feat: merge Release v1.8.0 into main by vjgit96 · Pull Request #11827 · langflow-ai/langflow (original) (raw)

feat(auth): Pluggable AuthService with abstract base class (#10702)

• feat: Introduce service registration decorator and enhance ServiceManager for pluggable service discovery

• Added register_service decorator to allow services to self-register with the ServiceManager.
• Enhanced ServiceManager to support multiple service discovery mechanisms, including decorator-based registration, config files, and entry points.
• Implemented methods for direct service class registration and plugin discovery from various sources, improving flexibility and extensibility of service management.

• feat: Implement VariableService for managing environment variables

• Introduced VariableService class to handle environment variables with in-memory caching.
• Added methods for getting, setting, deleting, and listing variables.
• Included logging for service initialization and variable operations.
• Created an init.py file to expose VariableService in the package namespace.

• feat: Enhance LocalStorageService with Service integration and async teardown

• Updated LocalStorageService to inherit from both StorageService and Service for improved functionality.
• Added a name attribute for service identification.
• Implemented an async teardown method for future extensibility, even though no cleanup is currently needed.
• Refactored the constructor to ensure proper initialization of both parent classes.

• feat: Implement telemetry service with abstract base class and minimal logging functionality

• Added BaseTelemetryService as an abstract base class defining the interface for telemetry services.
• Introduced TelemetryService, a lightweight implementation that logs telemetry events without sending data.
• Created __init__.py to expose the telemetry service in the package namespace.
• Ensured robust async methods for logging various telemetry events and handling exceptions.

• feat: Introduce BaseTracingService and implement minimal TracingService

• Added BaseTracingService as an abstract base class defining the interface for tracing services.
• Implemented TracingService, a lightweight version that logs trace events without external integrations.
• Included async methods for starting and ending traces, tracing components, and managing logs and outputs.
• Enhanced documentation for clarity on method usage and parameters.

• feat: Add unit tests for service registration decorators

• Introduced a new test suite for validating the functionality of the @register_service decorator.
• Implemented tests for various service types including LocalStorageService, TelemetryService, and TracingService.
• Verified behavior for service registration with and without overrides, ensuring correct service management.
• Included tests for custom service implementations and preservation of class functionality.
• Enhanced overall test coverage for the service registration mechanism.

• feat: Add comprehensive unit and integration tests for ServiceManager

• Introduced a suite of unit tests covering edge cases for service registration, lifecycle management, and dependency resolution.
• Implemented integration tests to validate service loading from configuration files and environment variables.
• Enhanced test coverage for various service types including LocalStorageService, TelemetryService, and VariableService.
• Verified behavior for service registration with and without overrides, ensuring correct service management.
• Ensured robust handling of error conditions and edge cases in service creation and configuration parsing.

• feat: Add unit and integration tests for minimal service implementations

• Introduced comprehensive unit tests for LocalStorageService, TelemetryService, TracingService, and VariableService.
• Implemented integration tests to validate the interaction between minimal services.
• Ensured robust coverage for file operations, service readiness, and exception handling.
• Enhanced documentation within tests for clarity on functionality and expected behavior.

• docs: Add detailed documentation for pluggable services architecture and usage

• feat: Add example configuration file for Langflow services

• docs: Update PLUGGABLE_SERVICES.md to enhance architecture benefits section

• Revised the documentation to highlight the advantages of the pluggable service system.
• Replaced the migration guide with a detailed overview of features such as automatic discovery, lazy instantiation, dependency injection, and lifecycle management.
• Clarified examples of service registration and improved overall documentation for better understanding.

• [autofix.ci] apply automated fixes

• test(services): improve variable service teardown test with public API assertions

• docs(pluggable-service-layer): add docstrings for service manager and implementations

• fix: remove duplicate teardown method from LocalStorageService

During rebase, the teardown method was added in two locations (lines 57 and 220). Removed the duplicate at line 57, keeping the one at the end of the class (line 220) which is the more appropriate location for cleanup methods.

• fix(tests): update service tests for LocalStorageService constructor changes

• Add MockSessionService fixtures to test files that use ServiceManager
• Update LocalStorageService test instantiation to use mock session and settings services
• Fix service count assertions to account for MockSessionService in fixtures
• Remove duplicate class-level clean_manager fixtures in test_edge_cases.py

These changes fix test failures caused by LocalStorageService requiring session_service and settings_service parameters instead of just data_dir.

• fix(services): Harden service lifecycle methods

• Fixed Diamond Inheritance in LocalStorageService
• Added Circular Dependency Detection in _create_service_from_class
• Fixed StorageService.teardown to Have Default Implementation

• docs: Update discovery order for pluggable services

• fix(lfx): replace aiofile with aiofiles for CI compatibility

• The aiofile library uses native async I/O (libaio) which fails with EAGAIN (SystemError: 11, 'Resource temporarily unavailable') in containerized environments like GitHub Actions runners.
• Switch to aiofiles which uses thread pool executors, providing reliable async file I/O across all environments including containers.

