From 42e48a4a5f60891398228c002150f88e865fec0c Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Wed, 17 Aug 2022 17:21:24 -0400
Subject: [PATCH 1/9] update open id server url per chat with the homies

---
 bin/deploy | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/bin/deploy b/bin/deploy
index 82e5550e..7ff929bb 100755
--- a/bin/deploy
+++ b/bin/deploy
@@ -31,6 +31,10 @@ if [[ -z "${SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE:-}" ]]; then
   export SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE=run
 fi
 
+if [[ -z "${OPEN_ID_SERVER_URL:-}" ]]; then
+  export OPEN_ID_SERVER_URL='http://167.172.242.138:7002'
+fi
+
 git pull
 ./bin/build_and_run_with_docker_compose
 ./bin/wait_for_server_to_be_up

From 58e5408f76a9a0d2f2090db0288e91ce5e0633e8 Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Wed, 17 Aug 2022 17:26:41 -0400
Subject: [PATCH 2/9] pass through env var

---
 docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3bed342a..d05636fe 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -54,6 +54,7 @@ services:
       - FLASK_ENV=${FLASK_ENV:-development}
       - FLASK_DEBUG=0
       - FLASK_SESSION_SECRET_KEY=${FLASK_SESSION_SECRET_KEY:-super_secret_key}
+      - OPEN_ID_SERVER_URL=${OPEN_ID_SERVER_URL:-http://localhost:7002}
       - SPIFFWORKFLOW_BACKEND_PORT=7000
       - SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true
       - SPIFFWORKFLOW_BACKEND_DATABASE_URI=mysql+mysqlconnector://root:${SPIFFWORKFLOW_BACKEND_MYSQL_ROOT_DATABASE:-my-secret-pw}@localhost:7003/${SPIFFWORKFLOW_BACKEND_DATABASE_NAME:-spiffworkflow_backend_development}

From be553f4cecaf22dac7289cb9b8602a5a2131797a Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Wed, 17 Aug 2022 17:56:38 -0400
Subject: [PATCH 3/9] unhardcode urls

---
 bin/deploy                                        |  8 ++++++++
 bin/spiffworkflow-realm.json                      | 15 ++++++++++++---
 docker-compose.yml                                |  2 ++
 src/spiffworkflow_backend/config/default.py       |  8 ++++++++
 src/spiffworkflow_backend/routes/user.py          |  3 ++-
 .../services/authentication_service.py            | 11 +++++++----
 6 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/bin/deploy b/bin/deploy
index 7ff929bb..c961220b 100755
--- a/bin/deploy
+++ b/bin/deploy
@@ -31,6 +31,14 @@ if [[ -z "${SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE:-}" ]]; then
   export SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE=run
 fi
 
