dosubot[bot] commented on issue #30385: URL: https://github.com/apache/superset/issues/30385#issuecomment-2373722884
<!-- Greeting --> Hey @sundar68! I'm here to help you with any issues or questions you have. Let's tackle this bug together! <!-- Answer --> I found some similar discussions and a closed issue that might be relevant to your problem: 1. ["/api/v1/me/ gives '401 Unauthorized' error even when I pass the access token in headers"](https://github.com/apache/superset/discussions/29976) <sup>[[1]](https://github.com/apache/superset/discussions/29976)</sup>. 2. ["Failed to retrieve token from superset"](https://github.com/apache/superset/discussions/26277) <sup>[[2]](https://github.com/apache/superset/discussions/26277)</sup>. 3. ["Superset API return 401 Access Denied: Invalid Credential even when I am using access_token from admin account"](https://github.com/apache/superset/discussions/27960) <sup>[[3]](https://github.com/apache/superset/discussions/27960)</sup>. 4. A closed issue: ["500: Internal server error"](https://github.com/apache/superset/issues/22819) <sup>[[4]](https://github.com/apache/superset/issues/22819)</sup>. The closed issue suggested a solution involving downgrading certain packages: ```sh pip uninstall wtforms pip install wtforms==2.3.3 pip uninstall flask pip install flask==2.0.3 pip uninstall werkzeug pip install werkzeug==2.0.3 ``` Regarding the 500 internal server error for the `/api/v1/security/login` endpoint, it is likely due to an issue within the `guest_token` method. Here are some potential causes: 1. **Validation Errors**: If the payload does not conform to the expected schema, a `ValidationError` will be raised. This should return a 400 error, but if there is an unhandled validation issue, it could result in a 500 error. 2. **Guest Token Validator Hook**: If the `GUEST_TOKEN_VALIDATOR_HOOK` is not callable or fails validation, it raises a `SupersetGenericErrorException` or `ValidationError`, respectively. If these exceptions are not properly caught, they could result in a 500 error. 3. **Token Creation Issues**: If there is an issue with the `create_guest_access_token` method, it could also result in a 500 error. Here is the relevant code snippet that could be causing the issue: ```python try: body = guest_token_create_schema.load(request.json) self.appbuilder.sm.validate_guest_token_resources(body["resources"]) guest_token_validator_hook = current_app.config.get("GUEST_TOKEN_VALIDATOR_HOOK") if guest_token_validator_hook is not None: if callable(guest_token_validator_hook): if not guest_token_validator_hook(body): raise ValidationError(message="Guest token validation failed") else: raise SupersetGenericErrorException( message="Guest token validator hook not callable" ) token = self.appbuilder.sm.create_guest_access_token( body["user"], body["resources"], body["rls"] ) return self.response(200, token=token) except EmbeddedDashboardNotFoundError as error: return self.response_400(message=error.message) except ValidationError as error: return self.response_400(message=error.messages) ``` To debug this issue, you should: - Ensure the payload conforms to the `GuestTokenCreateSchema`. - Verify that the `GUEST_TOKEN_VALIDATOR_HOOK` is correctly configured and callable. - Check the implementation of `create_guest_access_token` for any potential issues <sup>[[5]](https://github.com/apache/superset/blob/master/superset/security/api.py)</sup><sup>[[6]](https://github.com/apache/superset/blob/master/tests/integration_tests/security/api_tests.py)</sup>. Additionally, the expected input and output schemas for the `/api/v1/security/login` endpoint are as follows: **Input Schema:** ```json { "type": "object", "properties": { "password": { "description": "The password for authentication", "example": "complex-password", "type": "string" }, "provider": { "description": "Choose an authentication provider", "enum": ["db", "ldap"], "example": "db", "type": "string" }, "refresh": { "description": "If true a refresh token is provided also", "example": true, "type": "boolean" }, "username": { "description": "The username for authentication", "example": "admin", "type": "string" } }, "required": true } ``` **Output Schema:** ```json { "type": "object", "properties": { "access_token": { "type": "string" }, "refresh_token": { "type": "string" } } } ``` <sup>[[7]](https://github.com/apache/superset/blob/master/docs/static/resources/openapi.json)</sup> <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
