You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/11/29 22:11:45 UTC
[GitHub] [incubator-superset] metaperl opened a new issue #8695: "Custom
OAuth2 configuration" should mention auth_user_oauth and releveant info in
Flask-AppBuilder security
metaperl opened a new issue #8695: "Custom OAuth2 configuration" should mention auth_user_oauth and releveant info in Flask-AppBuilder security
URL: https://github.com/apache/incubator-superset/issues/8695
A clear and concise description of what the bug is.
### Expected results
To be able to read [the superset docs on Custom OAuth2 configuration](https://superset.incubator.apache.org/installation.html#custom-oauth2-configuration) and implement custom oauth2 configuration.
### Actual results
One follows the docs and finds oneself unable to **completely** process users using OAuth2.
# Suggested fix
The first thing is to make it clear that another inherited method, `auth_user_oauth`, will be called and state where this method lives. Mention the inheritance hierarchy of `CustomSSOSecurityManager` and make it clear that the default `auth_user_oauth` will return an error for users not in the database.
Also make it clear where the default Superset database is and how this is configured.
Suggest that `auth_user_oauth` be overridden as well so that people do not need to [ask questions on Stackoverflow](https://stackoverflow.com/questions/47696881/how-to-add-user-and-login-with-google-oauth).
Provde a sample implementation that works, like this:
```python
def auth_user_oauth(self, userinfo):
"""
OAuth user Authentication
:userinfo: dict with user information the keys have the same name
as User model columns.
"""
logger.debug("in auth_user_oauth")
if "username" in userinfo:
user = self.find_user(username=userinfo["username"])
elif "email" in userinfo:
user = self.find_user(email=userinfo["email"])
else:
user = False
logger.error("User info does not have username or email {0}".format(userinfo))
logger.debug("user after find_user={}. type={}".format(user, type(user)))
# return None
# User is disabled
# if user and not user.is_active:
# logger.info(LOGMSG_WAR_SEC_LOGIN_FAILED.format(userinfo))
# return None
# If user does not exist on the DB and not self user registration, go away
if not user and not self.auth_user_registration:
logger.debug("user does not exist on the DB and not self user registration, go away")
return None
# User does not exist, create one if self registration.
if not user:
aur = self.auth_user_registration_role
role = self.find_role(aur)
logger.debug("Adding user with role={} representing aur={}".format(role, aur))
user = self.add_user(
username=userinfo["username"],
first_name=userinfo.get("first_name", ""),
last_name=userinfo.get("last_name", ""),
email=userinfo.get("email", ""),
role=role
)
if not user:
logger.error("Error creating a new OAuth user %s" % userinfo["username"])
return None
else:
logger.debug("Success!")
logger.debug("final userbefore update ={}".format(user))
self.update_user_auth_stat(user)
return user
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org