airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fo...@apache.org
Subject incubator-airflow git commit: [AIRFLOW-2185] Use state instead of query param
Date Thu, 15 Mar 2018 08:02:00 GMT
Repository: incubator-airflow
Updated Branches:
  refs/heads/master 7a880a7e9 -> eeca38396


[AIRFLOW-2185] Use state instead of query param

Both the Google OAuth2 and GHE authentication
plugins include the
`next_url` as a query parameter in redirect_uri.
This breaks at least
Google OAuth2, unless you include the query
parameter in the
authorized redirection URI. This isn't the most
flexible solution, as you
would have to do the same for every potential next
URL, and seems to
go against the OAuth2 spec.

Instead the next_url should be sent via the state
parameter which MUST
be maintained by all spec compliant OAuth2
implementations, and is not
used when comparing redirection URIs.

Closes #3103 from samschlegel/AIRFLOW-2185


Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/eeca3839
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/eeca3839
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/eeca3839

Branch: refs/heads/master
Commit: eeca38396015589f7dddd67f8836d5d8aa7ac010
Parents: 7a880a7
Author: Sam Schlegel <git@lutin.us>
Authored: Thu Mar 15 09:01:54 2018 +0100
Committer: Fokko Driesprong <fokkodriesprong@godatadriven.com>
Committed: Thu Mar 15 09:01:54 2018 +0100

----------------------------------------------------------------------
 airflow/contrib/auth/backends/github_enterprise_auth.py | 6 +++---
 airflow/contrib/auth/backends/google_auth.py            | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/eeca3839/airflow/contrib/auth/backends/github_enterprise_auth.py
----------------------------------------------------------------------
diff --git a/airflow/contrib/auth/backends/github_enterprise_auth.py b/airflow/contrib/auth/backends/github_enterprise_auth.py
index 2d7b345..6e4ec30 100644
--- a/airflow/contrib/auth/backends/github_enterprise_auth.py
+++ b/airflow/contrib/auth/backends/github_enterprise_auth.py
@@ -122,8 +122,8 @@ class GHEAuthBackend(object):
         log.debug('Redirecting user to GHE login')
         return self.ghe_oauth.authorize(callback=url_for(
             'ghe_oauth_callback',
-            _external=True,
-            next=request.args.get('next') or request.referrer or None))
+            _external=True),
+            state=request.args.get('next') or request.referrer or None)
 
     def get_ghe_user_profile_info(self, ghe_token):
         resp = self.ghe_oauth.get(self.ghe_api_route('/user'),
@@ -188,7 +188,7 @@ class GHEAuthBackend(object):
     def oauth_callback(self, session=None):
         log.debug('GHE OAuth callback called')
 
-        next_url = request.args.get('next') or url_for('admin.index')
+        next_url = request.args.get('state') or url_for('admin.index')
 
         resp = self.ghe_oauth.authorized_response()
 

http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/eeca3839/airflow/contrib/auth/backends/google_auth.py
----------------------------------------------------------------------
diff --git a/airflow/contrib/auth/backends/google_auth.py b/airflow/contrib/auth/backends/google_auth.py
index 65e0f3a..5ac75fd 100644
--- a/airflow/contrib/auth/backends/google_auth.py
+++ b/airflow/contrib/auth/backends/google_auth.py
@@ -109,8 +109,8 @@ class GoogleAuthBackend(object):
         return self.google_oauth.authorize(callback=url_for(
             'google_oauth_callback',
             _external=True,
-            _scheme='https',
-            next=request.args.get('next') or request.referrer or None))
+            _scheme='https'),
+            state=request.args.get('next') or request.referrer or None)
 
     def get_google_user_profile_info(self, google_token):
         resp = self.google_oauth.get('https://www.googleapis.com/oauth2/v1/userinfo',
@@ -143,7 +143,7 @@ class GoogleAuthBackend(object):
     def oauth_callback(self, session=None):
         log.debug('Google OAuth callback called')
 
-        next_url = request.args.get('next') or url_for('admin.index')
+        next_url = request.args.get('state') or url_for('admin.index')
 
         resp = self.google_oauth.authorized_response()
 


Mime
View raw message