def setUp(self):
self.client = make_logged_in_client(username='******',
groupname=get_default_user_group(),
recreate=True,
is_superuser=False)
self.user = User.objects.get(username='******')
self.user = rewrite_user(self.user)
self.alone_client = make_logged_in_client(
username='******',
groupname='alone', # Not in default group
recreate=True,
is_superuser=False)
self.alone_user = User.objects.get(username='******')
self.alone_user = rewrite_user(self.alone_user)
def setUp(self):
if not QUERY_DATABASE.HOST.get():
raise SkipTest
self.client = make_logged_in_client(username="******",
groupname="default",
recreate=True,
is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
self.filters = {
'endTime': 1602146114116,
'facets': [],
'limit': 2,
'offset': 0,
'sortText': "startTime:DESC",
'startTime': 1601541314116,
'text': "select"
}
self.query1 = HiveQuery()
self.query2 = HiveQuery()
self.query3 = HiveQuery()
with connection.schema_editor() as schema_editor:
schema_editor.create_model(HiveQuery)
if HiveQuery._meta.db_table not in connection.introspection.table_names(
):
raise ValueError(
"Table `{table_name}` is missing in test database.".format(
table_name=HiveQuery._meta.db_table))
def handle_on_link_shared(host_domain, channel_id, message_ts, links, user_id):
for item in links:
path = urlsplit(item['url'])[2]
id_type, qid = urlsplit(item['url'])[3].split('=')
query_id = {'id': qid} if qid.isdigit() else {'uuid': qid}
try:
if path == '/hue/editor' and id_type == 'editor':
doc = Document2.objects.get(**query_id)
doc_type = 'query'
elif path == '/hue/gist' and id_type == 'uuid':
doc = _get_gist_document(**query_id)
doc_type = 'gist'
else:
raise PopupException(_("Cannot unfurl link"))
except Document2.DoesNotExist:
msg = "Document with {key} does not exist".format(key=query_id)
raise PopupException(_(msg))
# Permission check for Slack user to be Hue user
slack_user = check_slack_user_permission(host_domain, user_id)
user = get_user(channel_id, slack_user) if not slack_user['is_bot'] else doc.owner
doc.can_read_or_exception(user)
request = MockRequest(user=rewrite_user(user))
payload = _make_unfurl_payload(request, item['url'], id_type, doc, doc_type)
try:
slack_client.chat_unfurl(channel=channel_id, ts=message_ts, unfurls=payload['payload'])
except Exception as e:
raise PopupException(_("Cannot unfurl link"), detail=e)
# Generate and upload result xlsx file only if result available
if payload['file_status']:
send_result_file(request, channel_id, message_ts, doc, 'xls')
def install_custom_examples():
if EXAMPLES.AUTO_LOAD.get():
from desktop.auth.backend import rewrite_user
from beeswax.management.commands import beeswax_install_examples
from useradmin.models import install_sample_user
user = rewrite_user(install_sample_user())
if has_connectors():
interpreters = [{
'type': connector['id'],
'dialect': connector['dialect']
} for connector in _get_installed_connectors(category='editor')]
else:
interpreters = [
{
'type': interpreter['dialect'],
'dialect': interpreter['dialect']
} for interpreter in get_ordered_interpreters(user)
# Only for hive/impala currently, would also need to port to Notebook install examples.
if interpreter['dialect'] in ('hive', 'impala')
]
queries = EXAMPLES.QUERIES.get()
tables = EXAMPLES.TABLES.get(
) # No-op. Only for the saved query samples, not the tables currently.
