fix (backend): improve user isolation for session queue and recall parameters

lstein · lstein · commit b86e289aed4d · 2026-04-09T21:26:14.000-04:00
- Sanitize session queue information of all cross-user fields except for the timestamps and status.
 - Recall parameters are now user-scoped.
 - Queue status endpoints now report user-scoped activity rather than global activity
 - Tests added:

  TestSessionQueueSanitization (4 tests):
  1. test_owner_sees_all_fields - Owner sees complete queue item data
  2. test_admin_sees_all_fields - Admin sees complete queue item data
  3. test_non_owner_sees_only_status_timestamps_errors -
     Non-owner sees only item_id, queue_id, status, and timestamps; everything else is redacted
  4. test_sanitization_does_not_mutate_original - Sanitization doesn't modify the original object

  TestRecallParametersIsolation (2 tests):

  5. test_user1_write_does_not_leak_to_user2 - User1's recall params are not visible in user2's client state
  6. test_two_users_independent_state - Both users can write recall params independently without overwriting each other

fix(backend): queue status endpoints report user-scoped stats rather than global stats
diff --git a/invokeai/app/api/routers/recall_parameters.py b/invokeai/app/api/routers/recall_parameters.py
@@ -337,14 +337,14 @@ async def update_recall_parameters(
         if not provided_params:
             return {"status": "no_parameters_provided", "updated_count": 0}
 
-        # Store each parameter in client state using a consistent key format
+        # Store each parameter in client state scoped to the current user
         updated_count = 0
         for param_key, param_value in provided_params.items():
             # Convert parameter values to JSON strings for storage
             value_str = json.dumps(param_value)
             try:
                 ApiDependencies.invoker.services.client_state_persistence.set_by_key(
-                    queue_id, f"recall_{param_key}", value_str
+                    current_user.user_id, f"recall_{param_key}", value_str
                 )
                 updated_count += 1
             except Exception as e:
diff --git a/invokeai/app/api/routers/session_queue.py b/invokeai/app/api/routers/session_queue.py
@@ -44,7 +44,8 @@ def sanitize_queue_item_for_user(
     """Sanitize queue item for non-admin users viewing other users' items.
 
     For non-admin users viewing queue items belonging to other users,
-    the field_values, session graph, and workflow should be hidden/cleared to protect privacy.
+    only timestamps, status, and error information are exposed. All other
+    fields (user identity, generation parameters, graphs, workflows) are stripped.
 
     Args:
         queue_item: The queue item to sanitize
@@ -58,15 +59,25 @@ def sanitize_queue_item_for_user(
     if is_admin or queue_item.user_id == current_user_id:
         return queue_item
 
-    # For non-admins viewing other users' items, clear sensitive fields
-    # Create a shallow copy to avoid mutating the original
+    # For non-admins viewing other users' items, strip everything except
+    # item_id, queue_id, status, and timestamps
     sanitized_item = queue_item.model_copy(deep=False)
+    sanitized_item.user_id = "redacted"
+    sanitized_item.user_display_name = None
+    sanitized_item.user_email = None
+    sanitized_item.batch_id = "redacted"
+    sanitized_item.session_id = "redacted"
+    sanitized_item.origin = None
+    sanitized_item.destination = None
+    sanitized_item.priority = 0
     sanitized_item.field_values = None
+    sanitized_item.retried_from_item_id = None
     sanitized_item.workflow = None
-    # Clear the session graph by replacing it with an empty graph execution state
-    # This prevents information leakage through the generation graph
+    sanitized_item.error_type = None
+    sanitized_item.error_message = None
+    sanitized_item.error_traceback = None
     sanitized_item.session = GraphExecutionState(
-        id=queue_item.session.id,
+        id="redacted",
         graph=Graph(),
     )
     return sanitized_item
@@ -130,9 +141,12 @@ async def get_queue_item_ids(
     queue_id: str = Path(description="The queue id to perform this operation on"),
     order_dir: SQLiteDirection = Query(default=SQLiteDirection.Descending, description="The order of sort"),
 ) -> ItemIdsResult:
-    """Gets all queue item ids that match the given parameters"""
+    """Gets all queue item ids that match the given parameters. Non-admin users only see their own items."""
     try:
-        return ApiDependencies.invoker.services.session_queue.get_queue_item_ids(queue_id=queue_id, order_dir=order_dir)
+        user_id = None if current_user.is_admin else current_user.user_id
+        return ApiDependencies.invoker.services.session_queue.get_queue_item_ids(
+            queue_id=queue_id, order_dir=order_dir, user_id=user_id
+        )
     except Exception as e:
         raise HTTPException(status_code=500, detail=f"Unexpected error while listing all queue item ids: {e}")
 
diff --git a/invokeai/app/services/session_queue/session_queue_base.py b/invokeai/app/services/session_queue/session_queue_base.py
@@ -172,8 +172,9 @@ def get_queue_item_ids(
         self,
         queue_id: str,
         order_dir: SQLiteDirection = SQLiteDirection.Descending,
+        user_id: Optional[str] = None,
     ) -> ItemIdsResult:
-        """Gets all queue item ids that match the given parameters"""
+        """Gets all queue item ids that match the given parameters. If user_id is provided, only returns items for that user."""
         pass
 
