Fix: configuration and export problems

andrea-chirillano · andrea-chirillano · commit 21687faafdf4 · 2026-03-13T16:46:43.000Z
diff --git a/api/serializers.py b/api/serializers.py
@@ -9,6 +9,7 @@
     SavedFeatureSelection,
     validate_aoi,
     validate_mbtiles,
+    normalize_not_in,
     PartnerExportRegion,
 )
 from rest_framework import serializers
@@ -73,11 +74,23 @@ class Meta:
 
 class ConfigurationSerializer(serializers.ModelSerializer):
     user = UserSerializer(read_only=True, default=serializers.CurrentUserDefault())
+    # Override to bypass model-level validators; normalization + validation run in validate_yaml.
+    yaml = serializers.CharField(validators=[])
 
     class Meta:
         model = SavedFeatureSelection
         fields = ("uid", "name", "description", "yaml", "public", "user", "pinned")
 
+    def validate_yaml(self, value):
+        from django.core.exceptions import ValidationError as DjangoValidationError
+        from jobs.models import validate_feature_selection
+        normalized = normalize_not_in(value)
+        try:
+            validate_feature_selection(normalized)
+        except DjangoValidationError as e:
+            raise serializers.ValidationError(e.messages)
+        return normalized
+
 
 class JobGeomSerializer(serializers.ModelSerializer):
     """Since Job Geoms can be large, these are serialized separately,
@@ -89,7 +102,8 @@ class Meta:
 
 
 class JobSerializer(serializers.ModelSerializer):
-    user = UserSerializer(default=serializers.CurrentUserDefault())
+    user = UserSerializer(read_only=True)
+    feature_selection = serializers.CharField(validators=[])
 
     class Meta:
         model = Job
@@ -121,6 +135,9 @@ class Meta:
             "simplified_geom": {"read_only": True},
         }
 
+    def validate_feature_selection(self, value):
+        return _validate_and_normalize_feature_selection(value)
+
     def validate(self, data):
         try:
             validate_aoi(data["the_geom"])
@@ -142,6 +159,17 @@ def validate_model(model):
         raise serializers.ValidationError(e.message_dict)
 
 
+def _validate_and_normalize_feature_selection(value):
+    from django.core.exceptions import ValidationError as DjangoValidationError
+    from jobs.models import validate_feature_selection as _validate_fs
+    normalized = normalize_not_in(value)
+    try:
+        _validate_fs(normalized)
+    except DjangoValidationError as e:
+        raise serializers.ValidationError(e.messages)
+    return normalized
+
+
 class PartnerExportRegionListSerializer(serializers.ModelSerializer):
     export_formats = serializers.ListField()
     feature_selection = serializers.CharField()
@@ -175,6 +203,9 @@ class PartnerExportRegionSerializer(serializers.ModelSerializer):  # noqa
     event = serializers.CharField()
     description = serializers.CharField()
 
+    def validate_feature_selection(self, value):
+        return _validate_and_normalize_feature_selection(value)
+
     class Meta:  # noqa
         model = PartnerExportRegion
         fields = (
@@ -332,6 +363,9 @@ class HDXExportRegionSerializer(serializers.ModelSerializer):  # noqa
     name = serializers.CharField()
     buffer_aoi = serializers.BooleanField()
 
+    def validate_feature_selection(self, value):
+        return _validate_and_normalize_feature_selection(value)
+
     def validate(self, data):
         """
         Check for export formats for country exports.
diff --git a/api/views.py b/api/views.py
@@ -151,7 +151,7 @@ def perform_create(self, serializer):
             raise ValidationError(
                 {"the_geom": ["You are rate limited to 5 exports per hour."]}
             )
-        job = serializer.save()
+        job = serializer.save(user=self.request.user)
         task_runner = ExportTaskRunner()
         task_runner.run_task(job_uid=str(job.uid))
 
diff --git a/jobs/models.py b/jobs/models.py
@@ -116,10 +116,24 @@ def validate_export_formats(value):
             )
 
