feat: remove functionality to skip auth checks when AUTO_LOGIN is enabled, fix frontend tests, fix backend Lint and tests

[jordanrfrazier]

This pull request makes several important changes to authentication logic, configuration, and test infrastructure, focusing on simplifying the auto-login mechanism, improving security, and cleaning up related code. The changes remove deprecated flags, clarify the use of the AUTO_LOGIN setting, update related tests, and improve task management during application shutdown.

Authentication and Auto-Login Simplification:

• Removed the deprecated skip_auth_auto_login flag and associated logic, making AUTO_LOGIN the sole switch for auto-login behavior. All fallback authentication now depends on AUTO_LOGIN, and related warning messages have been updated for clarity. [1] [2] [3] [4] [5] [6] [7] [8]
• Changed the default value of AUTO_LOGIN to False for improved security in production environments.
• Enhanced the AuthSettings class with a clear_superuser_credentials flag and logic to securely clear superuser credentials from memory. The validator logic for superuser credentials was updated accordingly. [1] [2]

Testing and Test Infrastructure:

• Updated tests to reflect the new AUTO_LOGIN behavior, including skipping tests that require auto-login and adjusting expected error messages. [1] [2] [3] [4]
• Improved the use_noop_session fixture to ensure all database operations use a NoopSession, even if services are already initialized, by patching relevant service settings.
• Relaxed the performance threshold for component loading tests to reduce flakiness in CI environments.

Application Lifecycle and Task Management:

• Improved shutdown logic to properly cancel and await both sync_flows_from_fs_task and the new mcp_init_task, logging any exceptions that occur during cleanup. [1] [2] [3]

Code Quality and Type Annotations:

• Added explicit type annotations to variables in the exclude_branch_conditionally method for better clarity and type safety.

Build and Dependency Management:

• Updated the Makefile to install blockbuster and asgi_lifespan before running unit tests, ensuring all dependencies are present.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch auto-login-removals

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ogabrielluiz]

LGTM but should probably wait to merge

[mendonk]

#9731

[codeflash-ai]

⚡️ Codeflash found optimizations for this PR

📄 41% (0.41x) speedup for AuthSettings.validate_superuser in langflow/services/settings/auth.py

⏱️ Runtime : 4.80 milliseconds → 3.41 milliseconds (best of 14 runs)

I created a new dependent PR with the suggested changes. Please review:

• ⚡️ Speed up method AuthSettings.validate_superuser by 41% in PR #9674 (auto-login-removals) #9814

If you approve, it will be merged into this PR (branch auto-login-removals).

[codeflash-ai]

⚡️ Codeflash found optimizations for this PR

📄 2,736% (27.36x) speedup for ProcessManager.handle_sigterm in langflow/__main__.py

⏱️ Runtime : 2.25 milliseconds → 79.4 microseconds (best of 101 runs)

I created a new dependent PR with the suggested changes. Please review:

• ⚡️ Speed up method ProcessManager.handle_sigterm by 2,736% in PR #9674 (auto-login-removals) #9815

If you approve, it will be merged into this PR (branch auto-login-removals).

[codeflash-ai]

⚡️ Codeflash found optimizations for this PR

📄 2,283% (22.83x) speedup for ProcessManager.handle_sigint in langflow/__main__.py

⏱️ Runtime : 1.32 milliseconds → 55.2 microseconds (best of 83 runs)

I created a new dependent PR with the suggested changes. Please review:

• ⚡️ Speed up method ProcessManager.handle_sigint by 2,283% in PR #9674 (auto-login-removals) #9816

If you approve, it will be merged into this PR (branch auto-login-removals).

[codeflash-ai]

⚡️ Codeflash found optimizations for this PR

📄 47% (0.47x) speedup for ProgressIndicator._animate_step in langflow/cli/progress.py

⏱️ Runtime : 5.48 microseconds → 3.73 microseconds (best of 14 runs)

I created a new dependent PR with the suggested changes. Please review:

• ⚡️ Speed up method ProgressIndicator._animate_step by 47% in PR #9674 (auto-login-removals) #9817

If you approve, it will be merged into this PR (branch auto-login-removals).

[sonarqubecloud]

Quality Gate failed

Failed conditions
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE