You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by be...@apache.org on 2021/05/19 01:49:39 UTC
[superset] branch master updated: feat: redirect to /login when
CSRF expired (#14675)
This is an automated email from the ASF dual-hosted git repository.
beto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 065b3f9 feat: redirect to /login when CSRF expired (#14675)
065b3f9 is described below
commit 065b3f933dcb10766013d463e438ec4d2f5e0d81
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Tue May 18 18:48:35 2021 -0700
feat: redirect to /login when CSRF expired (#14675)
* feat: redirect to /login when CSRF expired
* Show exceptions on API requests
* Use is_json
---
superset/views/base.py | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/superset/views/base.py b/superset/views/base.py
index 394190e..23e9bb5 100644
--- a/superset/views/base.py
+++ b/superset/views/base.py
@@ -23,7 +23,16 @@ from typing import Any, Callable, cast, Dict, List, Optional, TYPE_CHECKING, Uni
import simplejson as json
import yaml
-from flask import abort, flash, g, get_flashed_messages, redirect, Response, session
+from flask import (
+ abort,
+ flash,
+ g,
+ get_flashed_messages,
+ redirect,
+ request,
+ Response,
+ session,
+)
from flask_appbuilder import BaseView, Model, ModelView
from flask_appbuilder.actions import action
from flask_appbuilder.forms import DynamicForm
@@ -32,6 +41,7 @@ from flask_appbuilder.security.sqla.models import Role, User
from flask_appbuilder.widgets import ListWidget
from flask_babel import get_locale, gettext as __, lazy_gettext as _
from flask_jwt_extended.exceptions import NoAuthorizationError
+from flask_wtf.csrf import CSRFError
from flask_wtf.form import FlaskForm
from sqlalchemy import or_
from sqlalchemy.orm import Query
@@ -361,6 +371,17 @@ def show_superset_errors(ex: SupersetErrorsException) -> FlaskResponse:
return json_errors_response(errors=ex.errors, status=ex.status)
+# Redirect to login if the CSRF token is expired
+@superset_app.errorhandler(CSRFError)
+def refresh_csrf_token(ex: CSRFError) -> FlaskResponse:
+ logger.warning(ex)
+
+ if request.is_json:
+ return show_http_exception(ex)
+
+ return redirect(appbuilder.get_url_for_login)
+
+
@superset_app.errorhandler(HTTPException)
def show_http_exception(ex: HTTPException) -> FlaskResponse:
logger.warning(ex)