         with:
           python-version: "3.11"
       - name: Install Poetry
@@ -236,7 +236,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python
-        uses: actions/setup-python@v4.6.0
+        uses: actions/setup-python@v4.6.1
         with:
           python-version: "3.11"
 
@@ -257,7 +257,7 @@ jobs:
           nox --version
 
       - name: Download coverage data
-        uses: actions/download-artifact@v3.0.1
+        uses: actions/download-artifact@v3.0.2
         with:
           name: coverage-data
           # this action doesn't seem to respect working-directory so include working-directory value in path
@@ -273,7 +273,7 @@ jobs:
           nox --force-color --session=coverage -- xml
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3.1.3
+        uses: codecov/codecov-action@v3.1.4
 
       - name: SonarCloud Scan
         uses: sonarsource/sonarcloud-github-action@v1.9

bin/run_pyl

@@ -30,29 +30,17 @@ function get_python_dirs() {
   (git ls-tree -r HEAD --name-only | grep -E '\.py$' | awk -F '/' '{print $1}' | sort | uniq | grep -v '\.' | grep -Ev '^(bin|migrations)$') || echo ''
 }
 
-function run_autoflake() {
+function run_autofixers() {
-  # checking command -v autoflake8 is not good enough, since the asdf shim may be installed, which will make command -v succeed,
+  # checking command -v ruff is not good enough, since the asdf shim may be installed, which will make command -v succeed,
-  # but autoflake8 may not have been pip installed inside the correct version of python.
+  # but ruff may not have been pip installed inside the correct version of python.
-  if ! autoflake8 --help >/dev/null ; then
+  if ! ruff --help >/dev/null 2>&1; then
-    pip install autoflake8
+    pip install ruff
-    asdf reshim python
-  fi
-
-  if ! autoflake --help >/dev/null ; then
-    pip install autoflake
-    asdf reshim python
-  fi
-
-  if ! autopep8 --help >/dev/null ; then
-    pip install autopep8
     asdf reshim python
   fi
 
   python_dirs=$(get_python_dirs)
   python_files=$(find $python_dirs -type f -name "*.py" ! -name '.null-ls*' ! -name '_null-ls*')
-  autoflake8 --in-place --remove-unused-variables --remove-duplicate-keys --expand-star-imports --exit-zero-even-if-changed $python_files
+  ruff --fix $python_files
-  autoflake --in-place --remove-all-unused-imports $python_files
-  autopep8 --in-place $python_files
 }
 
 function run_pre_commmit() {
@@ -71,7 +59,7 @@ done
 for python_project in "${python_projects[@]}" ; do
   if [[ "$subcommand" != "pre" ]] || [[ -n "$(git status --porcelain "$python_project")" ]]; then
     pushd "$python_project"
-    run_autoflake || run_autoflake
+    run_autofixers || run_autofixers
     popd
   fi
 done

docs/quick_start/quick_start.md

@@ -186,8 +186,7 @@ Once you have successfully signed in, navigate to the process section. This sect
 
 ![Untitled](images/Untitled_16.png)
 
-> **Step 2: Find and click on the process**
+### Step 2: Find and click on the process
-> 
 
 You can either search for a process model using the search bar or navigate through displayed processes to find the process model.
 
@@ -259,38 +258,4 @@ A prompt will appear, allowing you to provide a name for the identifier associat
 
 If you want to filter by ID, go to the "Find by Id" section of the page. Enter the ID and click "Submit". The system will show you the process instance with the corresponding ID.
 