• [autofix.ci] apply automated fixes

• fix(lfx): prevent race condition in plugin discovery

  The discover_plugins() method had a TOCTOU (time-of-check to time-of-use) race condition. Since get() uses a keyed lock (per service name), multiple threads requesting different services could concurrently see _plugins_discovered=False and trigger duplicate plugin discovery.

  Wrap discover_plugins() with self._lock to ensure thread-safe access to the _plugins_discovered flag and prevent concurrent discovery execution.

• [autofix.ci] apply automated fixes

• feat: Introduce service registration decorator and enhance ServiceManager for pluggable service discovery

• Added register_service decorator to allow services to self-register with the ServiceManager.
• Enhanced ServiceManager to support multiple service discovery mechanisms, including decorator-based registration, config files, and entry points.
• Implemented methods for direct service class registration and plugin discovery from various sources, improving flexibility and extensibility of service management.

• feat: Enhance LocalStorageService with Service integration and async teardown

• Updated LocalStorageService to inherit from both StorageService and Service for improved functionality.
• Added a name attribute for service identification.
• Implemented an async teardown method for future extensibility, even though no cleanup is currently needed.
• Refactored the constructor to ensure proper initialization of both parent classes.

• docs(pluggable-service-layer): add docstrings for service manager and implementations

• feat(auth): implement abstract base class for authentication services and add auth service retrieval function

• refactor(auth): move authentication logic from utils to AuthService

  Consolidate all authentication methods into the AuthService class to enable pluggable authentication implementations. The utils module now contains thin wrappers that delegate to the registered auth service.

  This allows alternative auth implementations (e.g., OIDC) to be registered via the pluggable services system while maintaining backward compatibility with existing code that imports from utils.

  Changes:

  • Move all auth logic (token creation, user validation, API key security, password hashing, encryption) to AuthService
  • Refactor utils.py to delegate to get_auth_service()
  • Update function signatures to remove settings_service parameter (now obtained from the service internally)

• refactor(auth): update authentication methods and remove settings_service parameter

  • Changed function to retrieve current user from access token instead of JWT.
  • Updated AuthServiceFactory to specify SettingsService type in create method.
  • Removed settings_service dependency from encryption and decryption functions, simplifying the code.

This refactor enhances the clarity and maintainability of the authentication logic.

• test(auth): add unit tests for AuthService and pluggable authentication

• Introduced comprehensive unit tests for AuthService, covering token creation, user validation, and authentication methods.
• Added tests for pluggable authentication, ensuring correct delegation to registered services.
• Enhanced test coverage for user authentication scenarios, including active/inactive user checks and token validation.

These additions improve the reliability and maintainability of the authentication system.

• fix(tests): update test cases to use AuthService and correct user retrieval method

• Replaced the mock for retrieving the current user from JWT to access token in the TestSuperuserCommand.
• Refactored unit tests for MCP encryption to utilize AuthService instead of a mock settings service, enhancing test reliability.
• Updated patch decorators in tests to reflect the new method of obtaining the AuthService, ensuring consistency across test cases.

These changes improve the accuracy and maintainability of the authentication tests.

• docs(pluggable-services): add auth_service to ServiceType enum documentation

• fix(auth): Add missing type hints and abstract methods to AuthServiceBase (#10710)

• [autofix.ci] apply automated fixes

• fix(auth): refactor api_key_security method to accept optional database session and improve error handling

• feat(auth): enhance AuthServiceBase with detailed design principles and JIT provisioning methods

• fix(auth): remove settings_service from encrypt/decrypt_api_key calls

After the pluggable auth refactor, encrypt_api_key and decrypt_api_key no longer take a settings_service argument - they get it internally.

• Update check_key import path in main.py (moved to crud module)
• Remove settings_service argument from calls in:
  • api/v1/api_key.py
  • api/v1/store.py
  • services/variable/service.py
  • services/variable/kubernetes.py
• Fix auth service to use session_scope() instead of non-existent get_db_service().with_session()

• fix(auth): resolve type errors and duplicate definitions in pluggable auth branch

  • Add missing imports in auth/utils.py (Final, HTTPException, status, logger, SettingsService) that prevented application startup
  • Remove duplicate NoServiceRegisteredError class in lfx/services/manager.py
  • Remove duplicate teardown method in lfx/services/storage/local.py
  • Fix invalid settings_service parameter in encrypt_api_key calls in variable/service.py and variable/kubernetes.py
  • Add proper type guards for check_key calls to satisfy mypy
  • Add null checks for password fields in users.py endpoints