LOG.info(
'Installing custom examples queries: %(queries)s, tables: %(tables)s for dialects %(dialects)s '
'belonging to user %(user)s' % {
'queries':
queries,
'tables':
tables,
'dialects':
[interpreter['dialect'] for interpreter in interpreters],
'user':
user
})
result = []
for interpreter in interpreters:
successes, errors = beeswax_install_examples.Command().handle(
dialect=interpreter['dialect'],
user=user,
interpreter=interpreter,
queries=queries,
tables=tables,
request=None)
LOG.info(
'Dialect %(dialect)s installed samples: %(successes)s, %(errors)s,'
% {
'dialect': interpreter['dialect'],
'successes': successes,
'errors': errors,
})
result.append((successes, errors))
return result
def setUp(self):
self.client = make_logged_in_client(username='******',
groupname=get_default_user_group(),
recreate=True,
is_superuser=False)
self.user = User.objects.get(username='******')
self.user = rewrite_user(self.user)
def _get_request(postdict=None, user_id=None):
request = HttpRequest()
request.POST = postdict
user = User.objects.get(id=user_id)
user = rewrite_user(user)
request.user = user
return request
def handle_on_link_shared(channel_id, message_ts, links):
for item in links:
path = urlsplit(item['url'])[2]
id_type, qid = urlsplit(item['url'])[3].split('=')
try:
if path == '/hue/editor' and id_type == 'editor':
doc = Document2.objects.get(id=qid)
doc_type = 'Query'
elif path == '/hue/gist' and id_type == 'uuid' and ENABLE_GIST_PREVIEW.get():
doc = _get_gist_document(uuid=qid)
doc_type = 'Gist'
else:
raise PopupException(_("Cannot unfurl link"))
except Document2.DoesNotExist:
msg = "Document with {key}={value} does not exist".format(key='uuid' if id_type == 'uuid' else 'id', value=qid)
raise PopupException(_(msg))
# Mock request for query execution and fetch result
user = rewrite_user(User.objects.get(username=doc.owner.username))
request = MockRequest(user=user)
payload = _make_unfurl_payload(request, item['url'], id_type, doc, doc_type)
try:
slack_client.chat_unfurl(channel=channel_id, ts=message_ts, unfurls=payload['payload'])
except Exception as e:
raise PopupException(_("Cannot unfurl link"), detail=e)
# Generate and upload result xlsx file only if result available
if payload['file_status']:
send_result_file(request, channel_id, message_ts, doc, 'xls')
def setUp(self):
if not QUERY_DATABASE.HOST.get():
raise SkipTest
self.client = make_logged_in_client(username="******",
groupname="default",
recreate=True,
is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
self.filters = {
"endTime": 10,
"facets": [{
"field": "status",
"values": ["SUCCESS"]
}],
"limit": 2,
"offset": 0,
"sortText": "",
"startTime": 1,
"text": "select"
}
with connection.schema_editor() as schema_editor:
schema_editor.create_model(HiveQuery)
if HiveQuery._meta.db_table not in connection.introspection.table_names(
):
raise ValueError(
"Table `{table_name}` is missing in test database.".format(
table_name=HiveQuery._meta.db_table))
def setup_class(cls):
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
add_to_group('test')
grant_access("test", "test", "metadata")
grant_access("test", "test", "optimizer")
def update_user(self, user, attributes, attribute_mapping, force_save=False):
# Do this check up here, because the auth call creates a django user upon first login per user
is_super = False
if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists():
# If there are no LDAP users already in the system, the first one will
# become a superuser
is_super = True
elif User.objects.filter(username=user.username).exists():
# If the user already exists, we shouldn't change its superuser
# privileges. However, if there's a naming conflict with a non-external
# user, we should do the safe thing and turn off superuser privs.
user = User.objects.get(username=user.username)
existing_profile = get_profile(user)
if existing_profile.creation_method == str(UserProfile.CreationMethod.EXTERNAL):
is_super = user.is_superuser
user = super(SAML2Backend, self).update_user(user, attributes, attribute_mapping, force_save)
if user is not None and user.is_active:
profile = get_profile(user)
profile.creation_method = UserProfile.CreationMethod.EXTERNAL
profile.save()
user.is_superuser = is_super
user = rewrite_user(user)
default_group = get_default_user_group()
if default_group is not None:
user.groups.add(default_group)
user.save()
return user
return None
def setUp(self):
self.client = make_logged_in_client(username="******",
groupname="default",
recreate=True,
is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
grant_access("test", "default", "notebook")
def setUp(self):
self.sample_token = "some_jwt_token"
self.client = make_logged_in_client(username="******",
groupname="default",
