* decode tokens with jwt instead of with base64 w/ burnettk
* try to verify jwt token with keycloak when we decode it w/ burnettk
* make the token algorithm a constant w/ burnettk
* WIP: create more valid looking jwt from spiff w/ burnettk
* tests are passsing now w/ burnettk
* some pyl stuff w/ burnettk
* fixed mypy issues w/ burnettk
* fixed issues from mypy fixes w/ burnettk
* do not load openid blueprint if not using those configs w/ burnettk
* used the process instance to determine if guest user can use connector api w/ burnettk
* only check the db for process instance if the api call is for typeahead
* removed unused test code
* pyl
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* store the db ids of the process instance queue records instead of the sqlalchemy objects to avoid detached instance errors w/ burnettk
* raise an error similar to one we raise elsewhere in the unexpected case that this fails
* removed unused method
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* get parent process groups of process models that the user has access to w/ burnettk
* use the process group list to get the info we need for the group show page for permissions w/ burnettk
* clear the browser cache when updating a process group w/ burnettk
* fixed broken test w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* do not error out and allow process instances to recover if the bpmn_process is null but the definition is set w/ burnettk
* fixed another flakey test w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* n plus one checks
* tests passing with nplusone
* satisfy probably-wrong json schema
* remove useless comment and consolidate poetry dev deps
* not actually going to add this dependency, but leave docs for next guy
---------
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* removed id from task and still working on getting the migration working w/ burnettk
* fixed migration to work on postgres and sqlite as well w/ burnettk
* fixed tests w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* get most recent tasks based on last_state_change instead of task_model.id
* added api to get task instances of a task
* some changes to support displaying task instances
* forgot to commit the controller
* updated frontend to display info for other instances of a task w/ burnettk
* some formatting to the selected task instance w/ burnettk
* do not get task instances when selecting different instance w/ burnettk
* added tests for task-instances w/ burnettk
* some ui tweaks for task instance view w/ burnettk
* updates based on coderabbit
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* allow additional valid client ids to be specified for the purpose of token validation
* import the correct typedict and notrequired for python 3.10
* remove HEY
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* WIP: some initial code for category in data objects
* attempt to get the data object for the given bpmn process and instance of it w/ burnettk
* updates for data objects
* fixed tests
* made suggestions by code rabbit and moved logic to get process data file out of shared method since it has a completely different implentation
* remove commented out code
* updated SpiffWorkflow for data object category
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* WIP: some initial test code to test out celery w/ burnettk
* some cleanup for celery and added base model to put tasks waiting on timers
* removed dup bpmn file
* some more cleanup and added strategy to queue instructions
* some minor code changes w/ burnettk
* remove the unused next_task key from api calls since nobody uses it w/ burnettk essweine
* added migration for future tasks and added test to make sure we are inserting into it w/ burnettk essweine
* ensure future task run at time can be updated w/ burnettk
* added table to queue instructions for end user in w/ burnettk
* added test to ensure we are storing instructions for end users w/ burnettk
* added progress page to display new instructions to user
* ignore dup instructions on db insert w/ burnettk
* some more updates for celery w/ burnettk
* some pyl and test fixes w/ burnettk
* fixed tests w/ burnettk
* WIP: added in page to show instructions on pi show page w/ burnettk
* pi show page is fully using not interstitial now w/ burnettk
* fixed broken test w/ burnettk
* moved background processing items to own module w/ burnettk
* fixed apscheduler start script
* updated celery task queue to handle future tasks and upgraded black and set its line-length to match ruff w/ burnettk
* added support to run future tasks using countdown w/ burnettk
* build image for celery branch w/ burnettk
* poet does not exist in the image w/ burnettk
* start blocking scheduler should always start the scheduler w/ burnettk
* add init and stuff for this branch
* make this work not just on my mac
* send other args to only
* added running status for process instance and use that on fe to go to show page and added additional identifier to locking system to isolate celery workers better w/ burnettk
* fixed typing error that typeguard found, not sure why mypy did not w/ burnettk
* do not check for no instructions on interstitial page for cypress tests on frontend w/ burnettk
* do not queue process instances twice w/ burnettk
* removed bad file w/ burnettk
* queue tasks using strings to avoid circular imports when attmepting to queue w/ burnettk
* only queue imminent new timer events and mock celery
* some keyboard shortcut support on frontend and added ability to force run a process instance over the api w/ burnettk
* some styles added for the shortcut menu w/ burnettk
* pyl w/ burnettk
* fixed test w/ burnettk
* removed temporary celery script and added support for celery worker in run server locally w/ burnettk
* cleaned up migrations w/ burnettk
* created new migration to clean up old migrations
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* This fixes guest login with using multiple auths, removes empty items from ApiError, and raises if redirect_url given to login does not match expected frontend host w/ burnettk
* get body for debug
* try to get the logs from the correct place to upload w/ burnettk
* mock the openid call instead of actually calling it w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* reset to page 1 when status changes to fix#765 w/ jasquat
* upgrade connexion and werkzeug to fix snyk w/ jasquat
* fix all security issues like a boss w/ jasquat
* whoops, still no resolution for cryptography w/ jasquat
---------
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* curl and procps in container for debugging
* added some spacing between from lines in dockerfiles w/ burnettk
---------
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* removed simple-crypt and cleaned up usage of keys for encryption w/ burnettk
* renamed var to SPIFFWORKFLOW_BACKEND_ENCRYPTION_KEY w/ burnettk
* pyl w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* show the full breadcrumb on task show page w/ burnettk
* check read permission of process model before displaying in breadcrumb on task show page
* in the breadcrumb if the api returns 401 then just ignore the breadcrumb
* pyl
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* look for deny in the permission action rather than in the target uri and updated the documentation w/ burnettk
* added depecation warning if allowed_permissions is being used intead of actions w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* do not add data to spiff tasks if that task is finished w/ burnettk
* build docker image for this branch w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* We were getting copy and paste errors that an id already existed. This fixes that problem by assuring we always call the importXML method on the diagram modeller (and don't bypass it with a call to the fromXML of the protected _moddle.
we have to correct for the loop characteristics getting removed in a different way.