+if [[ -z "${SPIFFWORKFLOW_FRONTEND_URL:-}" ]]; then
+  export SPIFFWORKFLOW_FRONTEND_URL='http://167.172.242.138:7001'
+fi
+
+if [[ -z "${SPIFFWORKFLOW_BACKEND_URL:-}" ]]; then
+  export SPIFFWORKFLOW_BACKEND_URL='http://167.172.242.138:7000'
+fi
+
 if [[ -z "${OPEN_ID_SERVER_URL:-}" ]]; then
   export OPEN_ID_SERVER_URL='http://167.172.242.138:7002'
 fi
diff --git a/bin/spiffworkflow-realm.json b/bin/spiffworkflow-realm.json
index e10c7c3c..91d4896a 100644
--- a/bin/spiffworkflow-realm.json
+++ b/bin/spiffworkflow-realm.json
@@ -944,7 +944,10 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "secret": "JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
-      "redirectUris": ["http://localhost:7000/*"],
+      "redirectUris": [
+        "http://localhost:7000/*",
+        "http://167.172.242.138:7000/*"
+      ],
       "webOrigins": [],
       "notBefore": 0,
       "bearerOnly": false,
@@ -1210,7 +1213,10 @@
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
-      "redirectUris": ["http://localhost:7001/*"],
+      "redirectUris": [
+        "http://localhost:7001/*",
+        "http://167.172.242.138:7001/*"
+      ],
       "webOrigins": ["*"],
       "notBefore": 0,
       "bearerOnly": false,
@@ -1275,7 +1281,10 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "secret": "6o8kIKQznQtejHOdRhWeKorBJclMGcgA",
-      "redirectUris": ["http://localhost:7001/*"],
+      "redirectUris": [
+        "http://localhost:7001/*",
+        "http://167.172.242.138:7001/*"
+      ],
       "webOrigins": [],
       "notBefore": 0,
       "bearerOnly": false,
diff --git a/docker-compose.yml b/docker-compose.yml
index d05636fe..8426e805 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,6 +55,8 @@ services:
       - FLASK_DEBUG=0
       - FLASK_SESSION_SECRET_KEY=${FLASK_SESSION_SECRET_KEY:-super_secret_key}
       - OPEN_ID_SERVER_URL=${OPEN_ID_SERVER_URL:-http://localhost:7002}
+      - SPIFFWORKFLOW_FRONTEND_URL=${SPIFFWORKFLOW_FRONTEND_URL:-http://localhost:7001}
+      - SPIFFWORKFLOW_BACKEND_URL=${SPIFFWORKFLOW_BACKEND_URL:-http://localhost:7000}
       - SPIFFWORKFLOW_BACKEND_PORT=7000
       - SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true
       - SPIFFWORKFLOW_BACKEND_DATABASE_URI=mysql+mysqlconnector://root:${SPIFFWORKFLOW_BACKEND_MYSQL_ROOT_DATABASE:-my-secret-pw}@localhost:7003/${SPIFFWORKFLOW_BACKEND_DATABASE_NAME:-spiffworkflow_backend_development}
diff --git a/src/spiffworkflow_backend/config/default.py b/src/spiffworkflow_backend/config/default.py
index 9f780030..7bf26779 100644
--- a/src/spiffworkflow_backend/config/default.py
+++ b/src/spiffworkflow_backend/config/default.py
@@ -13,6 +13,14 @@ CORS_ALLOW_ORIGINS = re.split(
     r",\s*", environ.get("CORS_ALLOW_ORIGINS", default=CORS_DEFAULT)
 )
 
+SPIFFWORKFLOW_FRONTEND_URL = environ.get(
+    "SPIFFWORKFLOW_FRONTEND_URL", default="http://localhost:7001"
+)
+
+SPIFFWORKFLOW_BACKEND_URL = environ.get(
+    "SPIFFWORKFLOW_BACKEND_URL", default="http://localhost:7000"
+)
+
 # Open ID server
 OPEN_ID_SERVER_URL = environ.get("OPEN_ID_SERVER_URL", default="http://localhost:7002")
 OPEN_ID_CLIENT_ID = environ.get("OPEN_ID_CLIENT_ID", default="spiffworkflow-backend")
diff --git a/src/spiffworkflow_backend/routes/user.py b/src/spiffworkflow_backend/routes/user.py
index eaa10a9d..fb8bea9b 100644
--- a/src/spiffworkflow_backend/routes/user.py
+++ b/src/spiffworkflow_backend/routes/user.py
@@ -254,7 +254,8 @@ def logout(id_token: str, redirect_url: Optional[str]) -> Response:
 
 def logout_return() -> Response:
     """Logout_return."""
-    return redirect("http://localhost:7001/")
+    frontend_url = str(current_app.config["SPIFFWORKFLOW_FRONTEND_URL"])
+    return redirect(f"{frontend_url}/")
 
 
 def get_decoded_token(token: str) -> Optional[Dict]:
diff --git a/src/spiffworkflow_backend/services/authentication_service.py b/src/spiffworkflow_backend/services/authentication_service.py
index 2bf4cf07..fb1a1dea 100644
--- a/src/spiffworkflow_backend/services/authentication_service.py
+++ b/src/spiffworkflow_backend/services/authentication_service.py
@@ -44,11 +44,15 @@ class PublicAuthenticationService:
     Used during development to make testing easy.
     """
 
