Compare commits

...

3 Commits

Author SHA1 Message Date
Amin Ghadersohi
3712a308b3 test(jinja): model a realistic anonymous user in the cache-key test
Address review feedback: the anonymous case now carries the Public role (as a
real anonymous request does) instead of forcing an empty role list, and asserts
the actual properties — the absent id/username/email add nothing, two anonymous
requests share a cache entry, and neither collides with a logged-in user.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-16 23:01:38 -07:00
Evan
59cf883cfa test(jinja): add -> None return annotations to new cache-key tests
Address a codeant-ai review nit: the four new test functions in this PR
were missing the -> None return type annotation used consistently
elsewhere in this file.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-16 22:41:28 -07:00
Amin Ghadersohi
562533e6a0 test(jinja): prove current_user_* macros produce collision-free cache keys
A review of #33924 raised a concern that the user-metadata macros
(`current_user_id`, `current_username`, `current_user_email`,
`current_user_roles`) only contribute to the query cache key when their value is
present, skipping the key when the value is absent, and that this could cause
cache collisions across users.

It doesn't: the skipped path is safe because an absent value renders identically
for every user (the macro returns `None`), so absent users correctly share one
cache entry rather than colliding, while present values are always distinct in
the key. Add tests locking in that property:

- distinct users contribute disjoint cache-key values (no cross-user serving)
- identical users contribute identical values (correct sharing, no fragmentation)
- an anonymous render contributes nothing, so it never collides with a logged-in
  user's cache entry
- a change in any single metadata field yields a distinct cache key

No behavior change; these tests document and guard the existing, correct
behavior.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-16 21:31:36 -07:00

View File

@@ -684,6 +684,117 @@ def test_user_macros_without_user_info(mocker: MockerFixture):
assert cache.current_user_rls_rules() is None
def _user_metadata_cache_keys(
mocker: MockerFixture,
*,
user_id: int | None,
username: str | None,
email: str | None,
roles: list[str],
) -> list[Any]:
"""
Render the user-metadata macros for a given user and return the values they
contributed to the query cache key.
"""
mock_g = mocker.patch("superset.utils.core.g")
if user_id is None:
mock_g.user = None
else:
mock_g.user.id = user_id
mock_g.user.username = username
mock_g.user.email = email
mocker.patch(
"superset.security_manager.get_user_roles",
return_value=[Role(name=name) for name in roles],
)
keys: list[Any] = []
cache = ExtraCache(extra_cache_keys=keys, table=mocker.MagicMock())
cache.current_user_id()
cache.current_username()
cache.current_user_email()
cache.current_user_roles()
return keys
def test_user_metadata_cache_keys_isolate_distinct_users(
mocker: MockerFixture,
) -> None:
"""
Two different users contribute disjoint values to the cache key, so neither
can be served the other's cached result. This is the property that keeps the
``current_user_*`` macro family safe for per-user (and multi-tenant) queries.
"""
alice = _user_metadata_cache_keys(
mocker, user_id=1, username="alice", email="alice@example.com", roles=["Admin"]
)
bob = _user_metadata_cache_keys(
mocker, user_id=2, username="bob", email="bob@example.com", roles=["Gamma"]
)
assert alice
assert bob
assert set(alice).isdisjoint(set(bob))
def test_user_metadata_cache_keys_match_for_identical_users(
mocker: MockerFixture,
) -> None:
"""
The same user always contributes the same values, so identical renders
correctly share a cache entry (no needless fragmentation).
"""
first = _user_metadata_cache_keys(
mocker, user_id=1, username="alice", email="alice@example.com", roles=["Admin"]
)
second = _user_metadata_cache_keys(
mocker, user_id=1, username="alice", email="alice@example.com", roles=["Admin"]
)
assert first == second
def test_anonymous_user_never_collides_with_a_logged_in_user(
mocker: MockerFixture,
) -> None:
"""
Refutes the "skip cache key when the value is absent" collision concern. A
real anonymous request has no user object, so ``current_user_id`` /
``current_username`` / ``current_user_email`` return ``None`` and add nothing
to the key, while ``current_user_roles`` still contributes the Public role.
Two anonymous requests therefore render identically and correctly share one
cache entry, and neither can be served a logged-in user's cached result.
"""
logged_in = _user_metadata_cache_keys(
mocker, user_id=1, username="alice", email="alice@example.com", roles=["Admin"]
)
anon_first = _user_metadata_cache_keys(
mocker, user_id=None, username=None, email=None, roles=["Public"]
)
anon_second = _user_metadata_cache_keys(
mocker, user_id=None, username=None, email=None, roles=["Public"]
)
# The absent id/username/email contribute nothing, so an anonymous request's
# key carries only its role, never a stray value for the missing fields.
assert anon_first == [json.dumps(["Public"])]
# Two anonymous requests share a cache entry; neither collides with a user.
assert anon_first == anon_second
assert set(anon_first).isdisjoint(set(logged_in))
def test_user_metadata_cache_keys_track_each_field_independently(
mocker: MockerFixture,
) -> None:
"""
Two users who differ in a single field (here only the roles) still get
distinct cache keys, so a change in any one metadata field is reflected.
"""
admin = _user_metadata_cache_keys(
mocker, user_id=1, username="alice", email="alice@example.com", roles=["Admin"]
)
gamma = _user_metadata_cache_keys(
mocker, user_id=1, username="alice", email="alice@example.com", roles=["Gamma"]
)
assert admin != gamma
def test_current_user_rls_rules_with_no_table(mocker: MockerFixture):
"""
Test the ``current_user_rls_rules`` macro when no table is provided.