(airflow) branch main updated: Use different default algorithms for different werkzeug versions (#46384)

potiuk Mon, 03 Feb 2025 09:56:40 -0800

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git



The following commit(s) were added to refs/heads/main by this push:
     new dafd1660fdf Use different default algorithms for different werkzeug 
versions (#46384)
dafd1660fdf is described below

commit dafd1660fdfdf008a20d95f95ea6529525bf11b8
Author: Jarek Potiuk <[email protected]>
AuthorDate: Mon Feb 3 18:56:21 2025 +0100

    Use different default algorithms for different werkzeug versions (#46384)
    
    Older werkzeug uses different algorithms for different versions - we
    should match the default algorithm for those versions.
---
 .../fab/auth_manager/security_manager/override.py  | 24 ++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git 
a/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
 
b/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
index 508720fd894..6438fea6282 100644
--- 
a/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
+++ 
b/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
@@ -839,12 +839,24 @@ class 
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         app.config.setdefault("AUTH_ROLES_MAPPING", {})
         app.config.setdefault("AUTH_ROLES_SYNC_AT_LOGIN", False)
         app.config.setdefault("AUTH_API_LOGIN_ALLOW_MULTIPLE_PROVIDERS", False)
-        app.config.setdefault(
-            "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
-            
"scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e409d093e62ad54df2af895d0e125b05ff6cf6414"
-            "8350189ffc4bcc71286edf1b8ad94a442c00f890224bf2b32153d0750c89ee9"
-            "401e62f9dcee5399065e4e5",
-        )
+
+        from packaging.version import Version
+        from werkzeug import __version__ as werkzeug_version
+
+        parsed_werkzeug_version = Version(werkzeug_version)
+        if parsed_werkzeug_version < Version("3.0.0"):
+            app.config.setdefault(
+                "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
+                "pbkdf2:sha256:150000$Z3t6fmj2$22da622d94a1f8118"
+                "c0976a03d2f18f680bfff877c9a965db9eedc51bc0be87c",
+            )
+        else:
+            app.config.setdefault(
+                "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
+                
"scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e409d093e62ad54df2af895d0e125b05ff6cf6414"
+                
"8350189ffc4bcc71286edf1b8ad94a442c00f890224bf2b32153d0750c89ee9"
+                "401e62f9dcee5399065e4e5",
+            )
 
         # LDAP Config
         if self.auth_type == AUTH_LDAP:

(airflow) branch main updated: Use different default algorithms for different werkzeug versions (#46384)

Reply via email to