+    def get_backend_url(self) -> str:
+        """Get_backend_url."""
+        return str(current_app.config["SPIFFWORKFLOW_BACKEND_URL"])
+
     def logout(self, id_token: str, redirect_url: Optional[str] = None) -> Response:
         """Logout."""
         if redirect_url is None:
             redirect_url = "/"
-        return_redirect_url = "http://localhost:7000/v1.0/logout_return"
+        return_redirect_url = f"{self.get_backend_url()}/v1.0/logout_return"
         (
             open_id_server_url,
             open_id_client_id,
@@ -77,7 +81,7 @@ class PublicAuthenticationService:
             open_id_realm_name,
             open_id_client_secret_key,
         ) = get_open_id_args()
-        return_redirect_url = "http://localhost:7000/v1.0/login_return"
+        return_redirect_url = f"{self.get_backend_url()}/v1.0/login_return"
         login_redirect_url = (
             f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/auth?"
             + f"state={state}&"
@@ -104,11 +108,10 @@ class PublicAuthenticationService:
             "Content-Type": "application/x-www-form-urlencoded",
             "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
         }
-
         data = {
             "grant_type": "authorization_code",
             "code": code,
-            "redirect_uri": "http://localhost:7000/v1.0/login_return",
+            "redirect_uri": f"{self.get_backend_url()}/v1.0/login_return",
         }
 
         request_url = f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/token"

From f982020e771314a9016586930f4ea19f45b90bcf Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:08:00 -0400
Subject: [PATCH 4/9] document how to turn off SSL

---
 bin/start_keycloak | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/bin/start_keycloak b/bin/start_keycloak
index fbed6fbb..591c4185 100755
--- a/bin/start_keycloak
+++ b/bin/start_keycloak
@@ -31,7 +31,14 @@ sleep 10
 docker exec keycloak /opt/keycloak/bin/kc.sh import --file /tmp/finance-realm.json || echo ''
 docker exec keycloak /opt/keycloak/bin/kc.sh import --file /tmp/spiffworkflow-realm.json || echo ''
 docker exec keycloak /opt/keycloak/bin/kc.sh import --file /tmp/quarkus-realm.json || echo ''
-echo 'ran import finance realm'
+
+echo 'imported realms'
+
+if [ "${TURN_OFF_SSL:-}" == "true" ]; then
+  docker exec -it keycloak /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin
+  docker exec -it keycloak /opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
+  echo 'turned off SSL requirement'
+fi
 
 docker stop keycloak
 docker start keycloak

From daa9993a6214090f7388e1490437f095e1cf0b5c Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:09:58 -0400
Subject: [PATCH 5/9] turn off ssl for spiffworkflow realm as well

---
 bin/start_keycloak | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/start_keycloak b/bin/start_keycloak
index 591c4185..932e14ba 100755
--- a/bin/start_keycloak
+++ b/bin/start_keycloak
@@ -37,6 +37,7 @@ echo 'imported realms'
 if [ "${TURN_OFF_SSL:-}" == "true" ]; then
   docker exec -it keycloak /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin
   docker exec -it keycloak /opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
+  docker exec -it keycloak /opt/keycloak/bin/kcadm.sh update realms/spiffworkflow -s sslRequired=NONE
   echo 'turned off SSL requirement'
 fi
 

From 48a4e5229a5fb7e04af6d0954f7e776eeda6d2e4 Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Fri, 19 Aug 2022 17:46:14 -0400
Subject: [PATCH 6/9] avoid printing warnings for libraries we do not control

---
 pyproject.toml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pyproject.toml b/pyproject.toml
index d79a2e05..2eb682d4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -85,6 +85,18 @@ sqlalchemy-stubs = "^0.4"
 [tool.poetry.scripts]
 spiffworkflow-backend = "spiffworkflow_backend.__main__:main"
 
