Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Fix, let admin's be able to reset user passwords on AUTH_DB #9232

Merged
merged 2 commits into from Mar 3, 2020
Merged

[security] Fix, let admin's be able to reset user passwords on AUTH_DB #9232

merged 2 commits into from Mar 3, 2020

Conversation

dpgaspar
Copy link
Member

@dpgaspar dpgaspar commented Mar 3, 2020
edited

CATEGORY

  • Bug Fix
  • Enhancement (new features, refinement)
  • Refactor
  • Add tests
  • Build / Development Environment
  • Documentation

SUMMARY

Let Admin user's be able to reset password when on AUTH_DB

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

Before:
image

After:
image

TEST PLAN

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Requires DB Migration.
  • Confirm DB Migration upgrade and downgrade tested.
  • Introduces new feature or API
  • Removes existing feature or API

REVIEWERS

@dpgaspar dpgaspar marked this pull request as ready for review March 3, 2020 16:13
@codecov-io
Copy link

codecov-io commented Mar 3, 2020
edited

Codecov Report

Merging #9232 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #9232   +/-   ##
=======================================
  Coverage   58.93%   58.93%           
=======================================
  Files         373      373           
  Lines       12014    12014           
  Branches     2945     2945           
=======================================
  Hits         7080     7080           
  Misses       4755     4755           
  Partials      179      179

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 26e916e...3963f25. Read the comment docs.

@dpgaspar dpgaspar added the v0.36 label Mar 3, 2020
villebro
villebro reviewed Mar 3, 2020
View reviewed changes
superset/security/manager.py Outdated
Comment on lines 84 to 88
UserModelView.include_route_methods = RouteMethod.CRUD_SET | {
"userinfo",
"action_post",
"action",
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we be using constants.RouteMethod.ACTION_POST etc here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh! yes, right you are

@dpgaspar dpgaspar requested a review from villebro March 3, 2020 16:37
villebro
villebro reviewed Mar 3, 2020
View reviewed changes
superset/security/manager.py
UserModelView.include_route_methods = RouteMethod.CRUD_SET | {
RouteMethod.ACTION,
RouteMethod.ACTION_POST,
"userinfo",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The userinfo looks lonely here with the constants. Wondering if we should collect these somewhere, too.

Copy link
Member Author

@dpgaspar dpgaspar Mar 3, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can of course, did a quick search and found a bunch of "lonely" routes. Like download_dashboards, bulk_delete, table_metadata. Would say that the idea here is that non repeatable ones, get referenced in place.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps not something that needs to be addressed now (not really sure which is better). LGTM

villebro
villebro approved these changes Mar 3, 2020
View reviewed changes
superset/security/manager.py
UserModelView.include_route_methods = RouteMethod.CRUD_SET | {
RouteMethod.ACTION,
RouteMethod.ACTION_POST,
"userinfo",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps not something that needs to be addressed now (not really sure which is better). LGTM

@dpgaspar dpgaspar merged commit d55240a into apache:master Mar 3, 2020
@dpgaspar dpgaspar deleted the fix/reset-password branch March 3, 2020 18:57
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.36.0 labels Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@craig-rueda craig-rueda craig-rueda approved these changes

@villebro villebro villebro approved these changes

@mistercrunch mistercrunch Awaiting requested review from mistercrunch

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/XS v0.36 🚢 0.36.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@dpgaspar @codecov-io @craig-rueda @villebro @mistercrunch