… server with a username/password (#3002)

* Support LDAP servers where one doesn't first have to bind to the LDAP server with a username/password

* Address code climate things

* Don't force an order by created date - any usecases that want
this already request it explicitly and it breaks the search
function that wants to order by best match.

* Fix the logic so that we fall back to a default search order when there's
no search term, rather than when there is one and we should use the
best-match ordering.

* Remove accidentially added blank line

* Update CardsList to use old markup

* CR

…3678)

* extract time limit decisions to a dynamic settings function

* introduce environment variable for scheduled query time limits

* pass in org_id to query_time_limit

* add an interaction test that verifies that time limits are applied to
jobs

* really important newlines according to CodeClimate

* Add rate limits for user resources.

* Disable rate limiting in tests (except for tests that need it).

* Update strings to unicode to avoid SQLA warnings

## What type of PR is this? (check all applicable)

- [x] Bug Fix

## Description

Without this change the Help Drawer couldn't load content anymore.

## Related Tickets & Documents

#3404

## What type of PR is this? (check all applicable)
<!-- Please leave only what's applicable -->

- [x] Refactor
- [x] Bug Fix

## Description

This basically makes sure that when import the redash package we don't accidentally trigger import-time side-effects such as requiring Redis.

Refs #3569 and #3466.

* feature: add couchbase query runner

* fix style

* fix style

* fix style

* fix naming due to convention

* extracting protocol as parameter

* support multiple associations of the same query-based dropdown parameter

* include several query-based parameters in association tests

This would for example allow adding custom job labels (https://cloud.google.com/bigquery/docs/adding-using-labels#job-label) for easier accounting.

Closes #3727

Closes #3739

Nodejs has set max header size to 8k in http_parser,
need to provide a larger header size to make the proxy work.

* Fix query based parameter value null when created

* Use toString to avoid having 'null' string

* Support for time format

* Add selects test

* Rename into date_time_format_config

…3756)

* add an endpoint for fetching job using a query's api_key

* when unauthenticated, use api_key to get job, and fetch the latest query
result (as opposed to fetching the query result by ID)

* add 'refresh dataset' button to parameters directive

* fix scope error introduced by earlier commit

* show timer when refreshing results

* Show input for missing parameters in embedded visualizations (#3741)

* Redirect to default parameter values when parameters are missing in
embedded visualizations

* Revert "Redirect to default parameter values when parameters are missing in"

This reverts commit 43c6550.

* load all data after page is loaded

* return no data only when parameters are missing

* data binding no longer required

* show an error on embeds that fail to load

* data binding no longer required

* present full-page error when dealing with unsafe queries

* don't render the execute button for each parameter

* show 'missing parameter value' error

* Don't reload the whole page when parameter value changes.

* Set API key and load config before rendering.

* Add Query#hasParameters method.

* Don't show download controls for parameterized queries (they won't work).

* Use getUrl to construct a correct query link.

* WIP: have a single way to load results

1. This preloads the query before rendering the page, so we can benefit from using default parameters & make the logic in component simpler.
2. Use a single way to load results, to make sure we do polling when try to load the query results for the first time.

* Show persistent errors and finish loading logic.

* Check if query is safe and show message otherwise.

* Fix test for unsafe parameters embed.

* wait for query results to return before taking snapshot

(Also used for the Slack snapshots)

* Safe implementation of describe_all.

* autopep8.

…3154)

https://docs.angularjs.org/error/ngRepeat/dupes

* provide queryId when fetching query results in order to allow query-based api-key authentication to work properly

* cypress test to verify that embeds without parameters are shared succesfully

* rename Percy snapshot

* propagate `isDirty` down to `QueryBasedParameterInput`

* go to /api/:id/dropdown while editing a query, since dropdown queries might still not be associated with the parent. see #3711

* show helpful error message if dropdown values cannot be fetched

* use backticks instead of line concatenation

* remove requirement to have direct access to dropdown query in order validate it. parent query association checks are sufficient

* remove isDirty-based implementation and allow dropdown queries through nested ACL even if they aren't associated yet (given that the user has _direct_ access to the dropdown query)

* fix tests to cover all cases for /api/queries/:id/dropdowns/:id

* fix indentation

* require access to the query, not the data source

* use require_access instead of has_access

* Migrate Organization Settings to React

* Fix failing spec and replace default values from inputs

* Add HelpTrigger and handleChange to SAML options

* Undo changes to ant-variables.less

* Add time format to OrganizationSettings

…nt. (#3790)

PyHive expects only None as no password.

Happened with INSERT/UPDATE queries.

