Assigning to security context in check_auth doesn't work in Python #8133

igorlukanin · 2024-04-11T22:21:40Z

Describe the bug
Apparently, assigning to security context works in check_auth in JavaScript but doesn't work in Python.

To Reproduce
Run the following cube.py snippet:

from cube import config
 
@config('query_rewrite')
def query_rewrite(query: dict, ctx: dict) -> dict:
  print("Query rewrite started")
  print(ctx)
  print("Query rewrite finished")
  return query

@config('check_auth')
def check_auth(ctx: dict, token: str) -> None:

  ctx['securityContext'] = {
    "sub": "1234567890",
    "iat": 1516239022,
    "user_id": 42
  }

  context = ctx['securityContext']

  print(context)
 
  if not context:
    raise Exception('Access denied')
  return ctx

Result:

Expected behavior
Assigning to security context works in Python, 42 is printed as user_id inside the security context.

Version:
0.35.10

Additional context
We can fix this in a backwards-compatible way as follows:

Similarly to check_sql_auth, support returning security context from check_auth both in JavaScript and Python.
If nothing is returned, fall back to the current behavior.

The text was updated successfully, but these errors were encountered:

igorlukanin added bug Something isn't working python labels Apr 11, 2024

ovr self-assigned this Apr 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Assigning to security context in check_auth doesn't work in Python #8133

Assigning to security context in check_auth doesn't work in Python #8133

igorlukanin commented Apr 11, 2024

Assigning to security context in check_auth doesn't work in Python #8133

Assigning to security context in check_auth doesn't work in Python #8133

Comments

igorlukanin commented Apr 11, 2024