+[tool.pytest.ini_options]
+# ignore three deprecation warnings from three different packages
+filterwarnings = [
+    # note the use of single quote below to denote "raw" strings in TOML
+    # kombu/utils/compat.py:82
+    'ignore:SelectableGroups dict interface is deprecated. Use select.',
+    # marshmallow_sqlalchemy/convert.py:17
+    'ignore:distutils Version classes are deprecated. Use packaging.version instead.',
+    # connexion/spec.py:50
+    'ignore:Passing a schema to Validator.iter_errors is deprecated and will be removed in a future release'
+]
+
 [tool.coverage.paths]
 source = ["src", "*/site-packages"]
 tests = ["tests", "*/tests"]

From 30279c9f9351389976e2930ade14c0b31d37574d Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Fri, 19 Aug 2022 17:46:38 -0400
Subject: [PATCH 7/9] prevent index out of bounds when there is no next task

---
 .../services/process_instance_processor.py                     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/spiffworkflow_backend/services/process_instance_processor.py b/src/spiffworkflow_backend/services/process_instance_processor.py
index 871e6d21..c990bc66 100644
--- a/src/spiffworkflow_backend/services/process_instance_processor.py
+++ b/src/spiffworkflow_backend/services/process_instance_processor.py
@@ -506,7 +506,8 @@ class ProcessInstanceProcessor:
                     and task.workflow == self.bpmn_process_instance
                 ):
                     endtasks.append(task)
-            return endtasks[-1]
+            if len(endtasks) > 0:
+                return endtasks[-1]
 
         # If there are ready tasks to complete, return the next ready task, but return the one
         # in the active parallel path if possible.  In some cases the active parallel path may itself be

From f4ed5333a3d93efb60cdbabdc2a50be05e6fa0d6 Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Fri, 19 Aug 2022 19:00:25 -0400
Subject: [PATCH 8/9] add process model identifier to my tasks response

---
 .../models/active_task.py                     | 18 ++++++++-------
 .../routes/process_api_blueprint.py           | 23 +++++++++++++++----
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/src/spiffworkflow_backend/models/active_task.py b/src/spiffworkflow_backend/models/active_task.py
index d0176ef4..0d7f19c2 100644
--- a/src/spiffworkflow_backend/models/active_task.py
+++ b/src/spiffworkflow_backend/models/active_task.py
@@ -47,16 +47,18 @@ class ActiveTaskModel(SpiffworkflowBaseDBModel):
     task_status = db.Column(db.String(50))
     task_data: str = db.Column(db.Text)
 
-    def to_task(self) -> Task:
+    @classmethod
+    def to_task(cls, task: ActiveTaskModel) -> Task:
         """To_task."""
-        task_data = json.loads(self.task_data)
+        task_data = json.loads(task.task_data)
 
         return Task(
-            self.task_id,
-            self.task_name,
-            self.task_title,
-            self.task_type,
-            self.task_status,
+            task.task_id,
+            task.task_name,
+            task.task_title,
+            task.task_type,
+            task.task_status,
             data=task_data,
-            process_instance_id=self.process_instance_id,
+            process_name=task.process_model_identifier,
+            process_instance_id=task.process_instance_id,
         )
diff --git a/src/spiffworkflow_backend/routes/process_api_blueprint.py b/src/spiffworkflow_backend/routes/process_api_blueprint.py
index c1711fc8..b650177d 100644
--- a/src/spiffworkflow_backend/routes/process_api_blueprint.py
+++ b/src/spiffworkflow_backend/routes/process_api_blueprint.py
@@ -542,10 +542,23 @@ def task_list_my_tasks(page: int = 1, per_page: int = 100) -> flask.wrappers.Res
     active_tasks = (
         ActiveTaskModel.query.filter_by(assigned_principal_id=principal.id)
         .order_by(desc(ActiveTaskModel.id))  # type: ignore
+        .join(ProcessInstanceModel)
+        # just need this add_columns to add the process_model_identifier. Then add everything back that was removed.
+        .add_columns(
+            ProcessInstanceModel.process_model_identifier,
+            ActiveTaskModel.task_data,
+            ActiveTaskModel.task_name,
+            ActiveTaskModel.task_title,
+            ActiveTaskModel.task_type,
+            ActiveTaskModel.task_status,
+            ActiveTaskModel.task_id,
+            ActiveTaskModel.id,
+            ActiveTaskModel.process_instance_id,
+        )
         .paginate(page, per_page, False)
     )
 
