* Create React version for the EmailSettingsWarning
* Migrate the Create User Page
* Migrate UserProfile to React
* Add /users/me to the routes (Percy ftw)
* Fix UserShow test spec
* Remove Error Messages component
* Show invitation link if email server not setup (#3519)
* return invite link to client if e-mail server is not set up
* add a couple of tests to make sure invite links are only returned when neccessary
* show invite link when e-mail is not configured
* remove "an e-mail has been sent" when there's no e-mail configured
* return invite_url in re-invites as well. Also refactor to reuse the code.
* Use CreateUserDialog instead of Page
* Render invite link on Resend Invitation click
* Add email validation to DynamicForm
* Fix EmailWarning position + update user list with user creation success
* Fix console error on UserProfile
* Redirect from /users/new + rename createUser -> showCreateUserDialog
* Use alert instead of toastr for user creation errors
* Remove logic from CreateUserDialog
* CR
* Use Promise.reject instead of throw to avoid console error
* use the textless endpoint (/api/queries/:id/results) for pristine
queriest
* reverse conditional. not not is making me the headaches.
* add ParameterizedQuery#is_safe with an inital naive implementation which
treats any query with a text parameter as not safe. This will be
remedied later when DB drivers will handle these parameters.
* allow getting new query results even if user has only view permissions
to the data source (given that the query is safe)
* fix lint error - getDerivedStateFromProps should be placed after state
* Revert "use the textless endpoint (/api/queries/:id/results) for pristine"
This reverts commit cd2cee7738.
* move execution preparation to a different function, which will be soon
reused
* go to textless /api/queries/:id/results by default
* let the query view decide if text or textless endpoint is needed
* allow safe queries to be executed in the UI even if the user has no
permission to execute and create new query results
* change `run_query`'s signature to accept a ParameterizedQuery instead of
constructing it inside
* use dict#get instead of a None guard
* use ParameterizedQuery in queries handler as well
* test that /queries/:id/results allows execution of safe queries even if
user has view_only permissions
* lint
* raise HTTP 400 when receiving invalid parameter values. Fixes#3394
* remove unused methods
* avoid cyclic imports by importing only when needed
* verify that a ParameterizedQuery without any parameters is considered
safe
* introduce query.parameter_schema
* encapsulate ParameterizedQuery creation inside Query
* stop testing `collect_query_parameters`, it's an implementation detail
* add tests for `missing_query_params`
* rename SQLQuery -> ParameterizedSqlQuery
* rename sql_query.py to parameterized_query.py
* split to parameterized queries and parameterized SQL queries, where
parameterized queries only do templating and parameterized SQL queries
add tree validation on top of it
* move missing parameter detection to ParameterizedQuery
* get rid of some old code
* fix tests
* set syntax to `custom`
* revert the max-age-related refactoring
* 👋 tree validations 😢
* BaseQueryRunner is no longer a factory for ParameterizedQuery, for now
* add an endpoint for running a query by its id and (optional) parameters
without having to provide the query text
* adds parameter schema to ParameterizedQuery
* adds parameter schema validation (currently for strings)
* validate number parameters
* validate date parameters
* validate parameters on POST /api/queries/<id>/results
* validate enum parameters
* validate date range parameters
* validate query-based dropdowns by preprocessing them at the handler
level and converting them to a populated enum
* change _is_date_range to be a tad more succinct
* a single assignment with a `map` is sufficiently explanatory
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/handlers/query_results.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* build error message inside the error
* support all types of numbers as number parameters
* check for permissions when populating query-based dropdowns
* check for access to query before running it
* check for empty rows when populating query-based enums
* don't bother loading query results if user doesn't have access
* 💥 on unexpected parameter types
* parameter schema default is a list, not a dictionary
* fix a totally unrelated typo
* remove redundant null guards
* introduce /dropdown.json endpoint with dummy data
* wire frontend to /dropdown.json
* always return name/value combos from /dropdown.json
* load actual data into /dropdown.json
* pluck correct values for `name` and `value`
* reuse dropdwon plucking logic in QueryResultResource
* simplify _get_dropdown_values
* when doing parameter validation, we only care about the value and not
the display name
* rename dropdown to dropdownOptions
* move dropdown_values to utils/parameterized_query.py
* stop converting queries to enums and encapsulate the work inside
ParameterizedQuery (almost - /dropdown.json would still access the
dropdown_values method)
* re-order arguments by importance
* test query parameter validation
* tests for dropdown_values logic
* remove `.json` suffix to the dropdown endpoint
* allow `BaseResource` to handle JSON stuff
* move _pluck_name_and_value outside its containing method
* case-insensitive lookup when plucking name and value
* separate concerns and simplify test isolation for `dropdown_values`
* pick the default column according to the order specified in the query
result columns attribute
* use `current_org` instead of passing `org`
* test that user has access to the query when calling the /dropdown
endpoint
* stop testing `collect_query_parameters`, it's an implementation detail
* add tests for `missing_query_params`
* rename SQLQuery -> ParameterizedSqlQuery
* rename sql_query.py to parameterized_query.py
* split to parameterized queries and parameterized SQL queries, where
parameterized queries only do templating and parameterized SQL queries
add tree validation on top of it
* move missing parameter detection to ParameterizedQuery
* get rid of some old code
* fix tests
* set syntax to `custom`
* revert the max-age-related refactoring
* 👋 tree validations 😢
* BaseQueryRunner is no longer a factory for ParameterizedQuery, for now
* add an endpoint for running a query by its id and (optional) parameters
without having to provide the query text
* adds parameter schema to ParameterizedQuery
* adds parameter schema validation (currently for strings)
* validate number parameters
* validate date parameters
* validate parameters on POST /api/queries/<id>/results
* validate enum parameters
* validate date range parameters
* validate query-based dropdowns by preprocessing them at the handler
level and converting them to a populated enum
* change _is_date_range to be a tad more succinct
* a single assignment with a `map` is sufficiently explanatory
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/handlers/query_results.py
Co-Authored-By: rauchy <omer@rauchy.net>
* Update redash/utils/parameterized_query.py
Co-Authored-By: rauchy <omer@rauchy.net>
* build error message inside the error
* support all types of numbers as number parameters
* check for permissions when populating query-based dropdowns
* check for access to query before running it
* check for empty rows when populating query-based enums
* don't bother loading query results if user doesn't have access
* 💥 on unexpected parameter types
* parameter schema default is a list, not a dictionary
* remove redundant null guards
* add an endpoint for running a query by its id and (optional) parameters
without having to provide the query text
* check for access to query before running it
* Use null as the default scheduled value.
