Re: [PR] feat(embedded): add hook to allow superset admins to validate guest token parameters [superset]

Thu, 05 Sep 2024 14:56:28 -0700 


dmarkey commented on code in PR #30132:
URL: https://github.com/apache/superset/pull/30132#discussion_r1746198734


##########
tests/integration_tests/security/api_tests.py:
##########
@@ -137,6 +138,79 @@ def test_post_guest_token_bad_resources(self):
 
         self.assert400(response)
 
+    @pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
+    def test_guest_token_validator_hook(self):
+        """
+        Security API: Test various scenarios for the GUEST_TOKEN_VALIDATOR_HOOK
+        """
+
+        self.dash = 
db.session.query(Dashboard).filter_by(slug="births").first()
+        self.embedded = EmbeddedDashboardDAO.upsert(self.dash, [])
+        self.login(ADMIN_USERNAME)
+        user = {"username": "bob", "first_name": "Bob", "last_name": "Also 
Bob"}
+        resource = {"type": "dashboard", "id": str(self.embedded.uuid)}
+        rls_rule = {"dataset": 1, "clause": "tenant_id=123"}
+        params = {"user": user, "resources": [resource], "rls": [rls_rule]}
+
+        # Test False case from validator - should raise 400
+        current_app.config["GUEST_TOKEN_VALIDATOR_HOOK"] = lambda x: False
+        response = self.client.post(
+            self.uri, data=json.dumps(params), content_type="application/json"
+        )
+
+        self.assert400(response)
+
+        # Test True case from validator - should be 200
+        current_app.config["GUEST_TOKEN_VALIDATOR_HOOK"] = lambda x: True
+        response = self.client.post(
+            self.uri, data=json.dumps(params), content_type="application/json"
+        )
+
+        self.assert200(response)

Review Comment:
   @nytai Do you have a preference? This *feels* better as it involves loading 
that heavy dashboard fixture only once.. the rest is just pushing different 
settings around



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org

Reply via email to