-    tasks = [active_task.to_task() for active_task in active_tasks.items]
+    tasks = [ActiveTaskModel.to_task(active_task) for active_task in active_tasks.items]
 
     response_json = {
         "results": tasks,
@@ -582,7 +595,7 @@ def process_instance_task_list(
 
 
 def task_show(process_instance_id: int, task_id: str) -> flask.wrappers.Response:
-    """Task_list_my_tasks."""
+    """Task_show."""
     principal = find_principal_or_raise()
 
     process_instance = find_process_instance_by_id_or_raise(process_instance_id)
@@ -603,7 +616,7 @@ def task_show(process_instance_id: int, task_id: str) -> flask.wrappers.Response
     if active_task_assigned_to_me:
         form_schema_file_name = active_task_assigned_to_me.form_file_name
         form_ui_schema_file_name = active_task_assigned_to_me.ui_form_file_name
-        task = active_task_assigned_to_me.to_task()
+        task = ActiveTaskModel.to_task(active_task_assigned_to_me)
     else:
         spiff_task = get_spiff_task_from_process_instance(task_id, process_instance)
         extensions = spiff_task.task_spec.extensions
@@ -702,7 +715,9 @@ def task_submit(
         assigned_principal_id=principal.id, process_instance_id=process_instance.id
     ).first()
     if next_active_task_assigned_to_me:
-        return make_response(jsonify(next_active_task_assigned_to_me.to_task()), 200)
+        return make_response(
+            jsonify(ActiveTaskModel.to_task(next_active_task_assigned_to_me)), 200
+        )
 
     return Response(json.dumps({"ok": True}), status=202, mimetype="application/json")
 

From ad2bf980fe399c10159aff972ffb518d42bf81c7 Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Fri, 19 Aug 2022 19:13:39 -0400
Subject: [PATCH 9/9] add process model identifier on task show

---
 src/spiffworkflow_backend/models/active_task.py           | 7 +++++--
 src/spiffworkflow_backend/routes/process_api_blueprint.py | 3 +++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/spiffworkflow_backend/models/active_task.py b/src/spiffworkflow_backend/models/active_task.py
index 0d7f19c2..db910506 100644
--- a/src/spiffworkflow_backend/models/active_task.py
+++ b/src/spiffworkflow_backend/models/active_task.py
@@ -52,13 +52,16 @@ class ActiveTaskModel(SpiffworkflowBaseDBModel):
         """To_task."""
         task_data = json.loads(task.task_data)
 
-        return Task(
+        new_task = Task(
             task.task_id,
             task.task_name,
             task.task_title,
             task.task_type,
             task.task_status,
             data=task_data,
-            process_name=task.process_model_identifier,
             process_instance_id=task.process_instance_id,
         )
+        if hasattr(task, "process_model_identifier"):
+            new_task.process_name = task.process_model_identifier
+
+        return new_task
diff --git a/src/spiffworkflow_backend/routes/process_api_blueprint.py b/src/spiffworkflow_backend/routes/process_api_blueprint.py
index b650177d..b4ed5a2f 100644
--- a/src/spiffworkflow_backend/routes/process_api_blueprint.py
+++ b/src/spiffworkflow_backend/routes/process_api_blueprint.py
@@ -616,6 +616,9 @@ def task_show(process_instance_id: int, task_id: str) -> flask.wrappers.Response
     if active_task_assigned_to_me:
         form_schema_file_name = active_task_assigned_to_me.form_file_name
         form_ui_schema_file_name = active_task_assigned_to_me.ui_form_file_name
+        active_task_assigned_to_me.process_model_identifier = (
+            process_instance.process_model_identifier
+        )
         task = ActiveTaskModel.to_task(active_task_assigned_to_me)
     else:
         spiff_task = get_spiff_task_from_process_instance(task_id, process_instance)