Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: redirect to /login when CSRF expired #14675

Merged
merged 3 commits into from
May 19, 2021
Merged

feat: redirect to /login when CSRF expired #14675

merged 3 commits into from
May 19, 2021

Conversation

betodealmeida
Copy link
Member

SUMMARY

Redirect user to /login when the CSRF token is expired. Currently this shows a JSON payload with a generic error.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A

TEST PLAN

I did a curl with an expired CSRF token and got redirected:

$ curl -v 'http://localhost:8089/api/v1/database/test_connection' -H 'X-CSRFToken: XXX' ...
...
< HTTP/1.0 302 FOUND
< Content-Type: text/html; charset=utf-8
< Content-Length: 221
< Location: http://localhost:8089/login/
< Server: Werkzeug/1.0.1 Python/3.8.8
< Date: Mon, 17 May 2021 18:57:57 GMT
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
* Closing connection 0
<p>You should be redirected automatically to target URL: <a href="/login/">/login/</a>.  If not click the link.%

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@codecov
Copy link

codecov bot commented May 17, 2021
edited
Loading

Codecov Report

Merging #14675 (215f6ef) into master (eb9dafc) will decrease coverage by 0.00%.
The diff coverage is 50.00%.

❗ Current head 215f6ef differs from pull request most recent head b09c23d. Consider uploading reports for the commit b09c23d to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##           master   #14675      +/-   ##
==========================================
- Coverage   77.55%   77.54%   -0.01%     
==========================================
  Files         958      958              
  Lines       48549    48556       +7     
  Branches     5702     5702              
==========================================
+ Hits        37651    37654       +3     
- Misses      10697    10701       +4     
  Partials      201      201
Flag Coverage Δ
hive 81.10% <50.00%> (-0.02%) ⬇️
mysql 81.37% <50.00%> (-0.02%) ⬇️
postgres 81.39% <50.00%> (-0.02%) ⬇️
presto 81.09% <50.00%> (-0.02%) ⬇️
python 81.92% <50.00%> (-0.02%) ⬇️
sqlite 81.01% <50.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
superset/views/base.py 75.35% <50.00%> (-0.84%) ⬇️
superset/databases/schemas.py 99.54% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update eb9dafc...b09c23d. Read the comment docs.

@betodealmeida betodealmeida requested a review from nytai May 18, 2021 21:07
nytai
nytai approved these changes May 18, 2021
View reviewed changes
Copy link
Member

@nytai nytai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@betodealmeida betodealmeida merged commit 065b3f9 into apache:master May 19, 2021
cccs-RyanS pushed a commit to CybercentreCanada/superset that referenced this pull request Dec 17, 2021
@betodealmeida
feat: redirect to /login when CSRF expired (apache#14675)
6f000aa 
* feat: redirect to /login when CSRF expired

* Show exceptions on API requests

* Use is_json
QAlexBall pushed a commit to QAlexBall/superset that referenced this pull request Dec 29, 2021
@betodealmeida
feat: redirect to /login when CSRF expired (apache#14675)
51731a3 
* feat: redirect to /login when CSRF expired

* Show exceptions on API requests

* Use is_json
cccs-rc pushed a commit to CybercentreCanada/superset that referenced this pull request Mar 6, 2024
@betodealmeida
feat: redirect to /login when CSRF expired (apache#14675)
567623e 
* feat: redirect to /login when CSRF expired

* Show exceptions on API requests

* Use is_json
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 1.3.0 labels Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nytai nytai nytai approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/S 🚢 1.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@betodealmeida @nytai @mistercrunch