This is an automated email from the ASF dual-hosted git repository. vavila pushed a commit to branch fix/follow-up-fix-oauth in repository https://gitbox.apache.org/repos/asf/superset.git
commit 3cae71c5f3213bcc95d73ab8ca055aee6bf3e471 Author: Vitor Avila <[email protected]> AuthorDate: Tue Jan 14 11:17:09 2025 -0300 fix(OAuth): Remove masked_encrypted_extra from DB update properties --- superset/commands/database/update.py | 2 +- tests/unit_tests/commands/databases/update_test.py | 48 ++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/superset/commands/database/update.py b/superset/commands/database/update.py index 8cc5e42451..fbf90694f4 100644 --- a/superset/commands/database/update.py +++ b/superset/commands/database/update.py @@ -72,7 +72,7 @@ class UpdateDatabaseCommand(BaseCommand): self._properties["encrypted_extra"] = ( self._model.db_engine_spec.unmask_encrypted_extra( self._model.encrypted_extra, - self._properties["masked_encrypted_extra"], + self._properties.pop("masked_encrypted_extra"), ) ) diff --git a/tests/unit_tests/commands/databases/update_test.py b/tests/unit_tests/commands/databases/update_test.py index a7a1dd97c5..daf41b7506 100644 --- a/tests/unit_tests/commands/databases/update_test.py +++ b/tests/unit_tests/commands/databases/update_test.py @@ -418,6 +418,54 @@ def test_remove_oauth_config_purges_tokens( database_needs_oauth2.purge_oauth2_tokens.assert_called() +def test_update_oauth2_removes_masked_encrypted_extra_key( + mocker: MockerFixture, + database_needs_oauth2: MockerFixture, +) -> None: + """ + Test that the ``masked_encrypted_extra`` key is properly purged from the properties. + """ + DatabaseDAO = mocker.patch("superset.commands.database.update.DatabaseDAO") # noqa: N806 + DatabaseDAO.find_by_id.return_value = database_needs_oauth2 + DatabaseDAO.update.return_value = database_needs_oauth2 + + find_permission_view_menu = mocker.patch.object( + security_manager, + "find_permission_view_menu", + ) + find_permission_view_menu.side_effect = [ + None, + "[my_db].[schema2]", + ] + add_permission_view_menu = mocker.patch.object( + security_manager, + "add_permission_view_menu", + ) + + modified_oauth2_client_info = oauth2_client_info.copy() + modified_oauth2_client_info["scope"] = "scope-b" + + UpdateDatabaseCommand( + 1, + { + "masked_encrypted_extra": json.dumps( + {"oauth2_client_info": modified_oauth2_client_info} + ) + }, + ).run() + + add_permission_view_menu.assert_not_called() + database_needs_oauth2.purge_oauth2_tokens.assert_called() + DatabaseDAO.update.assert_called_with( + database_needs_oauth2, + { + "encrypted_extra": json.dumps( + {"oauth2_client_info": modified_oauth2_client_info} + ) + }, + ) + + def test_update_other_fields_dont_affect_oauth( mocker: MockerFixture, database_needs_oauth2: MockerFixture,