     @abstractmethod
diff --git a/invokeai/app/services/session_queue/session_queue_sqlite.py b/invokeai/app/services/session_queue/session_queue_sqlite.py
@@ -765,15 +765,21 @@ def get_queue_item_ids(
         self,
         queue_id: str,
         order_dir: SQLiteDirection = SQLiteDirection.Descending,
+        user_id: Optional[str] = None,
     ) -> ItemIdsResult:
         with self._db.transaction() as cursor_:
             query = f"""--sql
                 SELECT item_id
                 FROM session_queue
                 WHERE queue_id = ?
-                ORDER BY created_at {order_dir.value}
                 """
-            query_params = [queue_id]
+            query_params: list[str] = [queue_id]
+
+            if user_id is not None:
+                query += " AND user_id = ?"
+                query_params.append(user_id)
+
+            query += f" ORDER BY created_at {order_dir.value}"
 
             cursor_.execute(query, query_params)
             result = cast(list[sqlite3.Row], cursor_.fetchall())
diff --git a/invokeai/frontend/web/public/locales/en.json b/invokeai/frontend/web/public/locales/en.json
@@ -1499,6 +1499,7 @@
         "info": "Info",
         "invoke": {
             "addingImagesTo": "Adding images to",
+            "boardNotWritable": "You do not have write access to board \"{{boardName}}\". Select a board you own or switch to Uncategorized.",
             "modelDisabledForTrial": "Generating with {{modelName}} is not available on trial accounts. Visit your account settings to upgrade.",
             "invoke": "Invoke",
             "missingFieldTemplate": "Missing field template",
diff --git a/invokeai/frontend/web/src/features/queue/components/InvokeButtonTooltip/InvokeButtonTooltip.tsx b/invokeai/frontend/web/src/features/queue/components/InvokeButtonTooltip/InvokeButtonTooltip.tsx
@@ -17,6 +17,8 @@ import type { PropsWithChildren } from 'react';
 import { memo, useEffect, useMemo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { enqueueMutationFixedCacheKeyOptions, useEnqueueBatchMutation } from 'services/api/endpoints/queue';
+import { useAutoAddBoard } from 'services/api/hooks/useAutoAddBoard';
+import { useBoardAccess } from 'services/api/hooks/useBoardAccess';
 import { useBoardName } from 'services/api/hooks/useBoardName';
 
 type Props = TooltipProps & {
@@ -53,19 +55,25 @@ TooltipContent.displayName = 'TooltipContent';
 const CanvasTabTooltipContent = memo(({ prepend = false }: { prepend?: boolean }) => {
   const isReady = useStore($isReadyToEnqueue);
   const reasons = useStore($reasonsWhyCannotEnqueue);
+  const autoAddBoard = useAutoAddBoard();
+  const { canWriteImages } = useBoardAccess(autoAddBoard);
 
   return (
     <Flex flexDir="column" gap={1}>
-      <IsReadyText isReady={isReady} prepend={prepend} />
+      <IsReadyText isReady={isReady && canWriteImages} prepend={prepend} />
       <QueueCountPredictionCanvasOrUpscaleTab />
-      {reasons.length > 0 && (
+      {(reasons.length > 0 || !canWriteImages) && (
         <>
           <StyledDivider />
-          <ReasonsList reasons={reasons} />
+          <ReasonsList reasons={reasons} canWriteImages={canWriteImages} />
+        </>
+      )}
+      {canWriteImages && (
+        <>
+          <StyledDivider />
+          <AddingToText />
         </>
       )}
-      <StyledDivider />
-      <AddingToText />
     </Flex>
   );
 });
@@ -74,15 +82,17 @@ CanvasTabTooltipContent.displayName = 'CanvasTabTooltipContent';
 const UpscaleTabTooltipContent = memo(({ prepend = false }: { prepend?: boolean }) => {
   const isReady = useStore($isReadyToEnqueue);
   const reasons = useStore($reasonsWhyCannotEnqueue);
+  const autoAddBoard = useAutoAddBoard();
+  const { canWriteImages } = useBoardAccess(autoAddBoard);
 
   return (
     <Flex flexDir="column" gap={1}>
-      <IsReadyText isReady={isReady} prepend={prepend} />
+      <IsReadyText isReady={isReady && canWriteImages} prepend={prepend} />
       <QueueCountPredictionCanvasOrUpscaleTab />
-      {reasons.length > 0 && (
+      {(reasons.length > 0 || !canWriteImages) && (
         <>
           <StyledDivider />
-          <ReasonsList reasons={reasons} />
+          <ReasonsList reasons={reasons} canWriteImages={canWriteImages} />
         </>
       )}
     </Flex>
@@ -195,12 +205,23 @@ const IsReadyText = memo(({ isReady, prepend }: { isReady: boolean; prepend: boo
 });
 IsReadyText.displayName = 'IsReadyText';
 