 
+def normalize_not_in(yaml_text):
+    """Rewrite NOT IN (...) clauses to chained != conditions.
+
+    The osm-export-tool-python SQL parser does not support NOT IN.
+    Example: highway NOT IN ('footway', 'path') -> highway != 'footway' AND highway != 'path'
+    """
+    def expand(match):
+        col = match.group(1)
+        values = [v.strip().strip("'\"") for v in match.group(2).split(",")]
+        return " AND ".join(f"{col} != '{v}'" for v in values)
+
+    return re.sub(r"([\w:]+)\s+NOT\s+IN\s*\(([^)]+)\)", expand, yaml_text, flags=re.IGNORECASE)
+
+
 def validate_feature_selection(value):
     from osm_export_tool.mapping import Mapping
 
-    m, errors = Mapping.validate(value)
+    m, errors = Mapping.validate(normalize_not_in(value))
     if not m:
         raise ValidationError(errors)
 
diff --git a/requirements.txt b/requirements.txt
@@ -40,7 +40,7 @@ dramatiq-abort==1.0
 python3-openid
 
 # Hanko SSO Authentication
-hotosm-auth[django]==0.2.9
+hotosm-auth[django]==0.2.10
 
 ##testing
 pytest==7.4.3
diff --git a/ui/app/actions/meta.js b/ui/app/actions/meta.js
@@ -129,8 +129,7 @@ export const checkHankoAuth = () => (dispatch) => {
     withCredentials: true
   })
     .then(rsp => {
-      if (rsp.data && rsp.data.auth_provider === "hanko") {
-        // Set isLoggedIn = true by dispatching LOGIN_SUCCESS with a placeholder token
+      if (rsp.data && rsp.data.user_id) {
         dispatch({
           type: LOGIN_SUCCESS,
           token: "hanko-cookie-auth",
diff --git a/ui/hanko_helpers.py b/ui/hanko_helpers.py
@@ -1,6 +1,5 @@
 import logging
 from typing import Optional
-from django.conf import settings
 from django.contrib.auth.models import User
 from rest_framework.authentication import BaseAuthentication
 
@@ -11,9 +10,6 @@
 
 class HankoAuthentication(BaseAuthentication):
     def authenticate(self, request):
-        if getattr(settings, 'AUTH_PROVIDER', 'legacy') != 'hanko':
-            return None
-
         if not hasattr(request, 'hotosm') or not request._request.hotosm.user:
             return None
 
@@ -57,10 +53,7 @@ def find_legacy_user_by_osm_id(osm_id: int) -> Optional[User]:
 def find_legacy_user_by_email(email: str) -> Optional[User]:
     if not email:
         return None
-    try:
-        return User.objects.get(email=email)
-    except User.DoesNotExist:
-        return None
+    return User.objects.filter(email=email).order_by('id').first()
 
 
 def create_export_tool_user(
@@ -91,28 +84,4 @@ def get_mapped_django_user(request) -> Optional[User]:
 
 
 def is_hanko_authenticated(request):
-    if getattr(settings, 'AUTH_PROVIDER', 'legacy') != 'hanko':
-        return False
     return hasattr(request, 'hotosm') and request.hotosm.user is not None
-
-
-def require_hanko_auth(view_func):
-    from functools import wraps
-    from django.http import JsonResponse
-
-    @wraps(view_func)
-    def wrapper(request, *args, **kwargs):
-        if getattr(settings, 'AUTH_PROVIDER', 'legacy') == 'hanko':
-            if not is_hanko_authenticated(request):
-                return JsonResponse(
-                    {"error": "Not authenticated"},
-                    status=401
-                )
-        else:
-            if not request.user.is_authenticated:
-                return JsonResponse(
-                    {"error": "Not authenticated"},
-                    status=401
-                )
-        return view_func(request, *args, **kwargs)
-    return wrapper
diff --git a/ui/package.json b/ui/package.json
@@ -4,7 +4,6 @@
   "dependencies": {
     "@blueprintjs/core": "^1.24.0",
     "@blueprintjs/datetime": "^1.19.0",
-    "@hotosm/hanko-auth": "0.5.1",
     "@hotosm/iso-countries-languages": "^1.0.2",
     "@turf/area": "^4.6.0",
     "@turf/bbox": "^4.6.0",
diff --git a/ui/views.py b/ui/views.py
@@ -114,28 +114,17 @@ class ApplicationAdmin(admin.ModelAdmin):
 
