Last active
August 23, 2023 06:13
-
-
Save mistercrunch/6d31af4a11c47edcedc1ba6ceb5f5fab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this lives in superset_config.py | |
| class AirbnbAuthRemoteUserView(AuthRemoteUserView): | |
| def add_role_if_missing(self, sm, user_id, role_name): | |
| found_role = sm.find_role(role_name) | |
| session = sm.get_session | |
| user = session.query(sm.user_model).get(user_id) | |
| if found_role and found_role not in user.roles: | |
| user.roles += [found_role] | |
| session.commit() | |
| @expose('/login/') | |
| def login(self): | |
| # Flushing flash message "Access is denied" | |
| if web_session and '_flashes' in web_session: | |
| web_session.pop('_flashes') | |
| from flask import g | |
| if g and g.user is not None and g.user.is_authenticated(): | |
| return redirect(self.redirect_url()) | |
| sm = self.appbuilder.sm | |
| error_msg = None | |
| if any([ | |
| k not in request.headers | |
| for k in ['X-LDAP-Username', 'X-LDAP-Groups']]): | |
| raise | |
| username = request.headers.get('X-LDAP-Username') | |
| groups = request.headers.get('X-LDAP-Groups', '').lower().split(',') | |
| session = sm.get_session | |
| user = session.query(sm.user_model).filter_by(username=username).first() | |
| if user and not user.is_active(): | |
| return ( | |
| "Your account is not activated, " | |
| "ask an admin to check the 'Is Active?' box in your " | |
| "user profile") | |
| if any([gr in ACCEPTED_ROLES for gr in groups]): | |
| role = sm.find_role('alpha') | |
| else: | |
| role = sm.find_role('gamma') | |
| if user is None and username: | |
| user = sm.add_user( | |
| username=username, | |
| first_name=username, | |
| last_name='', | |
| email="{}@airbnb.com".format(username), | |
| role=role) | |
| msg = ("Welcome to Superset, {}".format(username)) | |
| flash(as_unicode(msg), 'info') | |
| user = sm.auth_user_remote_user(username) | |
| elif role not in user.roles: | |
| user = session.query(sm.user_model).get(user.id) | |
| user.roles += [role] | |
| session.commit() | |
| self.add_role_if_missing(sm, user.id, 'airbnb_anon') | |
| self.add_role_if_missing(sm, user.id, 'sql_lab') | |
| login_user(user) | |
| return redirect(self.redirect_url()) | |
| class CustomSecurityManager(SecurityManager): | |
| authremoteuserview = AirbnbAuthRemoteUserView | |
| AUTH_TYPE = AUTH_REMOTE_USER | |
| AUTH_USER_REGISTRATION_ROLE = 'alpha' | |
| CUSTOM_SECURITY_MANAGER = CustomSecurityManager |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The doubt that I have regarding this login, is how validate if the user is a valid user, and prevent anyone from accessing the graphics by simply passing a username.