You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/07/08 17:15:33 UTC
[GitHub] [superset] lziosi commented on issue #16398: Unable to use create database via API: `The CSRF token is missing.`
lziosi commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-1179206710
I am using Superset 1.5.0. I have attempted to use the REST APIs for login and for obtaining the CSRF token.
When I attempt to create a database, providing the Authorization header and the X-CSRFToken headers, I get:
```{"errors": [{"message": "400 Bad Request: The CSRF session token is missing.", "error_type": "GENERIC_BACKEND_ERROR", "level": "error", "extra": {"issue_codes": [{"code": 1011, "message": "Issue 1011 - Superset encountered an unexpected error."}]}}]}```
```
import requests
import json
BASE_URL = ...
USERNAME = ...
PASSWORD = ...
SUPERSET_DB_NAME = ...
DB_NAME = ...
DB_PORT = ...
DB_HOST = ...
DB_USER = ...
DB_PASSWORD = ...
def login(base_url, username, password):
url = base_url + 'api/v1/security/login'
payload = {'password': password, 'provider': 'ldap', 'refresh': 'true', 'username': username}
payload_json = json.dumps(payload)
headers = {'Content-Type': 'application/json'}
try:
# TODO: import the certificate instead of using verify=False
res = requests.post(url, data=payload_json,
verify=False, headers=headers)
res.raise_for_status()
access_token = res.json()['access_token']
refresh_token = res.json()['refresh_token']
return access_token, refresh_token
except requests.exceptions.RequestException as err:
print("Request Exception:", err)
def get_csrf_token(base_url, access_token):
url = base_url + 'api/v1/security/csrf_token'
# Construct the Authorization header of the form Bearer access_token
headers = {'Authorization': 'Bearer ' + access_token}
try:
# TODO: import the certificate instead of using verify=False
res = requests.get(url, verify=False, headers=headers)
res.raise_for_status()
csrf_token = res.json()['result']
return csrf_token
except requests.exceptions.RequestException as err:
print("Request Exception:", err)
def create_database(base_url, access_token, csrf_token,
superset_database_name, database_name, database_port, database_host,
database_user, database_password):
url = base_url + 'api/v1/database'
payload = {
"database_name": superset_database_name,
"engine": "postgresql",
"configuration_method": "sqlalchemy_form",
"sqlalchemy_uri": "postgresql+psycopg2://{}:{}@{}:{}/{}".\
format(database_user, database_password, database_host, database_port, database_name)
}
payload_json = json.dumps(payload)
#headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + access_token, 'X-CSRFToken': csrf_token}
try:
session = requests.Session()
session.headers['X-CSRFToken'] = csrf_token
session.headers['Authorization'] = 'Bearer ' + access_token
session.headers['Content-Type'] = 'application/json'
# TODO: import the certificate instead of using verify=False
res = session.post(url, data=payload_json, verify=False)
print(res.text)
res.raise_for_status()
except requests.exceptions.RequestException as err:
print("Request Exception:", err)
if __name__ == '__main__':
access_token, refresh_token = login(BASE_URL, USERNAME, PASSWORD)
csrf_token = get_csrf_token(BASE_URL, access_token)
create_database(BASE_URL, access_token, csrf_token, SUPERSET_DB_NAME, DB_NAME, DB_PORT, DB_HOST,
DB_USER, DB_PASSWORD)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org