pierrejeambrun commented on code in PR #55506:
URL: https://github.com/apache/airflow/pull/55506#discussion_r2362322994
##########
airflow-core/src/airflow/api_fastapi/core_api/security.py:
##########
@@ -96,14 +97,22 @@ async def resolve_user_from_token(token_str: str | None) ->
BaseUser:
async def get_user(
+ request: Request,
oauth_token: str | None = Depends(oauth2_scheme),
bearer_credentials: HTTPAuthorizationCredentials | None =
Depends(bearer_scheme),
) -> BaseUser:
- token_str = None
+ # A user might have been already built by a middleware, if so, it is
stored in `request.state.user`
+ user: BaseUser | None = getattr(request.state, "user", None)
+ if user:
+ return user
+
+ token_str: str | None
if bearer_credentials and bearer_credentials.scheme.lower() == "bearer":
token_str = bearer_credentials.credentials
elif oauth_token:
token_str = oauth_token
+ else:
+ token_str = request.cookies.get(COOKIE_NAME_JWT_TOKEN)
Review Comment:
Yes you're right, lets keep it like that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
