Merge branch 'remove-dojo-async-task-base-task' into remove-dojo-async-task-base-task-bugfix

# Conflicts:
#	helm/defectdojo/Chart.yaml

Author: valentijnscholten

.github/workflows/renovate.yaml

@@ -21,4 +21,4 @@ jobs:
         uses: suzuki-shunsuke/github-action-renovate-config-validator@ca480cb7ec89a9e1cd8c214ad33bda1617184027 # v2.0.0
         with:
           strict: "true"
-          validator_version: 42.92.5 # renovate: datasource=github-releases depName=renovatebot/renovate
+          validator_version: 43.2.4 # renovate: datasource=github-releases depName=renovatebot/renovate

docker-compose.yml

@@ -120,7 +120,7 @@ services:
           source: ./docker/extra_settings
           target: /app/docker/extra_settings
   postgres:
-    image: postgres:18.1-alpine@sha256:4eb15de8e7b692c02427a2df278d18eb89422a534e428efb6d43c968250334d4
+    image: postgres:18.1-alpine@sha256:aa6eb304ddb6dd26df23d05db4e5cb05af8951cda3e0dc57731b771e0ef4ab29
     environment:
       POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo}
       POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo}

docs/content/en/open_source/upgrading/2.56.md

@@ -0,0 +1,7 @@
+---
+title: 'Upgrading to DefectDojo Version 2.56.x'
+toc_hide: true
+weight: -20260203
+description: No special instructions.
+---
+There are no special instructions for upgrading to 2.56.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0) for the contents of the release.

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.55.0"
+__version__ = "2.56.0-dev"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"  # noqa: RUF067
 __docs__ = "https://documentation.defectdojo.com"  # noqa: RUF067

dojo/api_v2/views.py

@@ -46,6 +46,7 @@
 )
 from dojo.api_v2.prefetch.prefetcher import _Prefetcher
 from dojo.authorization.roles_permissions import Permissions
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.cred.queries import get_authorized_cred_mappings
 from dojo.endpoint.queries import (
     get_authorized_endpoint_status,
@@ -679,13 +680,13 @@ def update_jira_epic(self, request, pk=None):
         try:
 
             if engagement.has_jira_issue:
-                jira_helper.update_epic(engagement.id, **request.data)
+                dojo_dispatch_task(jira_helper.update_epic, engagement.id, **request.data)
                 response = Response(
                     {"info": "Jira Epic update query sent"},
                     status=status.HTTP_200_OK,
                 )
             else:
-                jira_helper.add_epic(engagement.id, **request.data)
+                dojo_dispatch_task(jira_helper.add_epic, engagement.id, **request.data)
                 response = Response(
                     {"info": "Jira Epic create query sent"},
                     status=status.HTTP_200_OK,

dojo/celery.py

@@ -12,16 +12,56 @@
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "dojo.settings.settings")
 
 
-class PgHistoryTask(Task):
+class DojoAsyncTask(Task):
+
+    """
+    Base task class that provides dojo_async_task functionality without using a decorator.
+
+    This class:
+    - Injects user context into task kwargs
+    - Tracks task calls for performance testing
+    - Supports all Celery features (signatures, chords, groups, chains)
+    """
+
+    def apply_async(self, args=None, kwargs=None, **options):
+        """Override apply_async to inject user context and track tasks."""
+        from dojo.decorators import dojo_async_task_counter  # noqa: PLC0415 circular import
+        from dojo.utils import get_current_user  # noqa: PLC0415 circular import
+
+        if kwargs is None:
+            kwargs = {}
+
+        # Inject user context if not already present
+        if "async_user" not in kwargs:
+            kwargs["async_user"] = get_current_user()
+
+        # Control flag used for sync/async decision; never pass into the task itself
+        kwargs.pop("sync", None)
+
+        # Track dispatch
+        dojo_async_task_counter.incr(
+            self.name,
+            args=args,
+            kwargs=kwargs,
+        )
+
+        # Call parent to execute async
+        return super().apply_async(args=args, kwargs=kwargs, **options)
+
+
+class PgHistoryTask(DojoAsyncTask):
 
     """
     Custom Celery base task that automatically applies pghistory context.
 
-    When a task is dispatched via dojo_async_task, the current pghistory
-    context is captured and passed in kwargs as "_pgh_context". This base
-    class extracts that context and applies it before running the task,
-    ensuring all database events share the same context as the original
-    request.
+    This class inherits from DojoAsyncTask to provide:
+    - User context injection and task tracking (from DojoAsyncTask)
+    - Automatic pghistory context application (from this class)
+
+    When a task is dispatched via dojo_dispatch_task or dojo_async_task, the current
+    pghistory context is captured and passed in kwargs as "_pgh_context". This base
+    class extracts that context and applies it before running the task, ensuring all
+    database events share the same context as the original request.
     """
 
     def __call__(self, *args, **kwargs):