-You can now view the process instances that you filtered for and take appropriate action based on their status. This can help you manage your workflows more efficiently and keep track of the progress of various process instances.
+You can now view the process instances that you filtered for and take appropriate action based on their status. This can help you manage your workflows more efficiently and keep track of the progress of various process instances.
-
----
-
-## 🗳️ How to request additional permissions
-
-As a user, you may be required to access certain process groups or start process models in order to perform desired actions. However, you may not have the necessary access or permissions to do so. In this case, you will need to request access or additional permissions from the admins - PPG team. 
-
-By following these steps, you can submit a request and seek the necessary permissions to perform the desired actions.
-
-### Step 1: Navigate & Search
-
-Once you are signed in, navigate to the "**Process**" section. Use the search bar or browse through the available process models until you find "**Request Access**”. Click on the process model to open it. 
-
-![Untitled](images/Untitled_29.png)
-
-If you want to access the request access process from **Home** section and click on the "**Start New +**" button. This will open the "Processes I can start" section where you can find the “Request Access” process.
-
-![Untitled](images/Untitled_30.png)
-
-### Step 2: Start the Process
-
-Once the "**Process Request**" model is open, initiate the process by clicking on the "Start" button.
-
-![Untitled](images/Untitled_31.png)
-
-### Step 3: Provide Request Details & Submit
-
-A task will be presented to capture the necessary information and details for special permissions request. Find the “**Description”** text field and enter the relevant information and details about your request.
-
-Ensure that all required details have been included such as Process name, Process group name, and type of permissions you need. Click on the "**Submit**" button or similar action to submit your access or special permissions request.
-
-![Untitled](images/Untitled_32.png)
-
-By following these steps, you can request the special permissions needed to carry out your tasks effectively.

spiffworkflow-backend/pyproject.toml

@@ -171,7 +171,7 @@ select = [
   "E",   # pycodestyle error
   # "ERA",  # eradicate
   "F",   # pyflakes
-  # "N",   # pep8-naming
+  "N",   # pep8-naming
   # "PL",  # pylint
   # "S",   # flake8-bandit
   "UP",  # pyupgrade

spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py

@@ -2,6 +2,7 @@
 import os
 import threading
 import uuid
+from urllib.parse import urlparse
 
 from flask.app import Flask
 from werkzeug.utils import ImportStringError
@@ -78,6 +79,43 @@ def _set_up_tenant_specific_fields_as_list_of_strings(app: Flask) -> None:
             )
 
 
+# see the message in the ConfigurationError below for why we are checking this.
+# we really do not want this to raise when there is not a problem, so there are lots of return statements littered throughout.
+def _check_for_incompatible_frontend_and_backend_urls(app: Flask) -> None:
+    if not app.config.get("SPIFFWORKFLOW_BACKEND_CHECK_FRONTEND_AND_BACKEND_URL_COMPATIBILITY"):
+        return
+
+    frontend_url = app.config.get("SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND")
+    backend_url = app.config.get("SPIFFWORKFLOW_BACKEND_URL")
+
+    if frontend_url is None or backend_url is None:
+        return
+    if frontend_url == "" or backend_url == "":
+        return
+    if not frontend_url.startswith("https://") or not backend_url.startswith("https://"):
+        return
+
+    frontend_url_parsed = urlparse(frontend_url)
+    frontend_domain = frontend_url_parsed.netloc
+    backend_url_parsed = urlparse(backend_url)
+    backend_domain = backend_url_parsed.netloc
+
+    if frontend_domain == backend_domain:
+        # probably backend and frontend are using different paths.
+        # routing by path will work just fine and won't cause any problems with setting cookies
+        return
+
+    if backend_domain.endswith(frontend_domain):
+        return
+
+    raise ConfigurationError(
+        "SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND and SPIFFWORKFLOW_BACKEND_URL are incompatible. We need backend to set"
+        " cookies for frontend, so they need to be on the same domain. A common setup is to have frontend on"
+        " example.com and backend on api.example.com. If you do not need this functionality, you can avoid this check"
+        " by setting environment variable SPIFFWORKFLOW_BACKEND_CHECK_FRONTEND_AND_BACKEND_URL_COMPATIBILITY=false"
+    )
+
+
 def setup_config(app: Flask) -> None:
     """Setup_config."""
     # ensure the instance folder exists
@@ -144,3 +182,4 @@ def setup_config(app: Flask) -> None:
     thread_local_data = threading.local()
     app.config["THREAD_LOCAL_DATA"] = thread_local_data
     _set_up_tenant_specific_fields_as_list_of_strings(app)
+    _check_for_incompatible_frontend_and_backend_urls(app)

