Fix: unauthenticated image IDOR

[andifilhohub]

Summary

Fixes an unauthenticated IDOR in GET /api/v1/files/images/{flow_id}/{file_name}.

The endpoint was serving image files directly from storage using a bare flow_id, without enforcing authentication or ownership checks. This change brings it in line with the other file endpoints by requiring flow access through the existing get_flow dependency.

Changes

• Require authentication for image downloads
• Enforce flow ownership on /api/v1/files/images/{flow_id}/{file_name}
• Reuse existing get_flow authorization logic
• Update tests to cover:
  • owner access returns 200
  • unauthenticated access returns 403
  • other-user access returns 404

Validation

uv run pytest src/backend/tests/unit/api/v1/test_files.py -k "download_image"


<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

* **New Features**
  * Added deployment payload validation and mapping framework for provider integration
  * Enhanced multi-user authentication with improved tenant isolation for file access

* **Bug Fixes**
  * Fixed integer input fields to preserve empty state without triggering minimum value constraints

* **Improvements**
  * Enhanced CI/CD migration validation with dynamic branch-aware checks
  * Improved workflow reliability with better error handling and reporting

* **Tests**
  * Added comprehensive unit tests for deployment mappers, schemas, and input validation

* **Documentation**
  * Added payload contract ownership guidelines for deployment systems

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ec4eb684-5c94-4e3b-b835-72900ad3cb67

📥 Commits

Reviewing files that changed from the base of the PR and between cacb54d and ddfd9e5.

📒 Files selected for processing (25)

• .github/workflows/migration-validation.yml
• .secrets.baseline
• src/backend/base/langflow/api/v1/files.py
• src/backend/base/langflow/api/v1/mappers/__init__.py
• src/backend/base/langflow/api/v1/mappers/deployments/__init__.py
• src/backend/base/langflow/api/v1/mappers/deployments/base.py
• src/backend/base/langflow/initial_setup/setup.py
• src/backend/tests/unit/alembic/test_migration_execution.py
• src/backend/tests/unit/api/v1/test_deployment_mapper_base.py
• src/backend/tests/unit/api/v1/test_deployment_schemas.py
• src/backend/tests/unit/api/v1/test_files.py
• src/backend/tests/unit/api/v1/test_mcp.py
• src/frontend/src/components/core/parameterRenderComponent/components/intComponent/__tests__/IntComponent.test.tsx
• src/frontend/src/components/core/parameterRenderComponent/components/intComponent/index.tsx
• src/lfx/PLUGGABLE_SERVICES.md
• src/lfx/src/lfx/services/adapters/__init__.py
• src/lfx/src/lfx/services/adapters/deployment/__init__.py
• src/lfx/src/lfx/services/adapters/deployment/base.py
• src/lfx/src/lfx/services/adapters/deployment/payloads.py
• src/lfx/src/lfx/services/adapters/deployment/schema.py
• src/lfx/src/lfx/services/adapters/deployment/service.py
• src/lfx/src/lfx/services/adapters/payload.py
• src/lfx/src/lfx/services/interfaces.py
• src/lfx/tests/unit/services/deployment/test_deployment_schema.py
• src/lfx/tests/unit/services/deployment/test_payload_formalization.py

---

Walkthrough

This PR introduces a pluggable deployment payload mapper framework spanning the adapter and API layers. It formalizes the payload contract between providers and APIs through a slot-based validation system, adds dependency injection to file operations, implements dynamic migration testing, and updates deployment schemas to support generic payload types.

