GitHub user Spaarsh added a comment to the discussion: Logging out from Web UI
still raises Airflow 405 error
(I have already posted a comment under the referenced issue and am posting the
same comment here as well.)
It took me a while to triage this issue. I went through the main-branch code as
well as the last released source code of airflow (2.10.4). I think I may have a
way of solving this. Please correct me if I am wrong!
### Triaging
I thoroughly went through the entirety of the auth-related code (to the best of
my ability). There is no wrong method being called. But since the FAB requires
us to not allow any GET requests at the /logout API endpoint, the HTML can't be
rendered when a user manually enters the URL in the browser point.
Before moving further though, I wanted to ensure that the /logout endpoint does
work for POST requests. There is one instance of a JS code sending a POST
request to the /logout endpoint via the ```no_roles_permissions.html```, where
there is a logout button. In order to test this, I created a user with no roles
using the command:
```
airflow users create \
--username no_roles_user \
--firstname No \
--lastname Roles \
--email [email protected] \
--password your_password \
--role Public
```
When I then went to the /home page, the expected page showed up:
When I clicked on the "logout" button, I was successfully able to log out,
indicating no fault at the endpoint itself.
### Solution
Hence my solution is as follows:
We can create a new endpoint such as ```/logout_page``` which renders an HTML
which has a logout button. The logout button has a JS event handler that sends
the POST request to the /logout endpoint, resulting in successful logout using
GUI.
This way, the GET request doesn't happen on our /logout endpoint itself (thus
not violating any FAB requirements) while also enabling a GUI-based logout
action.
If this is the correct approach, I am willing to open a PR.
GitHub link:
https://github.com/apache/airflow/discussions/45360#discussioncomment-11718958
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
