codeant-ai-for-open-source[bot] commented on code in PR #39469: URL: https://github.com/apache/superset/pull/39469#discussion_r3474347871
########## superset/models/user_session_auth_stamp.py: ########## @@ -0,0 +1,48 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +"""Per-user stamp used to invalidate browser sessions after password changes.""" + +from __future__ import annotations + +from flask_appbuilder import Model +from sqlalchemy import Column, ForeignKey, Integer, String +from sqlalchemy.orm import relationship + +from superset import security_manager + + +class UserSessionAuthStamp(Model): + """ + One row per ``ab_user`` holding a stamp copied into the Flask session at login. + + Bumping ``stamp`` invalidates every session that still carries an older value. + """ + + __tablename__ = "user_session_auth_stamp" + + user_id = Column( + Integer, ForeignKey("ab_user.id", ondelete="CASCADE"), primary_key=True + ) + stamp = Column(String(36), nullable=False) + + user = relationship( + security_manager.user_model, + foreign_keys=[user_id], + ) + + def __repr__(self) -> str: + return f"<UserSessionAuthStamp user_id={self.user_id}>" Review Comment: **Suggestion:** Add a short docstring to this newly added method so all new functions in the file are documented inline. [custom_rule] **Severity Level:** Minor ⚠️ <details> <summary><b>Why it matters? 🤔 </b></summary> This is a newly added Python method in the final file state, and it does not include a docstring. The custom rule requires new functions and classes to be documented inline, so this is a real violation. </details> [](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=5d490d76d4114efc83cef4747d846aec&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) [](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=5d490d76d4114efc83cef4747d846aec&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** superset/models/user_session_auth_stamp.py **Line:** 47:48 **Comment:** *Custom Rule: Add a short docstring to this newly added method so all new functions in the file are documented inline. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=6fd6c9c6eb538a8c5ca3f8e8db366e70f0ba55bcadaab7c170fa0140b0564f25&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=6fd6c9c6eb538a8c5ca3f8e8db366e70f0ba55bcadaab7c170fa0140b0564f25&reaction=dislike'>👎</a> ########## superset-frontend/src/features/userInfo/UserInfoModal.test.tsx: ########## @@ -0,0 +1,143 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +import { SupersetClient } from '@superset-ui/core'; +import { + render, + screen, + fireEvent, + waitFor, +} from 'spec/helpers/testing-library'; +import { ChangePasswordModal } from './UserInfoModal'; + +const mockAddDangerToast = jest.fn(); +const mockAddSuccessToast = jest.fn(); + +jest.mock('src/components/MessageToasts/withToasts', () => ({ + __esModule: true, + ...jest.requireActual('src/components/MessageToasts/withToasts'), + useToasts: () => ({ + addDangerToast: mockAddDangerToast, + addSuccessToast: mockAddSuccessToast, + }), +})); + +const policyResult = { + password_min_length: 12, + password_require_uppercase: true, + password_require_lowercase: true, + password_require_digit: true, + password_require_special: true, + password_common_list_check: true, +}; + +const STRONG_PASSWORD = 'AnotherStr0ng!Pass'; + +const renderModal = (onSave = jest.fn()) => { + render(<ChangePasswordModal show onHide={jest.fn()} onSave={onSave} />, { + useRedux: true, + }); + return { onSave }; +}; + +const fillPasswords = (newPassword = STRONG_PASSWORD) => { + fireEvent.change(screen.getByPlaceholderText('Enter your current password'), { + target: { value: 'CurrentStr0ng!Pass' }, + }); + fireEvent.change(screen.getByPlaceholderText('Enter a new password'), { + target: { value: newPassword }, + }); + fireEvent.change(screen.getByPlaceholderText('Confirm the new password'), { + target: { value: newPassword }, + }); +}; + +beforeEach(() => { + jest.clearAllMocks(); + jest + .spyOn(SupersetClient, 'get') + // eslint-disable-next-line @typescript-eslint/no-explicit-any + .mockResolvedValue({ json: { result: policyResult } } as any); +}); + +afterEach(() => { + jest.restoreAllMocks(); +}); + +test('fetches the password policy when opened', async () => { + renderModal(); + await waitFor(() => { + expect(SupersetClient.get).toHaveBeenCalledWith( + expect.objectContaining({ endpoint: '/api/v1/me/password/policy' }), + ); + }); +}); + +test('submits a valid password change and lets FormModal trigger onSave', async () => { + const put = jest + .spyOn(SupersetClient, 'put') + // eslint-disable-next-line @typescript-eslint/no-explicit-any + .mockResolvedValue({ json: {} } as any); Review Comment: **Suggestion:** Replace this `any` cast with a concrete mocked response type for the `SupersetClient.put` call so the test does not bypass TypeScript checks. [custom_rule] **Severity Level:** Minor ⚠️ <details> <summary><b>Why it matters? 