feat: On window focus, redirect to login if the user has been logged out (#18773)

* /me api * test it * watch for window activation and check auth * simplify * more comment * making ci happy * mypy should ignore tests
2026-04-19 16:14:52 +00:00 · 2022-02-24 10:09:41 -08:00
parent 94e245d5eb
commit da3bc48803
10 changed files with 168 additions and 2 deletions
--- a/tests/integration_tests/security_tests.py
+++ b/tests/integration_tests/security_tests.py
@@ -906,6 +906,7 @@ class TestRolePermission(SupersetTestCase):
            ["LocaleView", "index"],
            ["AuthDBView", "login"],
            ["AuthDBView", "logout"],
+            ["CurrentUserRestApi", "me"],
            ["Dashboard", "embedded"],
            ["R", "index"],
            ["Superset", "log"],
--- a/tests/integration_tests/users/api_tests.py
+++ b/tests/integration_tests/users/api_tests.py
@@ -0,0 +1,49 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#  type: ignore
+"""Unit tests for Superset"""
+import json
+from unittest.mock import patch
+
+from superset import security_manager
+from tests.integration_tests.base_tests import SupersetTestCase
+
+meUri = "/api/v1/me/"
+
+
+class TestCurrentUserApi(SupersetTestCase):
+    def test_get_me_logged_in(self):
+        self.login(username="admin")
+
+        rv = self.client.get(meUri)
+
+        self.assertEqual(200, rv.status_code)
+        response = json.loads(rv.data.decode("utf-8"))
+        self.assertEqual("admin", response["result"]["username"])
+        self.assertEqual(True, response["result"]["is_active"])
+        self.assertEqual(False, response["result"]["is_anonymous"])
+
+    def test_get_me_unauthorized(self):
+        self.logout()
+        rv = self.client.get(meUri)
+        self.assertEqual(401, rv.status_code)
+
+    @patch("superset.security.manager.g")
+    def test_get_me_anonymous(self, mock_g):
+        mock_g.user = security_manager.get_anonymous_user
+        rv = self.client.get(meUri)
+        self.assertEqual(401, rv.status_code)