This is an automated email from the ASF dual-hosted git repository. ash pushed a commit to branch v2-0-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit bfe57d3fcdd6dde925a5207a3ba04a1b1cde7a4d Author: Kaxil Naik <[email protected]> AuthorDate: Tue Mar 2 23:48:10 2021 +0000 Bugfix: Plugins endpoint was unauthenticated (#14570) The plugins endpoint missed auth check (cherry picked from commit 0a969db2b025709505f8043721c83218a73bb84d) --- airflow/www/views.py | 5 +++++ tests/www/test_views.py | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/airflow/www/views.py b/airflow/www/views.py index 78dbbea..fbee413 100644 --- a/airflow/www/views.py +++ b/airflow/www/views.py @@ -2969,6 +2969,11 @@ class PluginView(AirflowBaseView): ] @expose('/plugin') + @auth.has_access( + [ + (permissions.ACTION_CAN_READ, permissions.RESOURCE_PLUGIN), + ] + ) def list(self): """List loaded plugins.""" plugins_manager.ensure_plugins_loaded() diff --git a/tests/www/test_views.py b/tests/www/test_views.py index efcb46e..b391e56 100644 --- a/tests/www/test_views.py +++ b/tests/www/test_views.py @@ -361,6 +361,12 @@ class TestPluginView(TestBase): self.check_content_in_response("source", resp) self.check_content_in_response("<em>test-entrypoint-testpluginview==1.0.0:</em> <Mock id=", resp) + def test_endpoint_should_not_be_unauthenticated(self): + self.logout() + resp = self.client.get('/plugin', follow_redirects=True) + self.check_content_not_in_response("test_plugin", resp) + self.check_content_in_response("Sign In - Airflow", resp) + class TestPoolModelView(TestBase): def setUp(self):
