mik-laj edited a comment on issue #8111:
URL: https://github.com/apache/airflow/issues/8111#issuecomment-609051162
I think we can add a simple decorator that will call functions before
handling requests. This function will be responsible for checking the
credentials and setting the user attribute in the flask context. FAB and
flask_login work in the same way, so we will be able to create a delegate some
operation to it. This should not be the only way to introduce a new
authorization method. We should be as independent as possible from third-party
libraries. However, if possible, we should optionally support their use.
A simple code example that authenticates a user with an HTTP header may look
like this.
```python
from flask import request, g
REMOTE_USER_HEADER = 'REMOTE_USER'
username = request.headers.get(REMOTE_USER_HEADER)
if not username:
raise AuthenticationProblem(
403, "Forbidden", f"Header {REMOTE_USER_HEADER} is missing in
the request"
)
if not request.authorization:
user = current_app.appbuilder.sm.auth_user_remote_user(username)
if user is None:
raise AuthenticationProblem(
403, "Forbidden", f"Not authorized"
)
log.info("User authorized: %s", user)
g.user = user
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
