Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catch error when no user is set on request #44

Closed
wants to merge 1 commit into from
Closed

Catch error when no user is set on request #44

wants to merge 1 commit into from

Conversation

Charl1996
Copy link
Contributor

When trying to access https://commcare-analytics-staging.dimagi.com/ the server responds with a 500. The logs show the error at the bottom.

The issue seems to be the fact that security_manager.is_admin() doesn't handle no user being set on the request. This PR is really only to catch this error and return False. I'm not sure why this wasn't picked up before.

Traceback (most recent call last):
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/flask/app.py", line 1482, in full_dispatch_request
    rv = self.preprocess_request()
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/flask/app.py", line 1974, in preprocess_request
    rv = self.ensure_sync(before_func)()
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/hq_superset/hq_domain.py", line 7, in before_request_hook
    return ensure_domain_selected()
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/hq_superset/hq_domain.py", line 44, in ensure_domain_selected
    if is_user_admin() or (
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/hq_superset/hq_domain.py", line 38, in is_user_admin
    return security_manager.is_admin()
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/superset/security/manager.py", line 2340, in is_admin
    role.name for role in self.get_user_roles()
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/superset/security/manager.py", line 2025, in get_user_roles
    if user.is_anonymous:
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/werkzeug/local.py", line 311, in __get__
    obj = instance._get_current_object()
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/werkzeug/local.py", line 515, in _get_current_object
    return get_name(local())  # type: ignore
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/flask_login/utils.py", line 25, in <lambda>
    current_user = LocalProxy(lambda: _get_user())
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/flask_login/utils.py", line 370, in _get_user
    current_app.login_manager._load_user()
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/flask_login/login_manager.py", line 364, in _load_user
    user = self._user_callback(user_id)
  File "/home/ubuntu/www/.virtualenvs/superset/lib/python3.10/site-packages/flask_appbuilder/security/manager.py", line 2158, in load_user
    if user.is_active:
AttributeError: 'NoneType' object has no attribute 'is_active'

@Charl1996 Charl1996 requested a review from kaapstorm April 30, 2024 10:31
kaapstorm
kaapstorm reviewed Apr 30, 2024
View reviewed changes
hq_superset/hq_domain.py
Comment on lines +37 to +41
try:
from superset import security_manager
return security_manager.is_admin()
except AttributeError:
return False
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It bothers me that we have to catch this error, because it's not in our codebase.

What if we first check the user, like so?

Suggested change
try:
from superset import security_manager
return security_manager.is_admin()
except AttributeError:
return False
from superset import security_manager
from flask import g
return g.user and security_manager.is_admin()

Copy link
Contributor Author

@Charl1996 Charl1996 Apr 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kaapstorm

It bothers me that we have to catch this error, because it's not in our codebase.

Yeah, but at this stage I'm more prone getting it to work in our code.

The g.user is the part where it fails hard. Just running g.user will raise the AttributeError.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does security manager provide another method on it that we can call to check if there is a user or not before calling is_admin?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we instead at least do this

try:
    # Check if there is a user first before checking for admin via security manager
    g.user
except AttributeError:
    return False
return security_manager.is_admin()

mkangia
mkangia requested changes Apr 30, 2024
View reviewed changes
hq_superset/hq_domain.py
Comment on lines +37 to +41
try:
from superset import security_manager
return security_manager.is_admin()
except AttributeError:
return False
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does security manager provide another method on it that we can call to check if there is a user or not before calling is_admin?

@Charl1996
Copy link
Contributor Author

Charl1996 commented Apr 30, 2024
edited
Loading

@mkangia

Does security manager provide another method on it that we can call to check if there is a user or not before calling is_admin?

There is a get_user_by_username method where we can try and retrieve the admin user by username, but I don't think that a good solution as we'd have to store the admin user's username in an env file. And what if there's two admin users? It just becomes messy.

@Charl1996 Charl1996 closed this May 1, 2024
@Charl1996
Copy link
Contributor Author

Update: the issue was related to the SECRET_KEY not being property configured, hence the user id in the session was wrong.

@mkangia mkangia deleted the catch-error-when-no-user-set branch May 1, 2024 18:10
@mkangia
Copy link
Contributor

mkangia commented May 1, 2024

Update: the issue was related to the SECRET_KEY not being property configured, hence the user id in the session was wrong.

Glad that Norman and I pushing back on the change, motivated you to look deeper and find this route cause @Charl1996 🥇

@Charl1996
Copy link
Contributor Author

@mkangia

True. Sometimes it's worth spending that extra bit of time, even though it's important to get solutions out. Priority != sloppy solution.

Anycase, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkangia mkangia mkangia requested changes

@kaapstorm kaapstorm kaapstorm left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Charl1996 @mkangia @kaapstorm