Re: [PR] feat(embedded): add hook to allow superset admins to validate guest token parameters [superset]

Thu, 05 Sep 2024 03:26:24 -0700 


giftig commented on code in PR #30132:
URL: https://github.com/apache/superset/pull/30132#discussion_r1745206867


##########
tests/integration_tests/security/api_tests.py:
##########
@@ -137,6 +138,79 @@ def test_post_guest_token_bad_resources(self):
 
         self.assert400(response)
 
+    @pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
+    def test_guest_token_validator_hook(self):
+        """
+        Security API: Test various scenarios for the GUEST_TOKEN_VALIDATOR_HOOK
+        """
+
+        self.dash = 
db.session.query(Dashboard).filter_by(slug="births").first()
+        self.embedded = EmbeddedDashboardDAO.upsert(self.dash, [])
+        self.login(ADMIN_USERNAME)
+        user = {"username": "bob", "first_name": "Bob", "last_name": "Also 
Bob"}
+        resource = {"type": "dashboard", "id": str(self.embedded.uuid)}
+        rls_rule = {"dataset": 1, "clause": "tenant_id=123"}
+        params = {"user": user, "resources": [resource], "rls": [rls_rule]}
+
+        # Test False case from validator - should raise 400
+        current_app.config["GUEST_TOKEN_VALIDATOR_HOOK"] = lambda x: False
+        response = self.client.post(
+            self.uri, data=json.dumps(params), content_type="application/json"
+        )
+
+        self.assert400(response)
+
+        # Test True case from validator - should be 200
+        current_app.config["GUEST_TOKEN_VALIDATOR_HOOK"] = lambda x: True
+        response = self.client.post(
+            self.uri, data=json.dumps(params), content_type="application/json"
+        )
+
+        self.assert200(response)

Review Comment:
   I think these scenarios were better as they were before, as individual 
independent tests. I wasn't suggesting making one large test out of them, just 
reusing the common fixtures.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org

Reply via email to