pierrejeambrun commented on code in PR #42019: URL: https://github.com/apache/airflow/pull/42019#discussion_r1746942510
########## airflow/api_ui/security.py: ########## @@ -0,0 +1,106 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +from __future__ import annotations + +from typing import Callable, cast + +from fastapi import Depends, HTTPException, Request +from fastapi.security import HTTPBasic, HTTPBasicCredentials +from typing_extensions import Annotated + +from airflow.auth.managers.base_auth_manager import ResourceMethod +from airflow.auth.managers.models.base_user import BaseUser +from airflow.auth.managers.models.resource_details import DagAccessEntity, DagDetails, DatasetDetails +from airflow.providers.fab.auth_manager.api.auth.backend.basic_auth import auth_current_user +from airflow.providers.fab.auth_manager.models import User +from airflow.www.extensions.init_auth_manager import get_auth_manager + +security = HTTPBasic() + + +def method(request: Request) -> ResourceMethod: + return cast(ResourceMethod, request.method) + + +def check_authentication( + credentials: Annotated[HTTPBasicCredentials, Depends(security)], +) -> User | None: + """Check that the request has valid authorization information.""" + # TODO: + # - Handle other auth backends + # - Handle AUTH_ROLE_PUBLIC + user = auth_current_user(credentials) Review Comment: This is what I did at first, exact same code, the problem is in the current state, none of the backends are working with fastapi for the same reason, they all need a flask app context to access `flask.g`, `flask.request`. So I modified what is necessary on the `basic_auth` to make it work, but then limited the bakend to basic auth because others won't be working. (kerberos and session backend mostly), and it is too much effort to make it work cleanly so I 'hacked' my way around the `basic_auth` and limited fastapi to it for the moment. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