* Don't serialize None to json, so we can use SQL is not null predicate.
* Fix warning about unicode in tests
* Handling empty query.schedule in UI (#3283)
* Add migration to convert empty schedules to null and drop the not null contraint.
* explicitly look for a False under details['is_invitation_pending'] and
not any falsey result, to avoid locking out invitations which were
created before the Pending Invitation feature was introduced. Solves https://github.com/getredash/redash/issues/3297
* test that old invites (that do not have any is_invitation_pending flag set in their details object) are still acceptable
* Added support for Apache Drill datasource
* Improvements in `Drill` query runner and minor refactoring
1. Drill query runner now inherits from `BaseHTTPQueryRunner`, because they both have a lot of common code.
2. `BaseHTTPQueryRunner.get_response` method now accepts `http_method` argument (original implementation was only capable of sending `GET` HTTP requests).
3. Added `order` to `BaseHTTPRequestRunner` configuration schema to fix order of UI elements based on the schema.
4. Eliminated duplicate method `_guess_type` in `GoogleSpreadsheet`, `Results` and `Drill` query runners, moved `guess_type` to `redash.query_runner`.
5. Removed tests for `_guess_type` in `GoogleSpreadsheet`, `Results` and `Drill` query runners, merged them into single test case and moved to `tests.query_runner.test_utils`.
6. Various minor changes (code style, imports, etc).
* default `is_invitation_pending` to false and actively set it to true
when inviting users, so that existing users won't show "Invitation
Pending"
* fix tests that broke due to default is_invitation_pending value
* update Flask-OAuthLib
* determine invitation_pending according to empty password. This commit will be reverted, I'm just deferring the implementation
* show '(Invitation Pending)' to users who haven't accepted their invitation yet
* allow resending invitations
* allow deletion of pending users from user list
* set invitation as not pending when following invite link
* prevent deleting activated users
* test that users who follow invitation links are set as non-pending invitations
* prevent re-using invitations
* invitees who use SSO will now also be marked as "non-pending"
* lint
* add last_active_at to users page
* Use our JSON encoder as the SQLAlchemy JSON serializer.
* Fixed some inconsistencies in the user query class methods.
* Minor cosmetic fixes.
* Add some make tasks for easier development.
* Add user detail sync system based on Redis backend.
There is a periodic Celery task that updates a new “details” JSONB column in the “user” table with the data from Redis.
Currently this is only used for tracking the date of last activity of a user but can be extended with other user information later.
Updates a few dependencies.
* Normalize a few Flask extension API names.
* Reduce implementation complexity of JSONEncoder.
* Use request_started signal to make sure we have a request context.
Otherwise loading the user based on the request won’t work.
* Fix test that checks if disabled users can login.
This correctly uses a URL path that includes the current organization and checks for the error message.
The previous test seems to have been a red herring.
* Minor cosmetic fixes.
* Remove needs_sync in favor of just deleting things.
* Misc review fixes.
* Ignore line length.
* Split redash.models import several modules.
* Move walrus UTC DateTimeField into redash.models.types.
* Restore distinctly loading dashboards.
* Simplify default values for user details.
* Define __repr__ methods generically.
* Consistently have underscore methods at the top of model methods.
* Fix tests.
* Split redash.models import several modules.
* Update to latest walrus and redis-py.
* Update kombu to 4.2.2 for redis-py 3.x compatibility.
* Remove redis-cli container after running Make task.
* Move buffer condition after datetime/time conditions.
* Update walrus to 0.7.1.
* Refactor some query APIs.
This uses the flask-sqlalchemy helpers consistently and makes more use of mixins.
* Post rebase fixes.
* Use correct kombu version
* Fix migration down revision
* display correct error message when attempting to disable yourself
* 403 (Forbidden) feels like a better status code than 400 (Bad Request)
* fix broken test
* remove redundant error title
* add SQLQuery class with tests for safe queries and non-safe tautology attacks
* add test for union query injections
* split .apply calls to newline
* add tests for comment attacks
* remove double underscore
* extract complex children check to variable
* inherit from object because I'm not a lamer
Co-Authored-By: rauchy <omer@rauchy.net>
* simplify cognitive complexity
* check that additional columns are not injected
* detect appended queries
* inline .apply calls
* move SQLQuery to it's own module
* move SQLQuery tests to their own module
* serialize SQLQuery instances
* raise an exception when attempting to serialize an unsafe query
* queries without parameters are safe
* remove redundant parentheses
* use cached properties
* rename SQLInjectionException to SQLInjectionError
* support multiple word params and param negations
* refactor out methods that don't involve any state
* don't cache text()
* reduce cognitive complexity
* Fix tag counts for dashboards to be distinct.
This also makes use of the Dashboard.all base query.
Fix#3108.
* Use Query.all_queries as the base query for Query.all_tags.
* Add test case for Dashboard.all_tags.
