From 55aac5a3cb4eac7ae92edf5b31e36f2e59db5acd Mon Sep 17 00:00:00 2001
From: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
Date: Mon, 21 Mar 2022 15:51:39 -0700
Subject: [PATCH] allow overriding the guest token PyJWT instance (#19293)

(cherry picked from commit f9feb1b7f333b6b54b44ab5ca4016bfd1b652375)
---
 superset/security/manager.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/superset/security/manager.py b/superset/security/manager.py
index eb068c81fbb1..b1b44747f09f 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -33,7 +33,6 @@
     Union,
 )
 
-import jwt
 from flask import current_app, Flask, g, Request
 from flask_appbuilder import Model
 from flask_appbuilder.models.sqla.interface import SQLAInterface
@@ -54,6 +53,7 @@
 )
 from flask_appbuilder.widgets import ListWidget
 from flask_login import AnonymousUserMixin, LoginManager
+from jwt.api_jwt import _jwt_global_obj
 from sqlalchemy import and_, or_
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.orm import Session
@@ -238,6 +238,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
     )
 
     guest_user_cls = GuestUser
+    pyjwt_for_guest_token = _jwt_global_obj
 
     def create_login_manager(self, app: Flask) -> LoginManager:
         lm = super().create_login_manager(app)
@@ -1345,7 +1346,7 @@ def create_guest_access_token(
             "aud": audience,
             "type": "guest",
         }
-        token = jwt.encode(claims, secret, algorithm=algo)
+        token = self.pyjwt_for_guest_token.encode(claims, secret, algorithm=algo)
         return token
 
     def get_guest_user_from_request(self, req: Request) -> Optional[GuestUser]:
@@ -1393,7 +1394,9 @@ def parse_jwt_guest_token(self, raw_token: str) -> Dict[str, Any]:
         secret = current_app.config["GUEST_TOKEN_JWT_SECRET"]
         algo = current_app.config["GUEST_TOKEN_JWT_ALGO"]
         audience = self._get_guest_token_jwt_audience()
-        return jwt.decode(raw_token, secret, algorithms=[algo], audience=audience)
+        return self.pyjwt_for_guest_token.decode(
+            raw_token, secret, algorithms=[algo], audience=audience
+        )
 
     @staticmethod
     def is_guest_user(user: Optional[Any] = None) -> bool: