Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat(embedded): aud claim and type for guest token #18651

Merged
merged 8 commits into from
Feb 14, 2022
Merged

feat(embedded): aud claim and type for guest token #18651

merged 8 commits into from
Feb 14, 2022

Conversation

lilykuang
Copy link
Member

@lilykuang lilykuang commented Feb 10, 2022
edited
Loading

SUMMARY

  • add audience claim and type to guest token
  • limit guest token to one workspace

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@lilykuang lilykuang requested a review from suddjian February 10, 2022 00:47
@codecov
Copy link

codecov bot commented Feb 10, 2022
edited
Loading

Codecov Report

Merging #18651 (4face91) into master (f03b4db) will increase coverage by 0.36%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #18651      +/-   ##
==========================================
+ Coverage   66.29%   66.65%   +0.36%     
==========================================
  Files        1603     1603              
  Lines       62744    63512     +768     
  Branches     6320     6320              
==========================================
+ Hits        41593    42331     +738     
- Misses      19499    19529      +30     
  Partials     1652     1652
Flag Coverage Δ
hive 52.13% <28.57%> (-0.01%) ⬇️
javascript 51.28% <ø> (ø)
mysql 81.66% <100.00%> (+0.34%) ⬆️
postgres 81.70% <100.00%> (+0.34%) ⬆️
presto 52.65% <28.57%> (+0.66%) ⬆️
python 82.14% <100.00%> (+0.34%) ⬆️
sqlite 81.05% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
superset/config.py 91.92% <100.00%> (+0.02%) ⬆️
superset/security/manager.py 94.32% <100.00%> (+0.06%) ⬆️
superset/db_engine_specs/mssql.py 96.66% <0.00%> (+0.83%) ⬆️
superset/db_engine_specs/base.py 89.93% <0.00%> (+1.49%) ⬆️
superset/connectors/sqla/models.py 91.99% <0.00%> (+3.25%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f03b4db...4face91. Read the comment docs.

@lilykuang lilykuang marked this pull request as ready for review February 10, 2022 19:23
craig-rueda
craig-rueda reviewed Feb 11, 2022
View reviewed changes
superset/security/manager.py
raise ValueError("Guest token does not contain an aud claim")
if token.get("aud") != aud:
raise ValueError("Guest token does not match the aud claim")
if token.get("type") != "guest":
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pls add some tests where the supplied token isn't a "guest" token, and where the aud doesn't match

suddjian
suddjian reviewed Feb 11, 2022
View reviewed changes
@suddjian
Apply suggestions from code review
cedb0c9 
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
@lilykuang lilykuang requested a review from dpgaspar February 11, 2022 19:49
@pull-request-size pull-request-size bot added size/M and removed size/S labels Feb 12, 2022
@lilykuang lilykuang merged commit e6ea197 into master Feb 14, 2022
@lilykuang lilykuang deleted the embedded-guest-token-aud-claim branch February 14, 2022 18:43
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 1.5.0 labels Mar 13, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@craig-rueda craig-rueda craig-rueda approved these changes

@dpgaspar dpgaspar Awaiting requested review from dpgaspar

@suddjian suddjian Awaiting requested review from suddjian

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels preset-io size/M 🚢 1.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lilykuang @suddjian @craig-rueda @mistercrunch