From commits-return-25121-archive-asf-public=cust-asf.ponee.io@airflow.incubator.apache.org Fri Oct 12 10:38:06 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id AF9A6180660 for ; Fri, 12 Oct 2018 10:38:05 +0200 (CEST) Received: (qmail 54978 invoked by uid 500); 12 Oct 2018 08:38:04 -0000 Mailing-List: contact commits-help@airflow.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airflow.incubator.apache.org Delivered-To: mailing list commits@airflow.incubator.apache.org Received: (qmail 54969 invoked by uid 99); 12 Oct 2018 08:38:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Oct 2018 08:38:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 2A4DEC1CEC for ; Fri, 12 Oct 2018 08:38:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -109.501 X-Spam-Level: X-Spam-Status: No, score=-109.501 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id kSdHsl3DUFv7 for ; Fri, 12 Oct 2018 08:38:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 8BC705F3ED for ; Fri, 12 Oct 2018 08:38:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 96A68E0F4C for ; Fri, 12 Oct 2018 08:38:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2E52524DBE for ; Fri, 12 Oct 2018 08:38:00 +0000 (UTC) Date: Fri, 12 Oct 2018 08:38:00 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: commits@airflow.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (AIRFLOW-3089) Google auth doesn't work under http MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AIRFLOW-3089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16647656#comment-16647656 ] ASF GitHub Bot commented on AIRFLOW-3089: ----------------------------------------- ashb closed pull request #3919: [AIRFLOW-3089] Drop hard-coded url scheme in google auth redirect. URL: https://github.com/apache/incubator-airflow/pull/3919 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/airflow/contrib/auth/backends/google_auth.py b/airflow/contrib/auth/backends/google_auth.py index bc7d552f59..ddbcb1222f 100644 --- a/airflow/contrib/auth/backends/google_auth.py +++ b/airflow/contrib/auth/backends/google_auth.py @@ -112,8 +112,7 @@ def login(self, request): log.debug('Redirecting user to Google login') return self.google_oauth.authorize(callback=url_for( 'google_oauth_callback', - _external=True, - _scheme='https'), + _external=True), state=request.args.get('next') or request.referrer or None) def get_google_user_profile_info(self, google_token): ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org > Google auth doesn't work under http > ----------------------------------- > > Key: AIRFLOW-3089 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3089 > Project: Apache Airflow > Issue Type: Bug > Components: authentication > Affects Versions: 1.10.0 > Reporter: Josh Carp > Assignee: Josh Carp > Priority: Minor > > The google auth backend hard-codes the https scheme into its redirect urls and so doesn't work with http. This happens because the redirect url sets the `_scheme` parameter to `https`. I I see that this change was made to allow google auth to work when airflow is run behind a proxy, but I think this fix isn't correct. Instead, proxies should be configured to set `X-Forwarded-Proto` to `https`, and Flask will set the scheme correctly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)