Пример #1
0
def login(org_slug=None):
    next_path = request.args.get('next')

    if not settings.REMOTE_USER_LOGIN_ENABLED:
        logger.error(
            "Cannot use remote user for login without being enabled in settings"
        )
        return redirect(
            url_for('redash.index', next=next_path, org_slug=org_slug))

    email = request.headers.get(settings.REMOTE_USER_HEADER)

    # Some Apache auth configurations will, stupidly, set (null) instead of a
    # falsey value.  Special case that here so it Just Works for more installs.
    # '(null)' should never really be a value that anyone wants to legitimately
    # use as a redash user email.
    if email == '(null)':
        email = None

    if not email:
        logger.error(
            "Cannot use remote user for login when it's not provided in the request (looked in headers['"
            + settings.REMOTE_USER_HEADER + "'])")
        return redirect(
            url_for('redash.index', next=next_path, org_slug=org_slug))

    # Check if there is a header of user groups and if yes
    # check it against a list of allowed user groups from the settings
    if settings.REMOTE_GROUPS_ENABLED:
        remote_groups = settings.set_from_string(
            request.headers.get(settings.REMOTE_GROUPS_HEADER) or '')
        allowed_groups = settings.REMOTE_GROUPS_ALLOWED
        if not allowed_groups.intersection(remote_groups):
            logger.error(
                "User groups provided in the %s header are not "
                "matching the allowed groups.", settings.REMOTE_GROUPS_HEADER)
            return redirect(url_for('redash.index', next=next_path))

    logger.info("Logging in " + email + " via remote user")

    user = create_and_login_user(current_org, email, email)
    if user is None:
        return logout_and_redirect_to_index()

    return redirect(next_path or url_for('redash.index', org_slug=org_slug),
                    code=302)
Пример #2
0
def check_remote_groups():
    """Check if there is a header of user groups and if yes
    check it against a list of allowed user groups from the settings"""
    # Quick shortcut out if remote user auth or remote groups aren't enabled
    if (
        not settings.REMOTE_USER_LOGIN_ENABLED
        or not extension_settings.REMOTE_GROUPS_ENABLED
    ):
        return

    # Generate the URL to the remote auth login endpoint
    if settings.MULTI_ORG:
        org = current_org._get_current_object()
        remote_auth_path = url_for("remote_user_auth.login", org_slug=org.slug)
    else:
        remote_auth_path = url_for("remote_user_auth.login")

    # Then only act if the request is for the remote user auth view
    if request.path.startswith(remote_auth_path):
        remote_groups = settings.set_from_string(
            request.headers.get(extension_settings.REMOTE_GROUPS_HEADER) or ""
        )
        # Finally check if the remote groups found in the request header
        # intersect with the allowed remote groups
        if not extension_settings.REMOTE_GROUPS_ALLOWED.intersection(remote_groups):
            logger.error(
                "User groups provided in the %s header are not "
                "matching the allowed groups.",
                extension_settings.REMOTE_GROUPS_HEADER,
            )
            # Otherwise redirect back to the frontpage
            unsafe_next_path = request.args.get("next")
            next_path = get_next_path(unsafe_next_path)
            if settings.MULTI_ORG:
                org = current_org._get_current_object()
                index_url = url_for("redash.index", org_slug=org.slug, next=next_path)
            else:
                index_url = url_for("redash.index", next=next_path)
            return redirect(index_url)
Пример #3
0
import os
from redash.models import db, Organization, Group
from redash import settings
from playhouse.migrate import PostgresqlMigrator, migrate

# The following is deprecated and should be defined with the Organization object
GOOGLE_APPS_DOMAIN = settings.set_from_string(
    os.environ.get("REDASH_GOOGLE_APPS_DOMAIN", ""))

if __name__ == '__main__':
    migrator = PostgresqlMigrator(db.database)

    with db.database.transaction():
        Organization.create_table()

        default_org = Organization.create(
            name="Default",
            slug='default',
            settings={
                Organization.SETTING_GOOGLE_APPS_DOMAINS:
                list(GOOGLE_APPS_DOMAIN)
            })

        column = Group.org
        column.default = default_org

        migrate(
            migrator.add_column('groups', 'org_id', column),
            migrator.add_column('events', 'org_id', column),
            migrator.add_column('data_sources', 'org_id', column),
            migrator.add_column('users', 'org_id', column),
Пример #4
0
import os
from redash.models import db, Organization, Group
from redash import settings
from playhouse.migrate import PostgresqlMigrator, migrate

# The following is deprecated and should be defined with the Organization object
GOOGLE_APPS_DOMAIN = settings.set_from_string(os.environ.get("REDASH_GOOGLE_APPS_DOMAIN", ""))

if __name__ == '__main__':
    migrator = PostgresqlMigrator(db.database)

    with db.database.transaction():
        Organization.create_table()

        default_org = Organization.create(name="Default", slug='default', settings={
            Organization.SETTING_GOOGLE_APPS_DOMAINS: list(GOOGLE_APPS_DOMAIN)
        })

        column = Group.org
        column.default = default_org

        migrate(
            migrator.add_column('groups', 'org_id', column),
            migrator.add_column('events', 'org_id', column),
            migrator.add_column('data_sources', 'org_id', column),
            migrator.add_column('users', 'org_id', column),
            migrator.add_column('dashboards', 'org_id', column),
            migrator.add_column('queries', 'org_id', column),
            migrator.add_column('query_results', 'org_id', column),
        )