Skip to content

Commit

Permalink
Fixes server error on embed due to breaking change on flask-login
Browse files Browse the repository at this point in the history 
Due to a breaking change in Flask-Login (maxcountryman/flask-login#378) the code for logging in our the AnonymousUser breaks. Unfortunately, Flask-Login not only renames the method we need, but also makes it quasi-private. We can switch to a different public util function Flask-Login offers since at least version 0.3.0. In all versions I checked it essentially executes the same steps as `reload_user(...)` did (it additionally signals the login event internally, which shouldn't cause issues).

Fixes apache#21987
  • Loading branch information
@Usiel
Usiel committed Jan 11, 2023
1 parent 73e53fa commit 790eb9e
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 7 deletions.
7 changes: 3 additions & 4 deletions superset/embedded/view.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@

from flask import abort, g, request
from flask_appbuilder import expose
from flask_login import AnonymousUserMixin, LoginManager
from flask_login import AnonymousUserMixin, login_user
from flask_wtf.csrf import same_origin

from superset import event_logger, is_feature_enabled, security_manager
from superset import event_logger, is_feature_enabled
from superset.embedded.dao import EmbeddedDAO
from superset.superset_typing import FlaskResponse
from superset.utils import core as utils
Expand Down Expand Up @@ -68,8 +68,7 @@ def embedded(
# Log in as an anonymous user, just for this view.
# This view needs to be visible to all users,
# and building the page fails if g.user and/or ctx.user aren't present.
login_manager: LoginManager = security_manager.lm
login_manager.reload_user(AnonymousUserMixin())
login_user(AnonymousUserMixin(), force=True)

add_extra_log_payload(
embedded_dashboard_id=uuid,
Expand Down
5 changes: 2 additions & 3 deletions superset/views/dashboard/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
from flask_appbuilder.models.sqla.interface import SQLAInterface
from flask_appbuilder.security.decorators import has_access
from flask_babel import gettext as __, lazy_gettext as _
from flask_login import AnonymousUserMixin, LoginManager
from flask_login import AnonymousUserMixin, login_user

from superset import db, event_logger, is_feature_enabled, security_manager
from superset.constants import MODEL_VIEW_RW_METHOD_PERMISSION_MAP, RouteMethod
Expand Down Expand Up @@ -149,8 +149,7 @@ def embedded(
# Log in as an anonymous user, just for this view.
# This view needs to be visible to all users,
# and building the page fails if g.user and/or ctx.user aren't present.
login_manager: LoginManager = security_manager.lm
login_manager.reload_user(AnonymousUserMixin())
login_user(AnonymousUserMixin(), force=True)

add_extra_log_payload(
dashboard_id=dashboard_id_or_slug,
Expand Down

0 comments on commit 790eb9e

Please sign in to comment.