You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/08/23 15:38:49 UTC
[GitHub] [superset] bonamim opened a new issue, #21164: The menu bar is accessible through the login screen using OAuth (Google)
bonamim opened a new issue, #21164:
URL: https://github.com/apache/superset/issues/21164
After changing the **Apache Superset** to use the **OAuth (Google)** setting. The **menu bar** started to appear on the login screen ⚠️
#### How to reproduce the bug
1. We tried to use the steps described [**here**](https://superset.apache.org/docs/installation/running-on-kubernetes/#setting-up-oauth);
2. The config inside the Pod:
```
config_oauth: |
CSRF_ENABLED = True
# This will make sure the redirect_uri is properly computed, even with SSL offloading
ENABLE_PROXY_FIX = True
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
"name": "google",
"icon": "fa-google",
"token_key": "access_token",
"remote_app": {
"client_id": os.getenv("GOOGLE_KEY"),
"client_secret": os.getenv("GOOGLE_SECRET"),
"api_base_url": "https://www.googleapis.com/oauth2/v2/",
"client_kwargs": {"scope": "email profile"},
"request_token_url": None,
"access_token_url": "https://accounts.google.com/o/oauth2/token",
"authorize_url": "https://accounts.google.com/o/oauth2/auth",
"authorize_params": {"hd": os.getenv("AUTH_DOMAIN", "")}
},
}
]
# Map Authlib roles to superset roles
AUTH_ROLE_ADMIN = 'Admin'
AUTH_ROLE_PUBLIC = 'Gamma'
# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Gamma"
```
### Expected results ✅
Login screen **without** available menu bar:
You **cannot** access the dashboard list even if you are not logged in:
### Actual results ❌
Login screen **with** available menu bar:
You **can** access the dashboard list even if you are not logged in:
### Environment
- browser type and version: Chrome (Version 104.0.5112.101)
- superset version: `superset version` 2.0.0
- any feature flags active:
- ENABLE_TEMPLATE_PROCESSING
### Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [ ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [x] I have reproduced the issue with at least the latest released version of superset.
- [x] I have checked the issue tracker for the same issue and I haven't found one similar.
### Additional context
- Helm Chart
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mrigbysmoove commented on issue #21164: The menu bar is accessible through the login screen using OAuth (Google)
Posted by GitBox <gi...@apache.org>.
mrigbysmoove commented on issue #21164:
URL: https://github.com/apache/superset/issues/21164#issuecomment-1225361104
"AUTH_ROLE_PUBLIC = 'Gamma'" means that users not logged in have the Gamma role. if you want only authenticated users to have any access, you want that setting to just not be configured at all
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] bonamim closed issue #21164: The menu bar is accessible through the login screen using OAuth (Google)
Posted by GitBox <gi...@apache.org>.
bonamim closed issue #21164: The menu bar is accessible through the login screen using OAuth (Google)
URL: https://github.com/apache/superset/issues/21164
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] bonamim commented on issue #21164: The menu bar is accessible through the login screen using OAuth (Google)
Posted by GitBox <gi...@apache.org>.
bonamim commented on issue #21164:
URL: https://github.com/apache/superset/issues/21164#issuecomment-1233116726
Thanks @mrigbysmoove 👍
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org