You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by as...@apache.org on 2021/03/19 15:06:30 UTC
[airflow] 28/42: Bugfix: Plugins endpoint was unauthenticated
(#14570)
This is an automated email from the ASF dual-hosted git repository.
ash pushed a commit to branch v2-0-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit bfe57d3fcdd6dde925a5207a3ba04a1b1cde7a4d
Author: Kaxil Naik <ka...@gmail.com>
AuthorDate: Tue Mar 2 23:48:10 2021 +0000
Bugfix: Plugins endpoint was unauthenticated (#14570)
The plugins endpoint missed auth check
(cherry picked from commit 0a969db2b025709505f8043721c83218a73bb84d)
---
airflow/www/views.py | 5 +++++
tests/www/test_views.py | 6 ++++++
2 files changed, 11 insertions(+)
diff --git a/airflow/www/views.py b/airflow/www/views.py
index 78dbbea..fbee413 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -2969,6 +2969,11 @@ class PluginView(AirflowBaseView):
]
@expose('/plugin')
+ @auth.has_access(
+ [
+ (permissions.ACTION_CAN_READ, permissions.RESOURCE_PLUGIN),
+ ]
+ )
def list(self):
"""List loaded plugins."""
plugins_manager.ensure_plugins_loaded()
diff --git a/tests/www/test_views.py b/tests/www/test_views.py
index efcb46e..b391e56 100644
--- a/tests/www/test_views.py
+++ b/tests/www/test_views.py
@@ -361,6 +361,12 @@ class TestPluginView(TestBase):
self.check_content_in_response("source", resp)
self.check_content_in_response("<em>test-entrypoint-testpluginview==1.0.0:</em> <Mock id=", resp)
+ def test_endpoint_should_not_be_unauthenticated(self):
+ self.logout()
+ resp = self.client.get('/plugin', follow_redirects=True)
+ self.check_content_not_in_response("test_plugin", resp)
+ self.check_content_in_response("Sign In - Airflow", resp)
+
class TestPoolModelView(TestBase):
def setUp(self):