• [autofix.ci] apply automated fixes

• [autofix.ci] apply automated fixes (attempt 2/3)

• [autofix.ci] apply automated fixes (attempt 3/3)

• [autofix.ci] apply automated fixes

• replace jose with pyjwt

• [autofix.ci] apply automated fixes

• starter projects

• fix BE mcp tests

• [autofix.ci] apply automated fixes

• [autofix.ci] apply automated fixes (attempt 2/3)

• remive legacy usage of session

• fix user tests

• [autofix.ci] apply automated fixes

• fix lfx tests

• starter project update

• [autofix.ci] apply automated fixes

• [autofix.ci] apply automated fixes (attempt 2/3)

• fix mypy errors

• fix mypy errors on tests

• fix tests for decrypt_api_key

• resolve conflicts in auth utils

• [autofix.ci] apply automated fixes

• [autofix.ci] apply automated fixes (attempt 2/3)

• Add pluggable authentication factory with provider enum

• Add SSO feature flags to AuthSettings

• Add SSO fields to User model

• Add SSO configuration loader with YAML support

• Add unit tests for SSO configuration loader

• Add SSO configuration database model and CRUD operations

• Add CRUD operations for SSO configuration management

• Add SSO configuration service supporting both file and database configs

• Add example SSO configuration file with W3ID and other providers

• Implement OIDC authentication service with discovery and JIT provisioning

• Update AuthServiceFactory to instantiate OIDC service when SSO enabled

• Improve JWT token validation and API key decryption error handling

• [autofix.ci] apply automated fixes

• [autofix.ci] apply automated fixes

• fix: resolve ruff linting errors in auth services and add sso-config.yaml to gitignore

• [autofix.ci] apply automated fixes

• fix: use correct function name get_current_user_from_access_token in login endpoint

• fix: remove incorrect settings_service parameter from decrypt_api_key call

• fix: correct encryption logic to properly detect plaintext vs encrypted values

• [autofix.ci] apply automated fixes

• fix tests

• [autofix.ci] apply automated fixes

• fix mypy errors

• fix tests

• [autofix.ci] apply automated fixes

• fix ruff errors

• fix tests in service

• [autofix.ci] apply automated fixes

• fix test security cors

• [autofix.ci] apply automated fixes

• fix webhook issues

• modify component index

• [autofix.ci] apply automated fixes

• [autofix.ci] apply automated fixes (attempt 2/3)

• [autofix.ci] apply automated fixes (attempt 3/3)

• fix webhook tests

• [autofix.ci] apply automated fixes

• build component index

• remove SSO functionality

• [autofix.ci] apply automated fixes

• fix variable creation

• [autofix.ci] apply automated fixes

• refactor: move MCPServerConfig schema to a separate file and update model_dump usage

• refactor: streamline AuthServiceFactory to use service_class for instance creation

• handle access token type

• [autofix.ci] apply automated fixes

• remove SSO fields from user model

• [autofix.ci] apply automated fixes

• replace is_encrypted back

• fix mypy errors

• remove sso config example

• feat: Refactor framework agnostic auth service (#11565)

• modify auth service layer

• [autofix.ci] apply automated fixes

• fix ruff errorrs

• [autofix.ci] apply automated fixes

• Update src/backend/base/langflow/services/deps.py

• address review comments

• [autofix.ci] apply automated fixes

• fix ruff errors

• remove cache

• move base to lfx

• [autofix.ci] apply automated fixes

• resolve review comments

• [autofix.ci] apply automated fixes

• [autofix.ci] apply automated fixes (attempt 2/3)

• add auth protocol

• [autofix.ci] apply automated fixes

• revert models.py execption handling

• revert wrappers to ensure backwards compatibility

• fix http error code

• fix FE tests

• fix test_variables.py

• [autofix.ci] apply automated fixes

• fix ruff errors

• fix tests

• add wrappers for create token methods

• fix ruff errors

• [autofix.ci] apply automated fixes

• update error message

• modify status code for inactive user

• fix ruff errors

• fix patch for webhook tests

• fix error message when getting active users

Co-authored-by: Gabriel Luiz Freitas Almeida gabriel@logspace.ai Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Mike Pawlowski mike.pawlowski@datastax.com Co-authored-by: Mike Pawlowski mpawlow@ca.ibm.com Co-authored-by: Copilot 198982749+Copilot@users.noreply.github.com Co-authored-by: ogabrielluiz 24829397+ogabrielluiz@users.noreply.github.com Co-authored-by: Deon Sanchez 69873175+deon-sanchez@users.noreply.github.com Co-authored-by: codeflash-ai[bot] <148906541+codeflash-ai[bot]@users.noreply.github.com>