-const ReasonsList = memo(({ reasons }: { reasons: Reason[] }) => {
+const ReasonsList = memo(({ reasons, canWriteImages = true }: { reasons: Reason[]; canWriteImages?: boolean }) => {
+  const { t } = useTranslation();
+  const autoAddBoardId = useAppSelector(selectAutoAddBoardId);
+  const autoAddBoardName = useBoardName(autoAddBoardId);
+
   return (
     <UnorderedList>
       {reasons.map((reason, i) => (
         <ReasonListItem key={`${reason.content}.${i}`} reason={reason} />
       ))}
+      {!canWriteImages && (
+        <ListItem>
+          <Text as="span">
+            {t('parameters.invoke.boardNotWritable', { boardName: autoAddBoardName || autoAddBoardId })}
+          </Text>
+        </ListItem>
+      )}
     </UnorderedList>
   );
 });
diff --git a/tests/app/routers/test_multiuser_authorization.py b/tests/app/routers/test_multiuser_authorization.py
@@ -21,6 +21,7 @@
 from invokeai.app.services.config.config_default import InvokeAIAppConfig
 from invokeai.app.services.invocation_services import InvocationServices
 from invokeai.app.services.invoker import Invoker
+from invokeai.app.services.session_queue.session_queue_common import SessionQueueItem
 from invokeai.app.services.users.users_common import UserCreateRequest
 from invokeai.app.services.workflow_records.workflow_records_sqlite import SqliteWorkflowRecordsStorage
 from invokeai.backend.util.logging import InvokeAILogger
@@ -690,6 +691,111 @@ def test_counts_by_destination_requires_auth(self, enable_multiuser: Any, client
         assert r.status_code == status.HTTP_401_UNAUTHORIZED
 