recreate=True,
is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
def _get_request(postdict=None, user_id=None):
request = HttpRequest()
request.POST = postdict
LOG.info('fetching user with id ' + user_id)
user = User.objects.get(id=user_id)
user = rewrite_user(user)
request.user = user
return request
def authenticate(self, request):
LOG.debug('DummyCustomAuthentication: %s' % request.path)
user = find_or_create_user(username='******', password='******')
ensure_has_a_group(user)
user = rewrite_user(user)
user.is_active = True
return (user, None)
def setUp(self):
if not QUERY_DATABASE.HOST.get():
raise SkipTest
self.client = make_logged_in_client(username="******",
groupname="default",
recreate=True,
is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
def setup_class(cls):
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
add_to_group('test')
grant_access("test", "test", "metadata")
if not is_live_cluster() or not has_navigator(cls.user):
raise SkipTest
def setup_class(cls):
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
add_to_group('test')
grant_access("test", "test", "metadata")
cls.api = NavigatorApi(cls.user)
cls.api._root = MockedRoot()
def setup_class(cls):
if not ENABLE_SQOOP.get():
raise SkipTest
if not rdbms.get_query_server_config(server='mysql'):
raise SkipTest
cls.client = make_logged_in_client()
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
cls.indexer = RdbmsIndexer(cls.user, db_conf_name='mysql')
def setup_class(cls):
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
add_to_group('test')
grant_access("test", "test", "metadata")
if not is_live_cluster() or not has_navigator(cls.user):
raise SkipTest
def setUp(self):
if not QUERY_DATABASE.HOST.get(
) or True: # Note: table migrations / non auto model to add before it can be enabled
raise SkipTest
self.client = make_logged_in_client(username="******",
groupname="default",
recreate=True,
is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
def setUp(self):
self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
self.interpreter = {
'name': 'hive',
'options': {
'url': 'mysql://*****:*****@hue:3306/hue'
},
}
def setUp(self):
self.client = make_logged_in_client(username="******",
groupname="default",
recreate=True,
is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
self.sample_token = "eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsid29ya2xvYWQtYXBwIiwicmFuZ2VyIl0sImV4cCI6MTYyNjI1Njg5MywiaWF0IjoxNjI2MjU2NTkzLCJpc3MiOiJDbG91ZGVyYTEiLCJqdGkiOiJpZDEiLCJzdWIiOiJ0ZXN0LXN1YmplY3QiLCJ1c2VyIjoidGVzdF91c2VyIn0.jvyVDxbWTAik0jbdUcIc9ZANNrJZUCWH-Pg7FloRhg0ZYAETd_AO3p5v_ppoMmVcPD2xBSrngA5J3_A_zPBvQ_hdDlpb0_-mCCJfGhC5tju4bI9EE9Akdn2FrrsqrvQQ8cPyGsIlvoIxrK1De4f74MmUaxfN7Hrrcue1PTY4u4IB9cWQqV9vIcX99Od5PUaNekLIee-I8gweqvfGEEsW7qWUM63nh59_TOB3LLq-YcEuaX1h_oiTATeCssjk_ee9RrJGLNyKmC0WJ4UrEWn8a_T3bwCy8CMe0zV5PSuuvPHy0FvnTo2il5SDjGimxKcbpgNiJdfblslu6i35DlfiWg"
self.request = MagicMock(
META={"HTTP_AUTHORIZATION": "Bearer " + self.sample_token})
def _get_request(postdict=None, user_id=None):
request = HttpRequest()
request.POST = postdict
request.fs_ref = 'default'
request.fs = fsmanager.get_filesystem(request.fs_ref)
request.jt = None
user = User.objects.get(id=user_id)
user = rewrite_user(user)
request.user = user
return request
def _make_select_statement_gist(host_domain, is_http_secure, user, channel_id,
statement):
default_dialect = get_cluster_config(
rewrite_user(user))['main_button_action']['dialect']
gist_response = _gist_create(host_domain, is_http_secure, user, statement,
default_dialect)
msg = 'Here is the gist link\n {gist_link}'.format(
gist_link=gist_response['link'])
_send_message(channel_id, message=msg)
def _remove_session_info_from_user(self):
self.user = rewrite_user(self.user)
session_key = self._get_session_key()
if self.user.profile.data.get(session_key):
json_data = self.user.profile.data
json_data.pop(session_key)
self.user.profile.json_data = json.dumps(json_data)
self.user.profile.save()
def setup_class(cls):
if not is_live_cluster() or not is_optimizer_enabled():
raise SkipTest
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
add_to_group('test')
grant_access("test", "test", "metadata")
grant_access("test", "test", "optimizer")
cls.api = OptimizerApi()
def _has_access(self, fs):
from desktop.auth.backend import rewrite_user # Avoid cyclic loop
try:
filebrowser_action = fs.filebrowser_action()
#if not filebrowser_action (hdfs) then handle permission via doas else check permission in hue
if not filebrowser_action:
return True
user = rewrite_user(User.objects.get(username=self.user))
return user.is_authenticated() and user.is_active and (is_admin(user) or not filebrowser_action or user.has_hue_permission(action=filebrowser_action, app="filebrowser"))
