Handle scenario where api.base_url is unset for FabAuthManager login #49260
Conversation
Resolves apache#49229 Login with FabAuthManager fails when api.base_url is unset. Aligning with implementation with apache#49118
dheerajturaga
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if g.user is not None and g.user.is_authenticated: | ||
| token = get_auth_manager().generate_jwt(g.user) | ||
| response = make_response(redirect(f"{conf.get('api', 'base_url')}", code=302)) | ||
| response = make_response(redirect(str(request.base_url), code=302)) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
There was a problem hiding this comment.
conf.get('api', 'base_url', fallback='/') here
|
|
||
| return response | ||
| return redirect(conf.get("api", "base_url", fallback="/"), code=302) | ||
| return redirect(str(request.base_url), code=302) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
There was a problem hiding this comment.
And you can remove this I believe
pierrejeambrun
left a comment
pierrejeambrun
left a comment
There was a problem hiding this comment.
I tried that and it didn't work for me.
We can just do conf.get('api', 'base_url', fallback='/') that should be enough, where the fallback is missing. Just tested locally and seems to work
|
Since this is a little bit pressing, considering AF3 timelines I took the liberty to open a PR to fix that with the suggestions #49292 |
I may not have the right setup but I did test this before request.base_url and it didn't work. I just modified the file in the container and restarted it. But if you confirm it works its fine with me |
|
Yes I was able to test with a fresh env, and also confirm that this is also what we are doing in the SimpleAuthManager |
3 participants
Resolves #49229
Login with FabAuthManager fails when api.base_url is unset. This should fix it
Aligning implementation with #49118 which should resolve the infinite redirect