Extend the Remote User Auth backend with REMOTE_GROUPS ability #311
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
jezdez
force-pushed
the
remote_user-auth0
branch
4 times, most recently
from
f274c48 to
e4a5a85
Compare
washort
reviewed
Jan 24, 2018
| @@ -12,9 +13,11 @@ | |||
| def login(): | |||
| next_path = request.args.get('next') | |||
|
|
|||
| index_url_with_next = url_for('redash.index', next=next_path) | |||
|
|
|||
There was a problem hiding this comment.
In general I'm nervous about code cleanups like this because it's extra surface area for conflicts when integrating with upstream
washort
reviewed
Jan 24, 2018
| # Check if the allowed groups match any of the ones found in the header | ||
| matching_groups = set() | ||
| for allowed_group in settings.REMOTE_GROUPS_ALLOWED: | ||
| matching_groups.update(set(fnmatch.filter(groups, allowed_group))) |
There was a problem hiding this comment.
is wildcard support something we need currently?
There was a problem hiding this comment.
I don't know how the actual group notation for us is (@robotblake?) but nested groups is certainly a thing in LDAP which would make setting this stuff up simpler.
There was a problem hiding this comment.
It's somewhat arbitrary, it doesn't hurt to have this though and I'm guessing while we probably won't use it right now I could see it being useful going forward.
There was a problem hiding this comment.
I changed my mind, this is a risk to land this upstream, backed it out again.
jezdez
force-pushed
the
remote_user-auth0
branch
from
e4a5a85 to
02fcf1c
Compare
|
Looks good overall. |
jezdez
force-pushed
the
remote_user-auth0
branch
2 times, most recently
from
cca066d to
bde4ca3
Compare
washort
force-pushed
the
master
branch
3 times, most recently
from
2618326 to
bf7370c
Compare
jezdez
force-pushed
the
remote_user-auth0
branch
from
bde4ca3 to
c5f3043
Compare
|
@robotblake I've rebased the branch with current master, could you push your branch? You can also just push the old state and I do the rebasing ;) |
washort
force-pushed
the
master
branch
2 times, most recently
from
ecaaeda to
ea9c225
Compare
jezdez
force-pushed
the
master
branch
2 times, most recently
from
4ae2fe6 to
80d9ab6
Compare
washort
force-pushed
the
remote_user-auth0
branch
from
c5f3043 to
3c5f58b
Compare
…ser groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
washort
force-pushed
the
remote_user-auth0
branch
from
3c5f58b to
a84ec1e
Compare
emtwo
pushed a commit
that referenced
this pull request
May 25, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
washort
pushed a commit
that referenced
this pull request
Jul 25, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
washort
pushed a commit
that referenced
this pull request
Jul 30, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Aug 16, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Sep 6, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Sep 6, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Sep 6, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Nov 1, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Dec 12, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Dec 17, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Dec 19, 2018
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
that referenced
this pull request
Jan 25, 2019
Extend the Remote User Auth backend with the ability to pass remote user groups via a configurable request header similar to the REMOTE_USER header. Refs #37. If enabled the feature allows checks the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.
jezdez
added a commit
to mozilla/redash-stmo
that referenced
this pull request
Mar 22, 2019
jezdez
added a commit
to mozilla/redash-stmo
that referenced
this pull request
Mar 26, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If enabled the feature allows checking the header value against a configured list of group names, including the ability to use UNIX shell-style wildcards.