fix: form input/Meta field name/missing mapping (sentry bugs) (baserow#5361)

Author: jrmi

backend/src/baserow/api/utils.py

@@ -389,9 +389,6 @@ class Meta(extends_meta):
 
     attrs = {"Meta": Meta}
 
-    if field_overrides:
-        attrs.update(field_overrides)
-
     def validate(self, value):
         if required_fields:
             for field_name in required_fields:
@@ -404,7 +401,7 @@ def validate(self, value):
 
     attrs["validate"] = validate
     mixins = base_mixins or []
-    return type(
+    serializer_class = type(
         str(model_.__name__ + "Serializer"),
         (
             *mixins,
@@ -413,6 +410,18 @@ def validate(self, value):
         attrs,
     )
 
+    if field_overrides:
+        # User-facing field names are valid serializer field names, but some of
+        # them, such as "Meta" or "validate", collide with DRF class internals.
+        # Register declared fields directly so those names can be serialized
+        # without replacing the serializer configuration or methods.
+        serializer_class._declared_fields = {
+            **serializer_class._declared_fields,
+            **field_overrides,
+        }
+
+    return serializer_class
+
 
 class MappingSerializer:
     """

backend/src/baserow/contrib/automation/application_types.py

@@ -216,6 +216,7 @@ def import_serialized(
             progress.increment(
                 state=IMPORT_SERIALIZED_IMPORTING, by=integration_progress
             )
+            id_mapping.setdefault("integrations", {})  # Just in case
         else:
             self.import_integrations_serialized(
                 automation,

backend/src/baserow/contrib/automation/nodes/registries.py

@@ -5,7 +5,10 @@
 from baserow.contrib.automation.automation_dispatch_context import (
     AutomationDispatchContext,
 )
-from baserow.contrib.automation.nodes.exceptions import AutomationNodeNotReplaceable
+from baserow.contrib.automation.nodes.exceptions import (
+    AutomationNodeMisconfiguredService,
+    AutomationNodeNotReplaceable,
+)
 from baserow.contrib.automation.nodes.models import AutomationNode
 from baserow.contrib.automation.nodes.types import AutomationNodeDict, NodePositionType
 from baserow.contrib.automation.workflows.models import AutomationWorkflow
@@ -194,6 +197,12 @@ def deserialize_property(
                     integration_id, integration_id
                 )
                 integration = Integration.objects.get(id=integration_id)
+                workflow = kwargs.get("workflow")
+                if (
+                    workflow is not None
+                    and integration.application_id != workflow.automation_id
+                ):
+                    integration = None
 
             return ServiceHandler().import_service(
                 integration,
@@ -229,9 +238,32 @@ def import_serialized(
             parent,
             serialized_values,
             id_mapping,
+            workflow=parent,
             **kwargs,
         )
 
+    def _validate_service_integration_belongs_to_workflow(
+        self,
+        workflow: Optional[AutomationWorkflow],
+        service_values: Dict[str, Any],
+    ) -> None:
+        if not workflow or "integration_id" not in service_values:
+            return
+
+        integration_id = service_values["integration_id"]
+        if integration_id is None:
+            return
+
+        integration = Integration.objects.filter(id=integration_id).first()
+        if integration is None:
+            return
+
+        if integration.application_id != workflow.automation_id:
+            raise AutomationNodeMisconfiguredService(
+                f"The integration with ID {integration_id} is not related to the "
+                f"automation {workflow.automation_id}."
+            )
+
     def prepare_values(
         self,
         values: Dict[str, Any],
@@ -263,6 +295,11 @@ def prepare_values(
 
         # If we received any service values, prepare them.
         service_values = values.pop("service", None) or {}
+        workflow = instance.workflow if instance else values.get("workflow", None)
+        self._validate_service_integration_belongs_to_workflow(
+            workflow,
+            service_values,
+        )
         prepared_service_values = service_type.prepare_values(
             service_values, user, service if instance else None
         )

backend/src/baserow/contrib/automation/nodes/service.py

@@ -174,7 +174,10 @@ def create_node(
 
         node_type.before_create(workflow, reference_node, position, output)
 
