cube
cube copied to clipboard
Assigning to security context in check_auth doesn't work in Python
Describe the bug
Apparently, assigning to security context works in check_auth
in JavaScript but doesn't work in Python.
To Reproduce
Run the following cube.py
snippet:
from cube import config
@config('query_rewrite')
def query_rewrite(query: dict, ctx: dict) -> dict:
print("Query rewrite started")
print(ctx)
print("Query rewrite finished")
return query
@config('check_auth')
def check_auth(ctx: dict, token: str) -> None:
ctx['securityContext'] = {
"sub": "1234567890",
"iat": 1516239022,
"user_id": 42
}
context = ctx['securityContext']
print(context)
if not context:
raise Exception('Access denied')
return ctx
Result:
Expected behavior
Assigning to security context works in Python, 42 is printed as user_id
inside the security context.
Version: 0.35.10
Additional context We can fix this in a backwards-compatible way as follows:
- Similarly to
check_sql_auth
, support returning security context fromcheck_auth
both in JavaScript and Python. - If nothing is returned, fall back to the current behavior.