dojo/celery_dispatch.py

@@ -0,0 +1,95 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Any, Protocol, cast
+
+from celery.canvas import Signature
+
+if TYPE_CHECKING:
+    from collections.abc import Mapping
+
+
+class _SupportsSi(Protocol):
+    def si(self, *args: Any, **kwargs: Any) -> Signature: ...
+
+
+class _SupportsApplyAsync(Protocol):
+    def apply_async(self, args: Any | None = None, kwargs: Any | None = None, **options: Any) -> Any: ...
+
+
+def _inject_async_user(kwargs: Mapping[str, Any] | None) -> dict[str, Any]:
+    result: dict[str, Any] = dict(kwargs or {})
+    if "async_user" not in result:
+        from dojo.utils import get_current_user  # noqa: PLC0415 circular import
+
+        result["async_user"] = get_current_user()
+    return result
+
+
+def _inject_pghistory_context(kwargs: Mapping[str, Any] | None) -> dict[str, Any]:
+    """Capture and inject pghistory context if available."""
+    result: dict[str, Any] = dict(kwargs or {})
+    if "_pgh_context" not in result:
+        from dojo.pghistory_utils import get_serializable_pghistory_context  # noqa: PLC0415 circular import
+
+        if pgh_context := get_serializable_pghistory_context():
+            result["_pgh_context"] = pgh_context
+    return result
+
+
+def dojo_create_signature(task_or_sig: _SupportsSi | Signature, *args: Any, **kwargs: Any) -> Signature:
+    """
+    Build a Celery signature with DefectDojo user context and pghistory context injected.
+
+    - If passed a task, returns `task_or_sig.si(*args, **kwargs)`.
+    - If passed an existing signature, returns a cloned signature with merged kwargs.
+    """
+    injected = _inject_async_user(kwargs)
+    injected = _inject_pghistory_context(injected)
+    injected.pop("countdown", None)
+
+    if isinstance(task_or_sig, Signature):
+        merged_kwargs = {**(task_or_sig.kwargs or {}), **injected}
+        return task_or_sig.clone(kwargs=merged_kwargs)
+
+    return task_or_sig.si(*args, **injected)
+
+
+def dojo_dispatch_task(task_or_sig: _SupportsSi | _SupportsApplyAsync | Signature, *args: Any, **kwargs: Any) -> Any:
+    """
+    Dispatch a task/signature using DefectDojo semantics.
+
+    - Inject `async_user` if missing.
+    - Capture and inject pghistory context if available.
+    - Respect `sync=True` (foreground execution) and user `block_execution`.
+    - Support `countdown=<seconds>` for async dispatch.
+
+    Returns:
+    - async: AsyncResult-like return from Celery
+    - sync: underlying return value of the task
+
+    """
+    from dojo.decorators import dojo_async_task_counter, we_want_async  # noqa: PLC0415 circular import
+
+    countdown = cast("int", kwargs.pop("countdown", 0))
+    injected = _inject_async_user(kwargs)
+    injected = _inject_pghistory_context(injected)
+
+    sig = dojo_create_signature(task_or_sig if isinstance(task_or_sig, Signature) else cast("_SupportsSi", task_or_sig), *args, **injected)
+    sig_kwargs = dict(sig.kwargs or {})
+
+    if we_want_async(*sig.args, func=getattr(sig, "type", None), **sig_kwargs):
+        # DojoAsyncTask.apply_async tracks async dispatch. Avoid double-counting here.
+        return sig.apply_async(countdown=countdown)
+
+    # Track foreground execution as a "created task" as well (matches historical dojo_async_task behavior)
+    dojo_async_task_counter.incr(str(sig.task), args=sig.args, kwargs=sig_kwargs)
+
+    sig_kwargs.pop("sync", None)
+    sig = sig.clone(kwargs=sig_kwargs)
+    eager = sig.apply()
+    try:
+        return eager.get(propagate=True)
+    except RuntimeError:
+        # Since we are intentionally running synchronously, we can propagate exceptions directly, and enable sync subtasks
+        # If the requests desires this. Celery docs explain that this is a rare use case, but we support it _just in case_
+        return eager.get(propagate=True, disable_sync_subtasks=False)

dojo/endpoint/views.py

@@ -18,6 +18,7 @@
 from dojo.authorization.authorization import user_has_permission_or_403
 from dojo.authorization.authorization_decorators import user_is_authorized
 from dojo.authorization.roles_permissions import Permissions
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.endpoint.queries import get_authorized_endpoints_for_queryset
 from dojo.endpoint.utils import clean_hosts_run, endpoint_meta_import
 from dojo.filters import EndpointFilter, EndpointFilterWithoutObjectLookups
@@ -345,7 +346,7 @@ def endpoint_bulk_update_all(request, pid=None):
             product_calc = list(Product.objects.filter(endpoint__id__in=endpoints_to_update).distinct())
             endpoints.delete()
             for prod in product_calc:
-                calculate_grade(prod.id)
+                dojo_dispatch_task(calculate_grade, prod.id)
 
             if skipped_endpoint_count > 0:
                 add_error_message_to_response(f"Skipped deletion of {skipped_endpoint_count} endpoints because you are not authorized.")

dojo/engagement/services.py

@@ -5,6 +5,7 @@
 from django.dispatch import receiver
 
 import dojo.jira_link.helper as jira_helper
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.models import Engagement
 
 logger = logging.getLogger(__name__)
@@ -16,7 +17,7 @@ def close_engagement(eng):
     eng.save()
 
     if jira_helper.get_jira_project(eng):
-        jira_helper.close_epic(eng.id, push_to_jira=True)
+        dojo_dispatch_task(jira_helper.close_epic, eng.id, push_to_jira=True)
 
 
 def reopen_engagement(eng):

dojo/engagement/views.py

@@ -37,6 +37,7 @@
 from dojo.authorization.authorization import user_has_permission_or_403
 from dojo.authorization.authorization_decorators import user_is_authorized
 from dojo.authorization.roles_permissions import Permissions
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.endpoint.utils import save_endpoints_to_add
 from dojo.engagement.queries import get_authorized_engagements
 from dojo.engagement.services import close_engagement, reopen_engagement
@@ -392,7 +393,7 @@ def copy_engagement(request, eid):
         form = DoneForm(request.POST)
         if form.is_valid():
             engagement_copy = engagement.copy()
-            calculate_grade(product.id)
+            dojo_dispatch_task(calculate_grade, product.id)
             messages.add_message(
                 request,
                 messages.SUCCESS,