dosubot[bot] commented on issue #29523:
URL: https://github.com/apache/superset/issues/29523#issuecomment-2217669979
<!-- Answer -->
To ensure that the role field is mandatory for users logging in via OAuth
and prevent the 500 Internal Server Error when a user without a role logs in,
you can customize the `oauth_user_info` method in your
`CustomSsoSecurityManager` to check for the presence of a role and handle the
case where a role is missing.
Here is an example of how you can modify the `CustomSsoSecurityManager` to
enforce this requirement:
```python
import logging
from superset.security import SupersetSecurityManager
from flask_appbuilder.security.sqla.models import Role
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'your_oauth_provider':
me =
self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
logging.debug("user_data: {0}".format(me))
# Ensure the user has a role
if 'role' not in me or not me['role']:
raise Exception("User does not have a role assigned")
# Map the role from the OAuth response to a Superset role
role_name = me['role']
role = self.find_role(role_name)
if not role:
raise Exception(f"Role {role_name} does not exist in
Superset")
return {
'name': me['name'],
'email': me['email'],
'id': me['user_name'],
'username': me['user_name'],
'first_name': '',
'last_name': '',
'role': role_name
}
# In your superset_config.py
from custom_sso_security_manager import CustomSsoSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
```
In this example, the `oauth_user_info` method checks if the `role` field is
present in the OAuth response. If the role is missing, it raises an exception.
Additionally, it maps the role from the OAuth response to a Superset role and
ensures that the role exists in Superset. If the role does not exist, it raises
an exception. This ensures that users without a role cannot log in, preventing
the 500 Internal Server Error
<sup>[[1]](https://github.com/apache/superset/blob/master/docs/docs/configuration/configuring-superset.mdx)</sup>.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