except User.DoesNotExist:
LOG.exception('proxyfs.has_access()')
return False
def setup_class(cls):
if not ENABLE_SQOOP.get():
raise SkipTest
if not rdbms.get_query_server_config(server='mysql'):
raise SkipTest
cls.client = make_logged_in_client()
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
request = Bag()
request.user = cls.user
request.POST = {'source': '{"rdbmsMode":"configRdbms", "rdbmsType": "mysql", "inputFormat": "rdbms"}'}
cls.indexer = _get_api(request)
def setUp(self):
if not QUERY_DATABASE.HOST.get():
raise SkipTest
self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False)
self.user = rewrite_user(User.objects.get(username="******"))
with connection.schema_editor() as schema_editor:
schema_editor.create_model(HiveQuery)
if HiveQuery._meta.db_table not in connection.introspection.table_names():
raise ValueError("Table `{table_name}` is missing in test database.".format(table_name=HiveQuery._meta.db_table))
def _has_access(self, fs):
from desktop.auth.backend import rewrite_user # Avoid cyclic loop
try:
filebrowser_action = fs.filebrowser_action()
# If not filebrowser_action (hdfs) then handle permission via doas else check permission in hue
if not filebrowser_action:
return True
user = rewrite_user(User.objects.get(username=self.getuser()))
return user.is_authenticated() and user.is_active and (is_admin(user) or not filebrowser_action or user.has_hue_permission(action=filebrowser_action, app="filebrowser"))
except User.DoesNotExist:
LOG.exception('proxyfs.has_access()')
return False
def setup_class(cls):
if not is_live_cluster() or not is_optimizer_enabled():
raise SkipTest
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
cls.user = rewrite_user(cls.user)
add_to_group('test')
grant_access("test", "test", "metadata")
grant_access("test", "test", "optimizer")
cls.api = OptimizerApi()
def get_django_request(request):
django_request = request._request
django_request.user = rewrite_user(django_request.user)
# Workaround ClusterMiddleware not being applied
if django_request.path.startswith('/api/') and django_request.fs is None:
django_request.fs = fsmanager.get_filesystem(django_request.fs_ref)
if django_request.user.is_authenticated and django_request.fs is not None:
django_request.fs.setuser(django_request.user.username)
return django_request
def authenticate(self, request):
authorization_header = request.META.get('HTTP_AUTHORIZATION')
if not authorization_header:
LOG.debug('JwtAuthentication: no authorization header')
return None
header, access_token = authorization_header.split(' ')
if header != 'Bearer':
LOG.debug('JwtAuthentication: no Bearer header')
return None
if not access_token:
LOG.debug('JwtAuthentication: no Bearer value')
return None
LOG.debug('JwtAuthentication: got access token %s' % access_token)
try:
payload = jwt.decode(
access_token,
'secret',
algorithms=["RS256"],
verify=AUTH.VERIFY_CUSTOM_JWT.get()
)
except jwt.DecodeError:
raise exceptions.AuthenticationFailed('JwtAuthentication: Invalid token')
except jwt.ExpiredSignatureError:
raise exceptions.AuthenticationFailed('JwtAuthentication: Token expired')
except Exception as e:
raise exceptions.AuthenticationFailed(e)
if payload.get('user') is None:
LOG.debug('JwtAuthentication: no user ID in token')
return None
LOG.debug('JwtAuthentication: got user ID %s and tenant ID %s' % (payload.get('user'), payload.get('tenantId')))
user = find_or_create_user(payload.get('user'), is_superuser=False)
ensure_has_a_group(user)
user = rewrite_user(user)
# Persist the token (to reuse for communicating with external services as the user, e.g. Impala)
if ENABLE_ORGANIZATIONS.get():
user.token = access_token
else:
user.profile.update_data({'jwt_access_token': access_token})
user.profile.save()
return (user, None)
def _get_scheme(self, path):
if path.lower().startswith(S3A_ROOT):
from desktop.auth.backend import rewrite_user # Avoid cyclic loop
try:
user = User.objects.get(username=self.user)
if not has_s3_access(rewrite_user(user)):
raise IOError(errno.EPERM, "Missing permissions for %s on %s" % (self.user, path,))
except User.DoesNotExist:
raise IOError(errno.EPERM, "Can't check permissions for %s on %s" % (self.user, path))
split = urlparse(path)
if split.scheme:
return split.scheme
if path and path[0] == posixpath.sep:
return self._default_scheme
def get_user(self, user_id): user = super(SAML2Backend, self).get_user(user_id) user = rewrite_user(user) return user
def get_user(self, user_id):
if isinstance(user_id, str):
user_id = force_username_case(user_id)
user = super(SAML2Backend, self).get_user(user_id)
user = rewrite_user(user)
return user
def get_user(self, user_id): return rewrite_user(User.objects.get(id=user_id))