spiffworkflow-backend/src/spiffworkflow_backend/config/default.py

@@ -47,6 +47,9 @@ SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND = environ.get(
     "SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND", default="http://localhost:7001"
 )
 SPIFFWORKFLOW_BACKEND_URL = environ.get("SPIFFWORKFLOW_BACKEND_URL", default="http://localhost:7000")
+SPIFFWORKFLOW_BACKEND_CHECK_FRONTEND_AND_BACKEND_URL_COMPATIBILITY = (
+    environ.get("SPIFFWORKFLOW_BACKEND_CHECK_FRONTEND_AND_BACKEND_URL_COMPATIBILITY", default="true") == "true"
+)
 # service task connector proxy
 SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = environ.get(
     "SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL", default="http://localhost:7004"

spiffworkflow-backend/src/spiffworkflow_backend/services/logging_service.py

@@ -46,12 +46,14 @@ class JsonFormatter(logging.Formatter):
         self.default_msec_format = msec_format
         self.datefmt = None
 
-    def usesTime(self) -> bool:
+    def usesTime(self) -> bool:  # noqa: N802, this is overriding a method from python's stdlib
         """Overwritten to look for the attribute in the format dict values instead of the fmt string."""
         return "asctime" in self.fmt_dict.values()
 
     # we are overriding a method that returns a string and returning a dict, hence the Any
-    def formatMessage(self, record: logging.LogRecord) -> Any:
+    def formatMessage(  # noqa: N802, this is overriding a method from python's stdlib
+        self, record: logging.LogRecord
+    ) -> Any:
         """Overwritten to return a dictionary of the relevant LogRecord attributes instead of a string.
 
         KeyError is raised if an unknown attribute is provided in the fmt_dict.

spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_test_runner_service.py

@@ -26,11 +26,11 @@ class NoTestCasesFoundError(Exception):
     pass
 
 
-class MissingInputTaskData(Exception):
+class MissingInputTaskDataError(Exception):
     pass
 
 
-class UnsupporterRunnerDelegateGiven(Exception):
+class UnsupporterRunnerDelegateGivenError(Exception):
     pass
 
 
@@ -236,7 +236,7 @@ class ProcessModelTestRunner:
         self.test_case_identifier = test_case_identifier
 
         if not issubclass(process_model_test_runner_delegate_class, ProcessModelTestRunnerDelegate):
-            raise UnsupporterRunnerDelegateGiven(
+            raise UnsupporterRunnerDelegateGivenError(
                 "Process model test runner delegate must inherit from ProcessModelTestRunnerDelegate. Given"
                 f" class '{process_model_test_runner_delegate_class}' does not"
             )
@@ -342,7 +342,7 @@ class ProcessModelTestRunner:
             task_data_length = len(test_case_task_properties["data"])
             test_case_index = self.task_data_index[test_case_task_key]
             if task_data_length <= test_case_index:
-                raise MissingInputTaskData(
+                raise MissingInputTaskDataError(
                     f"Missing input task data for task: {test_case_task_key}. "
                     f"Only {task_data_length} given in the json but task was called {test_case_index + 1} times"
                 )

spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_process_model_test_runner.py

@@ -5,7 +5,7 @@ from flask import Flask
 from flask import current_app
 from spiffworkflow_backend.services.process_model_test_runner_service import NoTestCasesFoundError
 from spiffworkflow_backend.services.process_model_test_runner_service import ProcessModelTestRunner
-from spiffworkflow_backend.services.process_model_test_runner_service import UnsupporterRunnerDelegateGiven
+from spiffworkflow_backend.services.process_model_test_runner_service import UnsupporterRunnerDelegateGivenError
 
 from tests.spiffworkflow_backend.helpers.base_test import BaseTest
 
@@ -34,7 +34,7 @@ class TestProcessModelTestRunner(BaseTest):
         app: Flask,
         with_db_and_bpmn_file_cleanup: None,
     ) -> None:
-        with pytest.raises(UnsupporterRunnerDelegateGiven):
+        with pytest.raises(UnsupporterRunnerDelegateGivenError):
             ProcessModelTestRunner(
                 os.path.join(self.root_path(), "DNE"), process_model_test_runner_delegate_class=NoTestCasesFoundError
             )