ephraimbuddy commented on a change in pull request #15042:
URL: https://github.com/apache/airflow/pull/15042#discussion_r617886852
##########
File path: airflow/www/security.py
##########
@@ -728,3 +735,102 @@ def check_authorization(
return False
return True
+
+ # TODO: Whether to create APISecurityManager and move api related code to
it?
+ def is_user_logged_in(self):
+ """Raise if user already logged in"""
+ if g.user is not None and g.user.is_authenticated:
+ raise Unauthenticated(detail="Client already authenticated") #
For security
+
+ def login_with_user_pass(self, username, password):
+ """Convenience method for user login through the API"""
+ self.is_user_logged_in()
+ if self.auth_type not in (AUTH_DB, AUTH_LDAP):
+ raise Unauthenticated(detail="Authentication type do not match")
+ user = None
+ if self.auth_type == AUTH_DB:
+ user = self.auth_user_db(username, password)
+ elif self.auth_type == AUTH_LDAP:
+ user = self.auth_user_ldap(username, password)
+ return user
+
+ def oauth_authorization_url(self, app, provider, redirect_url):
+ """Get authorization url for oauth"""
+ self.is_user_logged_in()
+ if self.auth_type != AUTH_OAUTH:
+ raise Unauthenticated(detail="Authentication type do not match")
+ state = jwt.encode(
+ request.args.to_dict(flat=False),
+ app.config["SECRET_KEY"],
+ algorithm="HS256",
+ )
+ auth_provider = self.oauth_remotes[provider]
+ try:
+
+ if provider == "twitter":
+ redirect_uri = redirect_url + f"&state={state}"
+ auth_data =
auth_provider.create_authorization_url(redirect_uri=redirect_uri)
+ auth_provider.save_authorize_data(request,
redirect_uri=redirect_uri, **auth_data)
+ return dict(auth_url=auth_data['url'])
+ else:
+ state = state.decode("ascii") if isinstance(state, bytes) else
state
+ auth_data = auth_provider.create_authorization_url(
+ redirect_uri=redirect_url,
+ state=state,
+ )
+ auth_provider.save_authorize_data(request,
redirect_uri=redirect_url, **auth_data)
+ return dict(auth_url=auth_data['url'])
Review comment:
I figured if we don't set any parameter in Spec then we can send any
number of items in the query string. So I have updated this to do redirect in
the browser.
Tested with google oauth on a browser. Had to allow the creation of sessions
on REST API before it could work. Without it, it fails with
`MismatchingStateError: mismatching_state: CSRF Warning! State not equal in
request and response`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