 @require_http_methods(["GET"])
 def auth_me(request):
-    if getattr(settings, 'AUTH_PROVIDER', 'legacy') == 'hanko':
-        if not is_hanko_authenticated(request):
-            return JsonResponse(
-                {"error": "Not authenticated"},
-                status=401
-            )
-
-        hanko_user = request.hotosm.user
+    if is_hanko_authenticated(request):
         django_user = get_mapped_django_user(request)
+        if not django_user:
+            return JsonResponse({"error": "Not authenticated"}, status=401)
 
         response_data = {
-            "hanko_user_id": hanko_user.id,
-            "email": hanko_user.email,
-            "auth_provider": "hanko",
+            "user_id": django_user.id,
+            "username": django_user.username,
+            "email": django_user.email,
         }
 
-        if django_user:
-            response_data.update({
-                "user_id": django_user.id,
-                "username": django_user.username,
-            })
-
         if hasattr(request.hotosm, 'osm') and request.hotosm.osm:
             osm = request.hotosm.osm
             response_data.update({
@@ -144,71 +133,55 @@ def auth_me(request):
             })
 
         return JsonResponse(response_data)
-    else:
-        if not request.user.is_authenticated:
-            return JsonResponse(
-                {"error": "Not authenticated"},
-                status=401
-            )
 
-        return JsonResponse({
-            "user_id": request.user.id,
-            "username": request.user.username,
-            "email": request.user.email,
-            "auth_provider": "legacy",
-        })
+    if not request.user.is_authenticated:
+        return JsonResponse({"error": "Not authenticated"}, status=401)
+
+    return JsonResponse({
+        "user_id": request.user.id,
+        "username": request.user.username,
+        "email": request.user.email,
+    })
 
 
 @require_http_methods(["GET"])
 def auth_status(request):
     from hotosm_auth_django import get_mapped_user_id
 
-    if getattr(settings, 'AUTH_PROVIDER', 'legacy') != 'hanko':
-        return JsonResponse({
-            "auth_provider": "legacy",
-            "authenticated": request.user.is_authenticated if hasattr(request, 'user') else False,
-        })
-
     if not is_hanko_authenticated(request):
         return JsonResponse({
-            "auth_provider": "hanko",
-            "authenticated": False,
+            "authenticated": request.user.is_authenticated if hasattr(request, 'user') else False,
             "hanko_authenticated": False,
+            "needs_onboarding": False,
         })
 
     hanko_user = request.hotosm.user
     mapped_user_id = get_mapped_user_id(hanko_user, app_name=APP_NAME)
 
     if mapped_user_id is not None:
         try:
-            django_user_id = int(mapped_user_id)
-            user = User.objects.get(id=django_user_id)
+            user = User.objects.get(id=int(mapped_user_id))
             return JsonResponse({
-                "auth_provider": "hanko",
                 "authenticated": True,
+                "hanko_authenticated": True,
                 "needs_onboarding": False,
                 "user": {
                     "id": user.id,
                     "username": user.username,
                     "email": user.email,
                 },
-                "hanko_user": {
-                    "id": hanko_user.id,
-                    "email": hanko_user.email,
-                }
             })
         except User.DoesNotExist:
             pass
 
     return JsonResponse({
-        "auth_provider": "hanko",
         "authenticated": False,
-        "needs_onboarding": True,
         "hanko_authenticated": True,
+        "needs_onboarding": True,
         "hanko_user": {
             "id": hanko_user.id,
             "email": hanko_user.email,
-        }
+        },
     })
 
 

Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,7 @@ def perform_create(self, serializer):`
`151`	`151`	`raise ValidationError(`
`152`	`152`	`{"the_geom": ["You are rate limited to 5 exports per hour."]}`
`153`	`153`	`)`
`154`		`- job = serializer.save()`
	`154`	`+ job = serializer.save(user=self.request.user)`
`155`	`155`	`task_runner = ExportTaskRunner()`
`156`	`156`	`task_runner.run_task(job_uid=str(job.uid))`
`157`	`157`