Created
August 17, 2019 14:13
-
-
Save micimize/8a312ddc36f20f89517ca1828cc16383 to your computer and use it in GitHub Desktop.
Full proxy control over flask app builder (and thus apache superset) authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from flask import Blueprint, redirect | |
from flask_login import current_user, logout_user | |
from flask_appbuilder.security.manager import AUTH_OAUTH, AUTH_REMOTE_USER | |
my_blueprint = Blueprint("My Blueprint", __name__) | |
@my_blueprint.before_app_request | |
def ensure_logout_correctness(): | |
"""Ensure users are logged out when the proxy logs out | |
""" | |
remote_user = request.environ["REMOTE_USER"] | |
if ( | |
current_user | |
and hasattr(current_user, "username") | |
and current_user.username != remote_user | |
): | |
logout_user() | |
return redirect("/login") | |
class RemoteUserMiddleware(object): | |
def __init__(self, app): | |
self.app = app | |
def __call__(self, environ, start_response): | |
remote_username = environ.pop("HTTP_X_USER_ID", None) | |
environ["REMOTE_USER"] = remote_username | |
return self.app(environ, start_response) | |
ADDITIONAL_MIDDLEWARE = [RemoteUserMiddleware] | |
AUTH_TYPE = AUTH_REMOTE_USER | |
BLUEPRINTS = [my_blueprint] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Now you just set your header in the proxying app, for example in node:
If you only set
HTTP_X_USER_ID
/REMOTE_USER
, all fields in superset registration will be filled with that value.