-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorize according to API key (if given) over cookies #3877
Merged
Merged
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
49a8d7d
remove legacy session identifier support
fb39eea
remove redundant test
7794b20
redirect to login to support any invalid session identifiers
55f0273
Merge branch 'master' into remove-legacy-session-identifier-support
db1ef84
be more specific with caught errors
c7feb90
Merge branch 'master' of github.com:getredash/redash
52b4fc5
use authorization according to api_key (if provided) over session
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -127,6 +127,19 @@ def test_user_api_key(self): | |
| self.assertEqual(user.id, hmac_load_user_from_request(request).id) | ||
|
|
||
|
|
||
| class TestSessionAuthentication(BaseTestCase): | ||
| def test_prefers_api_key_over_session_user_id(self): | ||
| user = self.factory.create_user() | ||
| query = self.factory.create_query(user=user) | ||
|
|
||
| other_org = self.factory.create_org() | ||
| other_user = self.factory.create_user(org=other_org) | ||
| models.db.session.flush() | ||
|
|
||
| rv = self.make_request('get', '/api/queries/{}?api_key={}'.format(query.id, query.api_key), user=other_user) | ||
| self.assertEqual(rv.status_code, 200) | ||
|
|
||
|
|
||
| class TestCreateAndLoginUser(BaseTestCase): | ||
| def test_logins_valid_user(self): | ||
| user = self.factory.create_user(email=u'[email protected]') | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels almost as too simple 😆
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've battled flask_login for like 8 hours, trying to get it to cooperate with
user_loaderandrequest_loaderuntil this hit me 🤦♂️