cube icon indicating copy to clipboard operation
cube copied to clipboard

Published 20 hours ago • verified publisher icon cube-js

Assigning to security context in check_auth doesn't work in Python

Open igorlukanin opened this issue 3 months ago • 2 comments

Describe the bug Apparently, assigning to security context works in check_auth in JavaScript but doesn't work in Python.

To Reproduce Run the following cube.py snippet:

from cube import config
 
@config('query_rewrite')
def query_rewrite(query: dict, ctx: dict) -> dict:
  print("Query rewrite started")
  print(ctx)
  print("Query rewrite finished")
  return query

@config('check_auth')
def check_auth(ctx: dict, token: str) -> None:

  ctx['securityContext'] = {
    "sub": "1234567890",
    "iat": 1516239022,
    "user_id": 42
  }

  context = ctx['securityContext']

  print(context)
 
  if not context:
    raise Exception('Access denied')
  return ctx

Result: Screenshot 2024-03-13 at 15 41 46

Expected behavior Assigning to security context works in Python, 42 is printed as user_id inside the security context.

Version: 0.35.10

Additional context We can fix this in a backwards-compatible way as follows:

  • Similarly to check_sql_auth, support returning security context from check_auth both in JavaScript and Python.
  • If nothing is returned, fall back to the current behavior.

igorlukanin avatar Apr 11 '24 22:04 igorlukanin