Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: allow overriding the guest token pyjwt instance #19293

Merged
merged 1 commit into from
Mar 21, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions superset/security/manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
Union,
)

import jwt
from flask import current_app, Flask, g, Request
from flask_appbuilder import Model
from flask_appbuilder.models.sqla.interface import SQLAInterface
Expand All @@ -54,6 +53,7 @@
)
from flask_appbuilder.widgets import ListWidget
from flask_login import AnonymousUserMixin, LoginManager
from jwt.api_jwt import _jwt_global_obj
from sqlalchemy import and_, or_
from sqlalchemy.engine.base import Connection
from sqlalchemy.orm import Session
Expand Down Expand Up @@ -238,6 +238,7 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods
)

guest_user_cls = GuestUser
pyjwt_for_guest_token = _jwt_global_obj

def create_login_manager(self, app: Flask) -> LoginManager:
lm = super().create_login_manager(app)
Expand Down Expand Up @@ -1339,7 +1340,7 @@ def create_guest_access_token(
"aud": audience,
"type": "guest",
}
token = jwt.encode(claims, secret, algorithm=algo)
token = self.pyjwt_for_guest_token.encode(claims, secret, algorithm=algo)
return token

def get_guest_user_from_request(self, req: Request) -> Optional[GuestUser]:
Expand Down Expand Up @@ -1387,7 +1388,9 @@ def parse_jwt_guest_token(self, raw_token: str) -> Dict[str, Any]:
secret = current_app.config["GUEST_TOKEN_JWT_SECRET"]
algo = current_app.config["GUEST_TOKEN_JWT_ALGO"]
audience = self._get_guest_token_jwt_audience()
return jwt.decode(raw_token, secret, algorithms=[algo], audience=audience)
return self.pyjwt_for_guest_token.decode(
raw_token, secret, algorithms=[algo], audience=audience
)

@staticmethod
def is_guest_user(user: Optional[Any] = None) -> bool:
Expand Down