🤔 </b></summary> This newly added TSX test code also uses `as any` in the mocked `SupersetClient.put` response. The rule prohibits any new or modified TypeScript/TSX code from using `any`, so the violation is real. </details> [](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=981948bcf69a4964a6cee2235f86c564&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) [](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=981948bcf69a4964a6cee2235f86c564&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** superset-frontend/src/features/userInfo/UserInfoModal.test.tsx **Line:** 95:95 **Comment:** *Custom Rule: Replace this `any` cast with a concrete mocked response type for the `SupersetClient.put` call so the test does not bypass TypeScript checks. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=d4754b9a11744e67a56ade7c19b83bbe451fe41f544ceb29a84a861048734d30&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=d4754b9a11744e67a56ade7c19b83bbe451fe41f544ceb29a84a861048734d30&reaction=dislike'>👎</a> ########## superset-frontend/src/features/userInfo/UserInfoModal.test.tsx: ########## @@ -0,0 +1,143 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +import { SupersetClient } from '@superset-ui/core'; +import { + render, + screen, + fireEvent, + waitFor, +} from 'spec/helpers/testing-library'; +import { ChangePasswordModal } from './UserInfoModal'; + +const mockAddDangerToast = jest.fn(); +const mockAddSuccessToast = jest.fn(); + +jest.mock('src/components/MessageToasts/withToasts', () => ({ + __esModule: true, + ...jest.requireActual('src/components/MessageToasts/withToasts'), + useToasts: () => ({ + addDangerToast: mockAddDangerToast, + addSuccessToast: mockAddSuccessToast, + }), +})); + +const policyResult = { + password_min_length: 12, + password_require_uppercase: true, + password_require_lowercase: true, + password_require_digit: true, + password_require_special: true, + password_common_list_check: true, +}; + +const STRONG_PASSWORD = 'AnotherStr0ng!Pass'; + +const renderModal = (onSave = jest.fn()) => { + render(<ChangePasswordModal show onHide={jest.fn()} onSave={onSave} />, { + useRedux: true, + }); + return { onSave }; +}; + +const fillPasswords = (newPassword = STRONG_PASSWORD) => { + fireEvent.change(screen.getByPlaceholderText('Enter your current password'), { + target: { value: 'CurrentStr0ng!Pass' }, + }); + fireEvent.change(screen.getByPlaceholderText('Enter a new password'), { + target: { value: newPassword }, + }); + fireEvent.change(screen.getByPlaceholderText('Confirm the new password'), { + target: { value: newPassword }, + }); +}; + +beforeEach(() => { + jest.clearAllMocks(); + jest + .spyOn(SupersetClient, 'get') + // eslint-disable-next-line @typescript-eslint/no-explicit-any + .mockResolvedValue({ json: { result: policyResult } } as any); Review Comment: **Suggestion:** Replace this `any` cast with a concrete mocked response type for the `SupersetClient.get` call (or a narrower generic/assertion) so the test remains type-safe. [custom_rule] **Severity Level:** Minor ⚠️ <details> <summary><b>Why it matters? 🤔 </b></summary> This is a newly added TypeScript test file, and the mocked `SupersetClient.get` call uses `as any`. The custom rule explicitly flags any new or modified TS/TSX code that uses `any`, so this is a real violation. </details> [](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=71228fd2c31a416499dae6a72506c907&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) [](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=71228fd2c31a416499dae6a72506c907&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** superset-frontend/src/features/userInfo/UserInfoModal.test.tsx **Line:** 75:75 **Comment:** *Custom Rule: Replace this `any` cast with a concrete mocked response type for the `SupersetClient.get` call (or a narrower generic/assertion) so the test remains type-safe. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=9e40e7e28834b523a668ac77689f9bcd092e10eafabdb60747116fe9b400e49e&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=9e40e7e28834b523a668ac77689f9bcd092e10eafabdb60747116fe9b400e49e&reaction=dislike'>👎</a> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