-        prepared_values = node_type.prepare_values(kwargs, user)
+        prepared_values = node_type.prepare_values(
+            {**kwargs, "workflow": workflow},
+            user,
+        )
 
         # Preselect first integration if exactly one exists
         if node_type.get_service_type().integration_type:
@@ -190,7 +193,6 @@ def create_node(
 
         new_node = self.handler.create_node(
             node_type,
-            workflow=workflow,
             **prepared_values,
         )
 

backend/src/baserow/contrib/database/fields/field_types.py

@@ -53,6 +53,7 @@
 
 from dateutil import parser
 from dateutil.parser import ParserError
+from drf_spectacular.utils import extend_schema_serializer
 from loguru import logger
 from rest_framework import serializers
 
@@ -598,8 +599,7 @@ class NumberFieldType(FieldType):
             "The number_type option has been removed and can no longer be provided. "
             "Instead set number_decimal_places to 0 for an integer or 1-5 for a "
             "decimal."
-        ),
-        "_spectacular_annotation": {"exclude_fields": ["number_type"]},
+        )
     }
     _can_group_by = True
     _db_column_fields = ["number_decimal_places"]
@@ -616,6 +616,12 @@ def serialize_allowed_fields(self, field: Field) -> Dict[str, Any]:
             serialized[field_name] = value
         return serialized
 
+    def get_serializer_class(self, *args, **kwargs) -> serializers.ModelSerializer:
+        serializer_class = super().get_serializer_class(*args, **kwargs)
+        return extend_schema_serializer(exclude_fields=["number_type"])(
+            serializer_class
+        )
+
     def serialize_to_input_value(self, field: Field, value: any) -> any:
         if field.specific.number_decimal_places == 0:
             return int(value)

backend/tests/baserow/api/test_api_utils.py

@@ -391,6 +391,26 @@ def test_get_serializer_class(data_fixture):
     }
 
 
+@pytest.mark.django_db
+def test_get_serializer_class_with_fields_named_like_serializer_internals(data_fixture):
+    workspace = data_fixture.create_workspace(name="Workspace 1")
+
+    workspace_serializer = get_serializer_class(
+        Workspace,
+        ["Meta", "validate"],
+        {
+            "Meta": CharField(source="name"),
+            "validate": CharField(source="name"),
+        },
+    )(workspace)
+
+    assert workspace_serializer.data == {
+        "Meta": "Workspace 1",
+        "validate": "Workspace 1",
+    }
+    assert workspace_serializer.__class__.Meta.model == Workspace
+
+
 @override_settings(DEBUG=False)
 def test_api_error_if_url_trailing_slash_is_missing(api_client):
     invalid_url = "/api/invalid-url"

backend/tests/baserow/contrib/automation/nodes/test_node_handler.py

@@ -204,3 +204,23 @@ def test_import_node_only(data_fixture):
         "automation_workflow_nodes": {node.id: new_node.id},
         "services": {node.service_id: new_node.service_id},
     }
+
+
+@pytest.mark.django_db
+def test_import_node_only_ignores_integration_from_another_application(data_fixture):
+    workflow = data_fixture.create_automation_workflow()
+    trigger = workflow.get_trigger()
+    other_integration = data_fixture.create_local_baserow_integration()
+
+    exported_node = AutomationNodeHandler().export_node(trigger)
+    exported_node["service"]["integration_id"] = other_integration.id
+    id_mapping = {
+        "integrations": {},
+        "automation_workflow_nodes": MirrorDict(),
+    }
+
+    imported_node = AutomationNodeHandler().import_node_only(
+        workflow, exported_node, id_mapping
+    )
+
+    assert imported_node.service.specific.integration_id is None

backend/tests/baserow/contrib/automation/nodes/test_node_service.py

@@ -4,6 +4,7 @@
 
 from baserow.contrib.automation.nodes.exceptions import (
     AutomationNodeDoesNotExist,
+    AutomationNodeMisconfiguredService,
     AutomationNodeNotMovable,
     AutomationNodeReferenceNodeInvalid,
 )
@@ -144,6 +145,30 @@ def test_create_node_permission_error(data_fixture: Fixtures):
     )
 
