shivaam commented on issue #52143:
URL: https://github.com/apache/airflow/issues/52143#issuecomment-4804903141

   I looked into this and confirmed the root cause in older FAB provider 
releases: `load_user()` calls `user.is_active` after `get_user_by_id()` can 
return `None` for a deleted session user.
   
   Current `main` branch already handles this. 
https://github.com/apache/airflow/blob/21cbbf663b140f4a84cf123acb90328a6a4d30f5/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py#L1420
   
   The missing-user guard appears to have landed in #50960, and #61943 later 
added rollback-on-error hardening. 
   v-3-0-stable still has the problem and so does other some other releases as 
well. 
   
   
https://github.com/apache/airflow/blob/e965c2e676d85ced65a485d4b2601addc2fd3e97/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py#L1363-L1366
   
   Should this issue be handled as a backport-only fix for affected branches, 
or should it be closed as fixed in newer FAB provider releases?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to