Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: azure user info claims and JWT decode #2121

Merged
merged 8 commits into from
Oct 9, 2023
Merged

fix: azure user info claims and JWT decode #2121

merged 8 commits into from
Oct 9, 2023

Conversation

dpgaspar
Copy link
Owner

@dpgaspar dpgaspar commented Oct 1, 2023
edited
Loading

Description

Follow up PR for: #2112

Changes:

  • Make authlib import conditional to the OAuth flow.
    id_token from Azure is not always signed, won't verify signature unless set on the config for the provider with verify_signature
OAUTH_PROVIDERS = [
    {
        "name": "azure",
        "icon": "fa-windows",
        "token_key": "access_token",
        "remote_app": {
            "client_id": os.environ.get("AZURE_APPLICATION_ID"),
            "client_secret": os.environ.get("AZURE_SECRET"),
            "api_base_url": f"https://login.microsoftonline.com/{os.environ.get('AZURE_TENANT_ID')}/oauth2",
            "client_kwargs": {
                "scope": "User.Read name email profile",
                "resource": os.environ.get("AZURE_APPLICATION_ID"),
                "verify_signature": True
            },
            "request_token_url": None,
            "access_token_url": f"https://login.microsoftonline.com/"
            f"{os.environ.get('AZURE_TENANT_ID')}/"
            "oauth2/token",
            "authorize_url": f"https://login.microsoftonline.com/"
            f"{os.environ.get('AZURE_TENANT_ID')}/"
            f"oauth2/authorize",
        },
    },
]

cc: @wolfdn

ADDITIONAL INFORMATION

  • Has associated issue:
  • Is CRUD MVC related.
  • Is Auth, RBAC security related.
  • Changes the security db schema.
  • Introduces new feature
  • Removes existing feature

@codecov
Copy link

codecov bot commented Oct 1, 2023
edited
Loading

Codecov Report

Merging #2121 (e8774e7) into master (57f4400) will increase coverage by 0.15%.
The diff coverage is 91.66%.

@@            Coverage Diff             @@
##           master    #2121      +/-   ##
==========================================
+ Coverage   78.49%   78.64%   +0.15%     
==========================================
  Files          72       72              
  Lines        8685     8687       +2     
==========================================
+ Hits         6817     6832      +15     
+ Misses       1868     1855      -13
Flag Coverage Δ
python 78.64% <91.66%> (+0.15%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
flask_appbuilder/exceptions.py 100.00% <100.00%> (ø)
flask_appbuilder/security/manager.py 79.47% <90.90%> (+1.57%) ⬆️

... and 2 files with indirect coverage changes

@dpgaspar dpgaspar changed the title docs: improve security fix: azure user info claims and JWT decode Oct 6, 2023
wolfdn
wolfdn approved these changes Oct 9, 2023
View reviewed changes
Copy link
Contributor

@wolfdn wolfdn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for fixing this!

@dpgaspar
Copy link
Owner Author

dpgaspar commented Oct 9, 2023

LGTM! Thanks for fixing this!

No problem, thank you for your contribution once more, this looks way better now.

@dpgaspar dpgaspar merged commit dcf8684 into master Oct 9, 2023
12 checks passed
@dpgaspar dpgaspar deleted the docs/security-improve branch October 9, 2023 13:30
@dpgaspar dpgaspar mentioned this pull request Oct 19, 2023
Merged
9 tasks
@potiuk potiuk mentioned this pull request Oct 20, 2023
Merged
potiuk added a commit to potiuk/airflow that referenced this pull request Oct 20, 2023
@potiuk
Upgrade to Flask Application Builder 4.3.9
e4f88a8 
This PR brings all the necessary changes to upgrade to FAB 4.3.9 from
4.3.6.

It incorporates those changes:

* dpgaspar/Flask-AppBuilder#2112
* dpgaspar/Flask-AppBuilder#2121

It also removes the limitation of the WTForms after compatibility has
been implemented:

* dpgaspar/Flask-AppBuilder#2138
potiuk added a commit to apache/airflow that referenced this pull request Oct 21, 2023
@potiuk
Upgrade to Flask Application Builder 4.3.9 (#35085)
4198146 
This PR brings all the necessary changes to upgrade to FAB 4.3.9 from
4.3.6.

It incorporates those changes:

* dpgaspar/Flask-AppBuilder#2112
* dpgaspar/Flask-AppBuilder#2121

It also removes the limitation of the WTForms after compatibility has
been implemented:

* dpgaspar/Flask-AppBuilder#2138
This was referenced Nov 17, 2023
Closed
Closed
Closed
Closed
Closed
Merged
kosteev pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request Jul 18, 2024
@potiuk
Upgrade to Flask Application Builder 4.3.9 (#35085)
16c0ac1 
This PR brings all the necessary changes to upgrade to FAB 4.3.9 from
4.3.6.

It incorporates those changes:

* dpgaspar/Flask-AppBuilder#2112
* dpgaspar/Flask-AppBuilder#2121

It also removes the limitation of the WTForms after compatibility has
been implemented:

* dpgaspar/Flask-AppBuilder#2138

GitOrigin-RevId: 4198146f49b72d051d82fbd821c7105cf2f4a8bd
kosteev pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request Sep 20, 2024
@potiuk
Upgrade to Flask Application Builder 4.3.9 (#35085)
bca7e9b 
This PR brings all the necessary changes to upgrade to FAB 4.3.9 from
4.3.6.

It incorporates those changes:

* dpgaspar/Flask-AppBuilder#2112
* dpgaspar/Flask-AppBuilder#2121

It also removes the limitation of the WTForms after compatibility has
been implemented:

* dpgaspar/Flask-AppBuilder#2138

GitOrigin-RevId: 4198146f49b72d051d82fbd821c7105cf2f4a8bd
kosteev pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request Nov 8, 2024
@potiuk
Upgrade to Flask Application Builder 4.3.9 (#35085)
53f9cc5 
This PR brings all the necessary changes to upgrade to FAB 4.3.9 from
4.3.6.

It incorporates those changes:

* dpgaspar/Flask-AppBuilder#2112
* dpgaspar/Flask-AppBuilder#2121

It also removes the limitation of the WTForms after compatibility has
been implemented:

* dpgaspar/Flask-AppBuilder#2138

GitOrigin-RevId: 4198146f49b72d051d82fbd821c7105cf2f4a8bd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wolfdn wolfdn wolfdn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dpgaspar @wolfdn