* run_pyl.
* eslint fixes
* Cypress caught some errors - I hate it, but it was right, and it caught something critical.
* when backend returns 401 also remove cookies and redirect in frontend if cookies are not set w/ burnettk
* added a copule helpful comments w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* added some support for configs to have mutliple auths
* multiple openids services are mostly working - still needs some cleanup
* some cleanup for pyl and fixed login_return for internal openid server w/ burnettk
* if only one auth is returned from backend then just do that w/ burnettk
* login page has been formatted w/ burnettk
* some extra formatting on the login page w/ burnettk
* relabel test openid providers and add user
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* only check for timer events in ready_user_task_has_associated_timer so we can skip user_input_required instances w/ burnettk
* removed test.py file w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* added migration to drop the id column from json_data and make hash the primary key
* removed id column from task_draft_data as well
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* added api to get all completed tasks for an instance and display it in a table w/ burnettk
* moved completed tasks table on pi show page to sub tabs
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* added test and some additional support for deny permissions w/ burnettk
* added support for deny through permissions-check api w/ burnettk
* support DENY at the beginning of a permission target marcro
* do not look up permissions using grant type, only use the uniqueness key
* added support in frontend to display a nice error if user does not have access to a data object value w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* do not save cancelled task events again
* actually only process cancelled events that were cancelled during the current run
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* support formatting data client side in markdown and support greater than and less than for metadata column filters w/ burnettk
* moved spiff conversion functions to FormattingService and use it in InstructionsForEndUser w/ burnettk
* added tests for greater than and less than metadata operators and added negative tests w/ burnettk
* removed unneeded useEffect w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* updated Dockerfile to try to remove security vulnerabilities w/ burnettk
* we require curl for health checks w/ burnettk
* try to scan docker image in ci
* use Dockerfile from backend w/ burnettk
* continue-on-error w/ burnettk
* attempt to elevate permissions of snyk w/ burnettk
* added snyk security github workflow w/ burnettk
* fixed location of constraints w/ burnettk
* add in or true for snyk tests w/ burnettk
* sent the snyk token w/ burnettk
* specify the directory for the sarif file w/ burnettk
* updated spiffworkflow-connector-command for snyk issue w/ burnettk
* updated sql statements sanitize input
* ignore issues for debug_controller and check frontend with snyk w/ burnettk
* updated babel and electron for snyk w/ burnettk
* some more updates to fix vulnerabilities w/ burnettk
* prune repeated deps for frontend builds since
* uncomment ci code so it runs again and use node for frontend base image w/ burnettk
* fixed backend image name w/ burnettk
* pyl w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* WIP for error boundary support w/ burnettk
* updates to catch error boundary events and send them back out w/ burnettk
* fixed broken test w/ burnettk
* use connector-http and spiffworkflow-proxy from main w/ burnettk
* updated smtp and slack connectors in connector-proxy-demo w/ burnettk
* added more tests for the service task service call connector to test errors w/ burnettk
* added spiffworkflow-connector-command and some code clean up
* updated the connectors in the proxy demo
* use SpiffWorkflow from git instead of locally
* some cleanup while code reviewing
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* using new spiffworkflow locally and the db can be recreated w/ burnettk
* tests are passing w/ burnettk
* added version 3 data migration for typenames on tasks and bpmn processes w/ burnettk
* pyl w/ burnettk
* attempting to add tests for data migrator and fix 1.3 for postgres
* run version_1_3 migration differently from postgres versus mysql and sqlite
* look up the task model again to make sure it is fresh w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* using new spiffworkflow locally and the db can be recreated w/ burnettk
* tests are passing w/ burnettk
* added version 3 data migration for typenames on tasks and bpmn processes w/ burnettk
* pyl w/ burnettk
* switch SpiffWorkflow back to main
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* cherry picked changes from b12af9f3bc to pin form json files
* use the class name to determine what a task type is w/ burnettk
* initial thoughts to fix cancel timer issue w/ burnettk
* added migration to run predict on all open instances w/ burnettk
* remove debug, refactor data migrations, add benchmark_log_func
* log progress of script
* only process predicted tasks and their parents in the version 2 data miagration w/ burnettk
* added data migrator and using that to run version 2 migrations when needed w/ burnettk
* removed some unwanted code
* fix issue, but tests still need updating
* fix tests by returning code to closer to what it was
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
* support wildcards when adding users to groups from waiting table
* moved the user route to authentication_controller to avoid having so many user routes and this controller was all about login
* added test to ensure regexes work for permissions - still need to remove old ones on refresh
* moved token related code out of authorization service and into authentication service w/ burnettk
* remove old user group assignment waiting entries when refreshing permissions w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* removed group service in favor of user service and messing around with ruff and pre-commeit w/ burnettk
* pyl can succeed now w/ burnettk
* removed debug code w/ burnettk
* pyl
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
* task show loads the correct revision of the json schema form w/ burnettk
* display error if form cannot be found at revision w/ burnettk
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
Added a spiffworkflow logo, colors, fonts, styling to login page based off the styles used on our website.
Maybe someday these can bleed through to the app itself.
* use the c option with git commands instead of using cd from python w/ burnettk
* removed the cd method since we should not be using it since it is not threadsafe
* pyl
---------
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
jasquat
jasquat
jbirddog
Kevin Burnett
burnettk
Dan Funk