superset icon indicating copy to clipboard operation
superset copied to clipboard
verified publisher icon apache

Dashboard links are leading to Internal Error when user is not logged in

Open theromsh opened this issue 1 year ago • 4 comments

Bug description

We are using apache-superset version 3.0.3 When a user that is not logged in tries to reach a dashboard link (e.g: https://<superset_domain>/superset/dashboard/<dashboard_id>/) he get Internal server error (500) The error message in logs

Traceback (most recent call last): File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/flask/app.py", line 1823, in full_dispatch_request rv = self.dispatch_request() File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/flask/app.py", line 1799, in dispatch_request return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/flask_appbuilder/security/decorators.py", line 137, in wraps return f(self, *args, **kwargs) File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/superset/utils/log.py", line 253, in wrapper value = f(*args, add_extra_log_payload=log, **kwargs) File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/superset/views/core.py", line 898, in dashboard "user": bootstrap_user_data(g.user, include_perms=True), File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/superset/views/utils.py", line 97, in bootstrap_user_data roles, permissions = get_permissions(user) File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/superset/views/utils.py", line 111, in get_permissions roles_permissions = security_manager.get_user_roles_permissions(user) File "/home/build/.pyzr/venvs/superset-bl5I_M_4-py3.10/lib/python3.10/site-packages/flask_appbuilder/security/sqla/manager.py", line 420, in get_user_roles_permissions result[role.name] = [] AttributeError: 'NoneType' object has no attribute 'name'

I think it's important to mention that are using Google/ Dex for authentication so we SupersetSecurityManager override with CustomSsoSecurityManager based on this doc Screenshot 2024-04-15 at 9 51 40

How to reproduce the bug

  1. Go to a randomly superset's dashboard page
  2. Copy this link
  3. Log out from your account
  4. Go to the copied link

Screenshots/recordings

No response

Superset version

3.1.2

Python version

3.10

Node version

16

Browser

Chrome

Additional context

No response

Checklist

  • [X] I have searched Superset docs and Slack and didn't find a solution to my problem.
  • [ ] I have searched the GitHub issue tracker and didn't find a similar bug report.
  • [X] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

theromsh avatar Apr 15 '24 06:04 theromsh

Are you actually seeing a 500 in your logs? This seems truthful. According to your error, it sounds like on line 420, you should throw a 403 and/or redirect to the login page.

rusackas avatar Apr 15 '24 17:04 rusackas

Are you actually seeing a 500 in your logs? This seems truthful. According to your error, it sounds like on line 420, you should throw a 403 and/or redirect to the login page.

@rusackas It's within flask_appbuilder python package. I can't control that.

theromsh avatar Apr 16 '24 11:04 theromsh

Ahh... then perhaps @dpgaspar will have some insight.

rusackas avatar Apr 16 '24 16:04 rusackas

I was able to pass this error with AUTH_ROLE_PUBLIC = "Gamma" in superset_config.py then the guest user must have that role

meska avatar Jun 24 '24 10:06 meska

Hoping the above comment helped the original author. This has been silent for 9 months, so I'll close it as stale/solved, but it sounds like a config issue more than a bug anyway. We can take it to GitHub Discussions or Slack if it needs further attention.

rusackas avatar Mar 19 '25 21:03 rusackas