Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

some routes trigger redirects to LOGIN_REDIRECT_URL #2

Open
landryb opened this issue Jan 30, 2025 · 1 comment
Open

some routes trigger redirects to LOGIN_REDIRECT_URL #2

landryb opened this issue Jan 30, 2025 · 1 comment

Comments

@landryb
Copy link
Member

landryb commented Jan 30, 2025

I've managed to setup the auth by header behind the s-p, but some routes (like /dashboards/users/list or /dashboards/users/userinfo to see its own info) trigger the a call to login(), while im already authenticated:

2025-01-30 14:42:37,680:INFO:werkzeug:127.0.0.1 - - [30/Jan/2025 14:42:37] "GET /dashboards/users/list/ HTTP/1.1" 302 -
2025-01-30 14:42:37,776:DEBUG:GeorchestraCustomizations:Valid roles for current user testadmin: [Admin]
2025-01-30 14:42:37,776:DEBUG:GeorchestraCustomizations:Valid roles for current user: [Admin]
2025-01-30 14:42:37,776:DEBUG:GeorchestraCustomizations:REMOTE_USER Look up user: Test ADMIN
2025-01-30 14:42:37,776:DEBUG:GeorchestraCustomizations:REMOTE_USER Login_user: Test ADMIN
2025-01-30 14:42:37,776:DEBUG:GeorchestraCustomizations:User exists. Updating profile
2025-01-30 14:42:37,785:INFO:GeorchestraCustomizations:Using custom security manager
2025-01-30 14:42:37,787:INFO:werkzeug:127.0.0.1 - - [30/Jan/2025 14:42:37] "GET /dashboards/login/?next=http://localhost:9180/dashboards/users/list/ HTTP/1.1" 302 -

since im using the sp & cas, LOGIN_REDIRECT_URL is /cas/login?next=, which displays You, testadmin, have successfully logged into the Central Authentication Service., which confirms that im logged in. i wonder if the login() implem should check first if the current user session isn't already authenticated ?

how does the gateway behave if /login is called while you're already logged in ?

i've installed via pip in a venv (and manually installed the assets after having rebuild them), running with:

PYTHONPATH=. SUPERSET_CONFIG_PATH=superset_georchestra_config.py FLASK_APP="superset.app:create_app(superset_app_root='/dashboards')" venv/bin/superset run -p 9180 --debug

and the s-p has this in targets-mapping.properties:

dashboards=http://localhost:9180/dashboards/

the SUPERSET_ADMIN role exists, and testadmin belongs to it. As testadmin i have zero issues going to /dashboards/roles/list/ or /dashboards/databaseview/list/ or going to the homepage.

creating a new dashboard redirects to http://localhost:9180/dashboards/dashboard/new/, i guess it's missing some Host header somewhere ?

as an anonymous user i'm always redirected to the login page.

there's some duplicate/unused code in GeorchestraRemoteUserView, i guess the __init__ and get_roles_from_header methods arent needed there.

oh and https://github.com/georchestra/dashboard/blob/main/config/superset/GeorchestraCustomizations.py#L65 has a nice typo (self. ROLES_PREFIX with an extra space..)
@landryb
Copy link
Member Author

landryb commented Jan 30, 2025
edited
Loading

issue more or less went away after trashing the db schema, recreating it and running superset db upgrade & superset init to re-create the default roles/perms, i dont have issues anymore on /users/userinfo and /users/list.. go figure.

creating the new dashboard still redirects to http://localhost:9180/dashboards/dashboard/new/, i guess docker/k8s does some automatic magic with Host headers somewhere.. the issue isnt present for creating a new chart or dataset

@landryb landryb mentioned this issue Jan 30, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@landryb