* filtered tag remove empty name at edit query

* use filter

…be cancelled (#3003)

* If MySQL returns multiple resultSets (eg when executing multiple statements, or calling stored procedures) then use the last resultSet that has columns

* Make cancellation of a MySQL query work (the same way the C client does it)

* Address code climate moans

… type to Static; cannot change static value (#3800)

* Edit parameter mapping: error when trying to change mapping type to Static

* Parameter mapping editor: cannot change static value

* Update Antd

* Migrate Embed Query Dialog to React

* Update jest ScheduleDialog snapshot

* Add Alert for unsafe queries

* Add CodeBlock

* Add inputs to change iframe size

* Undo ant update

* Update share embed spec

* Update styling

* Change border-radius to 2px

* Update margin between Public URL and IFrame Embed

* Add touch state to parameters and autoupdate query

* Use values change event instead of $watch

* Remove getQueryResultDebounced

* Add Apply button

* Remove Input Number spinners for Parameters

* Make Apply Button optional

* Update share_embed_spec

* Change debounce to the Parameters component

* Remove unnecessary click on Execute query

* Add apply button to the remaining places

* Update dashboard_spec

* Use onKeyUp for InputNumber

* Simplify onParametersValuesChanged

* Update DateTime onChange function

* Don't apply when modifier key is pressed

* Remove refresh Button from Parameters

* Update apply button styling

* Update apply right distance

* Remove debounce for testing

* Use data-dirty instead of classNames for styling

* Make sure $apply runs before calling onChange

* Dashboard grid React migration

* Updated tests

* Fixes comments

* One col layout

* Tests unskipped

* Test fixes

* Test fix

* AutoHeight feature

* Kebab-cased

* Get rid of lazyInjector

* Replace react-grid-layout with patched fork to fix performance issues

* Fix issue with initial layout when page has a scrollbar

* Decrease polling interval (500ms is too slow)

* Rename file to match it's contents

* Added some notes and very minor fixes

* Fix Remove widget button (should be visible only in editing mode); fix widget actions menu

* Fixed missing grid markings

* Enhanced resize handle

* Updated placeholder color

* Render DashboardGrid only when dashboard is loaded

* plug custom celery tasks via dynamic settings

* an extra blank line

* Create SECURITY.md

* Update SECURITY.md

Co-Authored-By: Gabriel Dutra <[email protected]>

…point (#3831)

* Decouple extensions from Flask app.

This separates the extension registry from the Flask app and also introduces a separate registry for preriodic tasks.

Fix #3466.

* Address review feedback.

* Update redash/extensions.py

Co-Authored-By: jezdez <[email protected]>

* Minor comment in requirements.

* Refactoring after getting feedback.

* Uncoupled bin/bundle-extensions from Flas app instance.

* Load bundles in bundle script and don’t rely on Flask.

* Upgraded to importlib-metadata 0.9.

* Add missing requirement.

* Fix TypeError.

* Added requirements for bundle_extension script.

* Install bundles requirement file correctly.

* Decouple bundle loading code from Redash.

* Install bundle requirements from requirements.txt.

* Use circleci/node for build-docker-image step, too.

* CSV: correctly serialize booleans and dates.

Closes #3736, closes #2751.

* pep8 fixes

* Move column iteration to a helper function.

* Use elif, as types are mutually exclusive.

* Refactor parsing implementation.

* Move the csv generation fucntion

…th other components (#3864)

…3868)

* Update PromiseRejectionError to show error message from API response

* Update version to 8.0.0-beta.

* Revert "Update version to 8.0.0-beta."

This reverts commit c8fa749.

* Bump flask from 0.11.1 to 0.12.3

Bumps [flask](https://github.com/pallets/flask) from 0.11.1 to 0.12.3.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/master/CHANGES.rst)
- [Commits](pallets/flask@0.11.1...0.12.3)

* Bump to Flask 0.12.4 to fix an issue

* remove legacy session identifier support

* remove redundant test

* redirect to login to support any invalid session identifiers

* be more specific with caught errors

…3875)

* Upgrade gspread 3.1.0 for supporting team drive

Signed-off-by: koooge <[email protected]>

* Revert "Upgrade gspread 3.1.0 for supporting team drive"

This reverts commit e53e8cb.

* Upgrade gspread 3.1.0 for supporting team drive

Signed-off-by: koooge <[email protected]>

* Update Sheets query runner name

* remove legacy session identifier support

* remove redundant test

* redirect to login to support any invalid session identifiers

* be more specific with caught errors

* fix refresh for public dashboards

* Drawer menu with recreated close button

* Added “Open in new window” drawer menu button (#3890)