 
+@pytest.mark.django_db
+def test_create_node_rejects_integration_from_another_application(data_fixture):
+    user = data_fixture.create_user()
+    workflow = data_fixture.create_automation_workflow(user)
+    other_integration = data_fixture.create_local_baserow_integration(user=user)
+
+    with pytest.raises(AutomationNodeMisconfiguredService) as exc:
+        AutomationNodeService().create_node(
+            user,
+            automation_node_type_registry.get("local_baserow_create_row"),
+            workflow,
+            reference_node_id=workflow.get_trigger().id,
+            position="south",
+            output="",
+            service={"integration_id": other_integration.id},
+        )
+
+    assert (
+        str(exc.value)
+        == f"The integration with ID {other_integration.id} is not related to the "
+        f"automation {workflow.automation_id}."
+    )
+
+
 @pytest.mark.django_db
 def test_get_node(data_fixture: Fixtures):
     user = data_fixture.create_user()
@@ -779,6 +804,26 @@ def test_update_node_updates_workflow_dirty_cache(data_fixture):
     assert global_cache.get(cache_key, default=False) is True
 
 
+@pytest.mark.django_db
+def test_update_node_rejects_integration_from_another_application(data_fixture):
+    user = data_fixture.create_user()
+    node = data_fixture.create_local_baserow_create_row_action_node(user=user)
+    other_integration = data_fixture.create_local_baserow_integration(user=user)
+
+    with pytest.raises(AutomationNodeMisconfiguredService) as exc:
+        AutomationNodeService().update_node(
+            user,
+            node.id,
+            service={"integration_id": other_integration.id},
+        )
+
+    assert (
+        str(exc.value)
+        == f"The integration with ID {other_integration.id} is not related to the "
+        f"automation {node.workflow.automation_id}."
+    )
+
+
 @pytest.mark.django_db
 def test_create_node_updates_workflow_dirty_cache(data_fixture):
     """

backend/tests/baserow/contrib/automation/test_automation_application_types.py

@@ -228,6 +228,28 @@ def test_automation_application_import(data_fixture):
     )
 
 
+@pytest.mark.django_db
+def test_automation_application_import_initializes_integrations_mapping(data_fixture):
+    workspace = data_fixture.create_workspace()
+    id_mapping = {}
+
+    AutomationApplicationType().import_serialized(
+        workspace,
+        {
+            "id": 1,
+            "name": "Sample automation",
+            "order": 1,
+            "type": "automation",
+            "integrations": [],
+            "workflows": [],
+        },
+        ImportExportConfig(include_permission_data=True),
+        id_mapping,
+    )
+
+    assert id_mapping["integrations"] == {}
+
+
 @pytest.mark.django_db
 def test_fetch_workflows_to_serialize_without_user(data_fixture):
     workflow = data_fixture.create_automation_workflow(name="test")

backend/tests/baserow/contrib/database/api/rows/test_row_serializers.py

@@ -578,6 +578,28 @@ def test_get_row_serializer_with_user_field_names(
     assert test_result == expected_result
 
 
+@pytest.mark.django_db
+def test_get_row_serializer_with_user_field_names_named_meta(data_fixture):
+    table = data_fixture.create_database_table(name="Cars")
+    text_field = data_fixture.create_text_field(table=table, order=0, name="Meta")
+
+    model = table.get_model()
+    row = model.objects.create(**{f"field_{text_field.id}": "Test value"})
+
+    serialized_row = get_row_serializer_class(
+        model,
+        RowSerializer,
+        is_response=True,
+        user_field_names=True,
+    )(row).data
+
+    assert serialized_row == {
+        "id": 1,
+        "order": "1.00000000000000000000",
+        "Meta": "Test value",
+    }
+
+
 @pytest.mark.django_db
 def test_remap_serialized_row_to_user_field_names(data_fixture):
     user = data_fixture.create_user()