 
+# ===========================================================================
+# 6b. Session queue sanitization (cross-user isolation)
+# ===========================================================================
+
+
+class TestSessionQueueSanitization:
+    """Tests that sanitize_queue_item_for_user strips all sensitive fields
+    from queue items viewed by non-owner, non-admin users."""
+
+    @pytest.fixture
+    def _sample_queue_item(self):
+        from invokeai.app.services.shared.graph import Graph, GraphExecutionState
+
+        return SessionQueueItem(
+            item_id=42,
+            status="pending",
+            priority=10,
+            batch_id="batch-abc",
+            origin="workflows",
+            destination="canvas",
+            session_id="sess-123",
+            session=GraphExecutionState(id="sess-123", graph=Graph()),
+            error_type="RuntimeError",
+            error_message="something broke",
+            error_traceback="Traceback ...",
+            created_at="2026-01-01T00:00:00",
+            updated_at="2026-01-01T01:00:00",
+            started_at="2026-01-01T00:30:00",
+            completed_at=None,
+            queue_id="default",
+            user_id="owner-user",
+            user_display_name="Owner Display",
+            user_email="owner@test.com",
+            field_values=None,
+            workflow=None,
+        )
+
+    def test_owner_sees_all_fields(self, _sample_queue_item: SessionQueueItem):
+        from invokeai.app.api.routers.session_queue import sanitize_queue_item_for_user
+
+        result = sanitize_queue_item_for_user(_sample_queue_item, "owner-user", is_admin=False)
+        assert result.user_id == "owner-user"
+        assert result.user_display_name == "Owner Display"
+        assert result.user_email == "owner@test.com"
+        assert result.batch_id == "batch-abc"
+        assert result.origin == "workflows"
+        assert result.destination == "canvas"
+        assert result.session_id == "sess-123"
+        assert result.priority == 10
+
+    def test_admin_sees_all_fields(self, _sample_queue_item: SessionQueueItem):
+        from invokeai.app.api.routers.session_queue import sanitize_queue_item_for_user
+
+        result = sanitize_queue_item_for_user(_sample_queue_item, "admin-user", is_admin=True)
+        assert result.user_id == "owner-user"
+        assert result.user_display_name == "Owner Display"
+        assert result.user_email == "owner@test.com"
+        assert result.batch_id == "batch-abc"
+
+    def test_non_owner_sees_only_status_timestamps_errors(self, _sample_queue_item: SessionQueueItem):
+        from invokeai.app.api.routers.session_queue import sanitize_queue_item_for_user
+
+        result = sanitize_queue_item_for_user(_sample_queue_item, "other-user", is_admin=False)
+
+        # Preserved: item_id, queue_id, status, timestamps
+        assert result.item_id == 42
+        assert result.queue_id == "default"
+        assert result.status == "pending"
+        assert result.created_at == "2026-01-01T00:00:00"
+        assert result.updated_at == "2026-01-01T01:00:00"
+        assert result.started_at == "2026-01-01T00:30:00"
+        assert result.completed_at is None
+
+        # Stripped: errors (may leak file paths, prompts, model names)
+        assert result.error_type is None
+        assert result.error_message is None
+        assert result.error_traceback is None
+
+        # Stripped: user identity
+        assert result.user_id == "redacted"
+        assert result.user_display_name is None
+        assert result.user_email is None
+
+        # Stripped: generation metadata
+        assert result.batch_id == "redacted"
+        assert result.session_id == "redacted"
+        assert result.origin is None
+        assert result.destination is None
+        assert result.priority == 0
+        assert result.field_values is None
+        assert result.retried_from_item_id is None
+        assert result.workflow is None
+        assert result.session.id == "redacted"
+        assert len(result.session.graph.nodes) == 0
+
+    def test_sanitization_does_not_mutate_original(self, _sample_queue_item: SessionQueueItem):
+        from invokeai.app.api.routers.session_queue import sanitize_queue_item_for_user
+
+        sanitize_queue_item_for_user(_sample_queue_item, "other-user", is_admin=False)
+        # Original should be unchanged
+        assert _sample_queue_item.user_id == "owner-user"
+        assert _sample_queue_item.user_email == "owner@test.com"
+        assert _sample_queue_item.batch_id == "batch-abc"
+
+
 # ===========================================================================
 # 7. Recall parameters authorization
 # ===========================================================================
@@ -705,3 +811,67 @@ def test_get_recall_parameters_requires_auth(self, enable_multiuser: Any, client
     def test_update_recall_parameters_requires_auth(self, enable_multiuser: Any, client: TestClient):
         r = client.post("/api/v1/recall/default", json={"positive_prompt": "test"})
         assert r.status_code == status.HTTP_401_UNAUTHORIZED
+
+
+# ===========================================================================
+# 7b. Recall parameters cross-user isolation
+# ===========================================================================
+
+
+class TestRecallParametersIsolation:
+    """Tests that recall parameters are scoped per-user, not globally by queue_id."""
+
+    def test_user1_write_does_not_leak_to_user2(
+        self, client: TestClient, mock_invoker: Invoker, user1_token: str, user2_token: str
+    ):
+        """User1 sets a recall parameter; user2 should not see it in client state."""
+        # user1 writes a recall parameter
+        r = client.post(
+            "/api/v1/recall/default",
+            json={"positive_prompt": "user1 secret prompt"},
+            headers=_auth(user1_token),
+        )
+        assert r.status_code == 200
+
+        # Verify that user1's data is stored under user1's user_id, not the queue_id
+        user1 = mock_invoker.services.users.get_by_email("user1@test.com")
+        user2 = mock_invoker.services.users.get_by_email("user2@test.com")
+        assert user1 is not None
+        assert user2 is not None
+
+        # user1 should have the value
+        val = mock_invoker.services.client_state_persistence.get_by_key(user1.user_id, "recall_positive_prompt")
+        assert val is not None
+        assert "user1 secret prompt" in val
+
+        # user2 should NOT have the value
+        val2 = mock_invoker.services.client_state_persistence.get_by_key(user2.user_id, "recall_positive_prompt")
+        assert val2 is None
+
+    def test_two_users_independent_state(
+        self, client: TestClient, mock_invoker: Invoker, user1_token: str, user2_token: str
+    ):
+        """Both users can write recall params independently without overwriting each other."""
+        r1 = client.post(
+            "/api/v1/recall/default",
+            json={"positive_prompt": "prompt from user1"},
+            headers=_auth(user1_token),
+        )
+        assert r1.status_code == 200
+
+        r2 = client.post(
+            "/api/v1/recall/default",
+            json={"positive_prompt": "prompt from user2"},
+            headers=_auth(user2_token),
+        )
+        assert r2.status_code == 200
+
+        user1 = mock_invoker.services.users.get_by_email("user1@test.com")
+        user2 = mock_invoker.services.users.get_by_email("user2@test.com")
+        assert user1 is not None
+        assert user2 is not None
+
+        val1 = mock_invoker.services.client_state_persistence.get_by_key(user1.user_id, "recall_positive_prompt")
+        val2 = mock_invoker.services.client_state_persistence.get_by_key(user2.user_id, "recall_positive_prompt")
+        assert val1 is not None and "prompt from user1" in val1
+        assert val2 is not None and "prompt from user2" in val2
