codeant-ai-for-open-source[bot] commented on code in PR #39469: URL: https://github.com/apache/superset/pull/39469#discussion_r3453906021
########## tests/integration_tests/users/api_tests.py: ########## @@ -19,18 +19,31 @@ from unittest.mock import patch +from flask_appbuilder.const import AUTH_OAUTH + from superset import security_manager +from superset.extensions import db +from superset.utils.auth_db_password import get_public_auth_db_password_policy +from superset.utils.auth_db_password_hash import hash_auth_db_password from superset.utils import json, slack # noqa: F401 -from tests.conftest import with_config -from tests.integration_tests.base_tests import SupersetTestCase +from tests.integration_tests.base_tests import DEFAULT_PASSWORD, SupersetTestCase from tests.integration_tests.conftest import with_feature_flags from tests.integration_tests.constants import ADMIN_USERNAME +from tests.integration_tests.test_app import app as superset_integration_app meUri = "/api/v1/me/" # noqa: N816 +mePasswordUri = "/api/v1/me/password" # noqa: N816 AVATAR_URL = "/internal/avatar.png" class TestCurrentUserApi(SupersetTestCase): + def _restore_admin_default_password(self, app=None) -> None: Review Comment: **Suggestion:** Add an explicit type annotation for the `app` parameter (for example, a Flask app type or an optional variant) so the helper method is fully typed. [custom_rule] **Severity Level:** Minor ⚠️ <details> <summary><b>Why it matters? 🤔 </b></summary> This is a newly added Python helper method, and its `app` parameter is untyped. The custom rule requires new or modified Python functions/methods to be fully typed, so this is a real violation. </details> [](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=16623d39320f4508acbdb508908743af&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) [](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=16623d39320f4508acbdb508908743af&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** tests/integration_tests/users/api_tests.py **Line:** 40:40 **Comment:** *Custom Rule: Add an explicit type annotation for the `app` parameter (for example, a Flask app type or an optional variant) so the helper method is fully typed. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=67a1e17dec108d0c0b98186cd33509e0197574e78e90542fe21b92c3d487d0a1&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=67a1e17dec108d0c0b98186cd33509e0197574e78e90542fe21b92c3d487d0a1&reaction=dislike'>👎</a> ########## superset/utils/auth_session_stamp.py: ########## @@ -0,0 +1,154 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +"""Session stamp: invalidate all browser sessions when a user's password changes.""" + +from __future__ import annotations + +import logging +from typing import Any +from uuid import uuid4 + +from flask import Flask, has_request_context, session +from flask_login import current_user, logout_user +from sqlalchemy.exc import IntegrityError + +from superset.extensions import db + +logger = logging.getLogger(__name__) + +SESSION_AUTH_STAMP_SESSION_KEY = "_auth_session_stamp" + + +def register_session_auth_stamp_hook(app: Flask) -> None: + """Register a before_request handler that enforces the per-user session stamp.""" + if getattr(app, "superset_session_auth_stamp_hook_registered", False): + return + app.superset_session_auth_stamp_hook_registered = True + + @app.before_request + def _validate_user_session_auth_stamp() -> None: # noqa: WPS430 Review Comment: **Suggestion:** Add an inline docstring to the newly added nested request hook function so it complies with the requirement that new functions are documented. [custom_rule] **Severity Level:** Minor ⚠️ <details> <summary><b>Why it matters? 🤔 </b></summary> The nested request-hook function is newly introduced and has no docstring in the final file state. The custom rule requires newly added Python functions to be documented inline, so this is a real violation. </details> [](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=6733555a05914ffc85a8c62efe1c08b2&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) [](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=6733555a05914ffc85a8c62efe1c08b2&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** superset/utils/auth_session_stamp.py **Line:** 42:43 **Comment:** *Custom Rule: Add an inline docstring to the newly added nested request hook function so it complies with the requirement that new functions are documented. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=8109ca5695e558ec5daa657fae9cb73bc6f5794e7f0c0c6c750a7cf9bba7ed5a&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=8109ca5695e558ec5daa657fae9cb73bc6f5794e7f0c0c6c750a7cf9bba7ed5a&reaction=dislike'>👎</a> ########## tests/integration_tests/users/api_tests.py: ########## @@ -100,6 +113,214 @@ def test_update_me_empty_payload(self): rv = self.client.put("/api/v1/me/", json={}) assert rv.status_code == 400 + def test_update_me_rejects_password_when_auth_db(self): Review Comment: **Suggestion:** Add an explicit `-> None` return type annotation to this new test method to satisfy the full typing requirement for new Python code. [custom_rule] **Severity Level:** Minor ⚠️ <details> <summary><b>Why it matters? 🤔 </b></summary> This is a newly added test method and it omits an explicit return annotation. Under the rule for new Python code, it should be fully typed, so the issue is real. </details> [](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=a65f4dcd1038452f868b3e0f7bf0e712&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) [](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=a65f4dcd1038452f868b3e0f7bf0e712&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** tests/integration_tests/users/api_tests.py **Line:** 116:116 **Comment:** *Custom Rule: Add an explicit `-> None` return type annotation to this new test method to satisfy the full typing requirement for new Python code. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=aa06020ce8fd2cccd3d7a84523b30635c5db6a5096862bc9a2959c04de318771&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=aa06020ce8fd2cccd3d7a84523b30635c5db6a5096862bc9a2959c04de318771&reaction=dislike'>👎</a> ########## tests/integration_tests/users/api_tests.py: ########## @@ -100,6 +113,214 @@ def test_update_me_empty_payload(self): rv = self.client.put("/api/v1/me/", json={}) assert rv.status_code == 400 + def test_update_me_rejects_password_when_auth_db(self): + self.login(ADMIN_USERNAME) + rv = self.client.put(meUri, json={"password": "ignored"}) + assert rv.status_code == 400 + data = json.loads(rv.data.decode("utf-8")) + assert "AUTH_TYPE is AUTH_DB" in data["message"] + + def test_put_my_password_wrong_current(self): Review Comment: **Suggestion:** Add an explicit `-> None` return type annotation to this new test method to keep newly introduced methods fully typed. [custom_rule] **Severity Level:** Minor ⚠️ <details> <summary><b>Why it matters? 🤔 </b></summary> This is another newly added test method without a return type annotation. Since the surrounding code is being changed, the custom rule requires it to be fully typed. </details> [](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=c81c6a0cfd664bce8cad294fc4b492b6&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) [](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=c81c6a0cfd664bce8cad294fc4b492b6&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** tests/integration_tests/users/api_tests.py **Line:** 123:123 **Comment:** *Custom Rule: Add an explicit `-> None` return type annotation to this new test method to keep newly introduced methods fully typed. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=cf24be972741261b29e4f8fff438f78311eab492f925415e9a2ef45fe24048b1&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=cf24be972741261b29e4f8fff438f78311eab492f925415e9a2ef45fe24048b1&reaction=dislike'>👎</a> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
