Skip to content

Commit

Permalink
fix(embed): fix server error due to breaking change on flask-login (#…
Browse files Browse the repository at this point in the history
…22462)

Co-authored-by: Usiel Riedl <usiel.riedl@automattic.com>
  • Loading branch information
Usiel and Usiel committed Jan 12, 2023
1 parent 68b0a59 commit d5ecfbb
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 7 deletions.
7 changes: 3 additions & 4 deletions superset/embedded/view.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@

from flask import abort, g, request
from flask_appbuilder import expose
from flask_login import AnonymousUserMixin, LoginManager
from flask_login import AnonymousUserMixin, login_user
from flask_wtf.csrf import same_origin

from superset import event_logger, is_feature_enabled, security_manager
from superset import event_logger, is_feature_enabled
from superset.embedded.dao import EmbeddedDAO
from superset.superset_typing import FlaskResponse
from superset.utils import core as utils
Expand Down Expand Up @@ -68,8 +68,7 @@ def embedded(
# Log in as an anonymous user, just for this view.
# This view needs to be visible to all users,
# and building the page fails if g.user and/or ctx.user aren't present.
login_manager: LoginManager = security_manager.lm
login_manager.reload_user(AnonymousUserMixin())
login_user(AnonymousUserMixin(), force=True)

add_extra_log_payload(
embedded_dashboard_id=uuid,
Expand Down
5 changes: 2 additions & 3 deletions superset/views/dashboard/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
from flask_appbuilder.models.sqla.interface import SQLAInterface
from flask_appbuilder.security.decorators import has_access
from flask_babel import gettext as __, lazy_gettext as _
from flask_login import AnonymousUserMixin, LoginManager
from flask_login import AnonymousUserMixin, login_user

from superset import db, event_logger, is_feature_enabled, security_manager
from superset.constants import MODEL_VIEW_RW_METHOD_PERMISSION_MAP, RouteMethod
Expand Down Expand Up @@ -149,8 +149,7 @@ def embedded(
# Log in as an anonymous user, just for this view.
# This view needs to be visible to all users,
# and building the page fails if g.user and/or ctx.user aren't present.
login_manager: LoginManager = security_manager.lm
login_manager.reload_user(AnonymousUserMixin())
login_user(AnonymousUserMixin(), force=True)

add_extra_log_payload(
dashboard_id=dashboard_id_or_slug,
Expand Down
72 changes: 72 additions & 0 deletions tests/integration_tests/embedded/test_view.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from __future__ import annotations

from typing import TYPE_CHECKING
from unittest import mock

import pytest

from superset import db
from superset.embedded.dao import EmbeddedDAO
from superset.models.dashboard import Dashboard
from tests.integration_tests.fixtures.birth_names_dashboard import (
load_birth_names_dashboard_with_slices,
load_birth_names_data,
)
from tests.integration_tests.fixtures.client import client

if TYPE_CHECKING:
from typing import Any

from flask.testing import FlaskClient


@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
@mock.patch.dict(
"superset.extensions.feature_flag_manager._feature_flags",
EMBEDDED_SUPERSET=True,
)
def test_get_embedded_dashboard(client: FlaskClient[Any]):
dash = db.session.query(Dashboard).filter_by(slug="births").first()
embedded = EmbeddedDAO.upsert(dash, [])
uri = f"embedded/{embedded.uuid}"
response = client.get(uri)
assert response.status_code == 200


@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
@mock.patch.dict(
"superset.extensions.feature_flag_manager._feature_flags",
EMBEDDED_SUPERSET=True,
)
def test_get_embedded_dashboard_referrer_not_allowed(client: FlaskClient[Any]):
dash = db.session.query(Dashboard).filter_by(slug="births").first()
embedded = EmbeddedDAO.upsert(dash, ["test.example.com"])
uri = f"embedded/{embedded.uuid}"
response = client.get(uri)
assert response.status_code == 403


@mock.patch.dict(
"superset.extensions.feature_flag_manager._feature_flags",
EMBEDDED_SUPERSET=True,
)
def test_get_embedded_dashboard_non_found(client: FlaskClient[Any]):
uri = f"embedded/bad-uuid"
response = client.get(uri)
assert response.status_code == 404

0 comments on commit d5ecfbb

Please sign in to comment.