Changes

Cohort / File(s)	Summary
CI/Workflow Updates .github/workflows/migration-validation.yml, .secrets.baseline	Extended migration validation workflow with new consistency checks, pytest integration, dynamic file detection, and improved error reporting; updated baseline for shifted line numbers in deployment schema tests.
Adapter Payload System Foundation src/lfx/src/lfx/services/adapters/payload.py, src/lfx/src/lfx/services/adapters/__init__.py	Introduced PayloadSlot, PayloadSlotPolicy, AdapterPayloadValidationError, and ProviderPayloadSchemas for generic, pluggable payload validation and serialization between adapters and APIs.
Deployment Payload Schema (LFX) src/lfx/src/lfx/services/adapters/deployment/payloads.py, src/lfx/src/lfx/services/adapters/deployment/__init__.py	Added DeploymentPayloadFields, DeploymentPayloadSchemas, and 40+ type variables (T_DeploymentSpec, T_DeploymentConfig, etc.) to parameterize inbound and outbound deployment payload contracts.
Deployment Schema Generics src/lfx/src/lfx/services/adapters/deployment/schema.py	Replaced plain ProviderPayload aliases with generic types (ProviderDataModel[T], ProviderResultModel[T], etc.); added ExecutionCreate.deployment_type field; expanded SnapshotItems validation to require at least one payload source.
Deployment Service Protocol src/lfx/src/lfx/services/adapters/deployment/base.py, src/lfx/src/lfx/services/adapters/deployment/service.py, src/lfx/src/lfx/services/interfaces.py	Removed deployment_type parameter from create_execution method; added payload_schemas class variable to BaseDeploymentService for schema registration.
Deployment API Mapper Framework (Langflow) src/backend/base/langflow/api/v1/mappers/deployments/base.py, src/backend/base/langflow/api/v1/mappers/deployments/__init__.py, src/backend/base/langflow/api/v1/mappers/__init__.py	Introduced DeploymentApiPayloads, BaseDeploymentMapper (with resolve_* validation and shape_* passthrough methods), and DeploymentMapperRegistry for per-provider payload mapping.
API Schema Updates src/backend/tests/unit/api/v1/test_deployment_schemas.py	Added DeploymentCreateRequest and DeploymentConfigCreate public schema exports supporting provider payload wrapping and preservation.
File Endpoint Dependency Injection src/backend/base/langflow/api/v1/files.py	Refactored download_image to use dependency injection (Depends(get_flow), Depends(get_storage_service)) instead of direct UUID and service retrieval.
Migration Test Infrastructure src/backend/tests/unit/alembic/test_migration_execution.py	Introduced _get_main_branch_head, _filter_sqlite_noise, and TestFilterSqliteNoise for dynamic, branch-aware migration validation with SQLite-specific noise handling.
Deployment Mapper Tests src/backend/tests/unit/api/v1/test_deployment_mapper_base.py	Comprehensive unit tests for BaseDeploymentMapper and DeploymentMapperRegistry, covering slot validation, normalization policies, and registry behavior.
File Download Security Tests src/backend/tests/unit/api/v1/test_files.py	Added multi-user fixtures and cross-tenant isolation tests for image downloads, enforcing authentication and access control.
Setup and Other Backend Tests src/backend/base/langflow/initial_setup/setup.py, src/backend/tests/unit/api/v1/test_mcp.py	Simplified dict flattening logic in setup; refactored mock_user fixture in MCP tests with fixed password hash and multiline patch formatting.
Frontend IntComponent src/frontend/src/components/core/parameterRenderComponent/components/intComponent/index.tsx, src/frontend/src/components/core/parameterRenderComponent/components/intComponent/__tests__/IntComponent.test.tsx	Added early-return logic to prevent numeric clamping on empty input; introduced unit tests covering field clearing and minimum-value enforcement.
Deployment Payload Tests (LFX) src/lfx/tests/unit/services/deployment/test_deployment_schema.py, src/lfx/tests/unit/services/deployment/test_payload_formalization.py	Updated DeploymentCreateResult and ExecutionCreate signatures; added comprehensive tests for PayloadSlot, PayloadSlotPolicy, generic payload parameterization, and slot validation.
Documentation src/lfx/PLUGGABLE_SERVICES.md	Added "Payload Contract Ownership" section clarifying adapter vs. API layer boundaries, LFX-owned slot primitives, and concrete deployment slot taxonomy examples.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• #12190: Directly modifies the same deployment payload/adapter surface, including PayloadSlot, ProviderPayloadSchemas, deployment payload typevars, and Langflow deployment mapper base/registry.
• #11979: Implements the pluggable deployment service surface with overlapping deployment schemas, payload-slot types, and service/protocol abstractions.
• #12150: Alters the same deployment adapter/schema surface, modifying provider payloads, deployment payload types, and execution method signatures.

Suggested labels

lgtm

Suggested reviewers

• jordanrfrazier
• HimavarshaVS

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/unauthenticated-image-idor

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can scan for known vulnerabilities in your dependencies using OSV Scanner.

OSV Scanner will automatically detect and report security vulnerabilities in your project's dependencies. No additional configuration is required.

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	24.37% (8698/35681)	17.19% (4832/28095)	17.05% (1275/7474)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
2783	0 💤	0 ❌	0 🔥	47.123s ⏱️

[codecov]

Codecov Report

❌ Patch coverage is 99.00498% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.67%. Comparing base (8dbcbb0) to head (ddfd9e5).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...lfx/src/lfx/services/adapters/deployment/schema.py	95.23%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12233      +/-   ##
==========================================
+ Coverage   38.49%   38.67%   +0.18%     
==========================================
  Files        1630     1633       +3     
  Lines       80456    80622     +166     
  Branches    12152    12156       +4     
==========================================
+ Hits        30971    31184     +213     
+ Misses      47735    47661      -74     
- Partials     1750     1777      +27     

Flag	Coverage Δ
backend	57.45% <100.00%> (+0.09%)	⬆️
frontend	21.75% <100.00%> (+0.15%)	⬆️
lfx	44.65% <98.56%> (+0.23%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/backend/base/langflow/api/v1/files.py	73.93% <100.00%> (-1.37%)	⬇️
...d/base/langflow/api/v1/mappers/deployments/base.py	100.00% <100.00%> (ø)
src/backend/base/langflow/initial_setup/setup.py	49.93% <100.00%> (-2.01%)	⬇️
...rRenderComponent/components/intComponent/index.tsx	53.00% <100.00%> (+53.00%)	⬆️
...c/lfx/src/lfx/services/adapters/deployment/base.py	100.00% <100.00%> (ø)
...x/src/lfx/services/adapters/deployment/payloads.py	100.00% <100.00%> (ø)
...fx/src/lfx/services/adapters/deployment/service.py	100.00% <ø> (ø)
src/lfx/src/lfx/services/adapters/payload.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/services/interfaces.py	100.00% <ø> (ø)
...lfx/src/lfx/services/adapters/deployment/schema.py	94.66% <95.23%> (-0.46%)	⬇️

... and 9 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.