QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-06-12 02:59:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4415b8a4003b072193d853eed613bcf2b2fa7607
superset2/tests/unit_tests
History
Evan 4415b8a400 feat(security): terminate active sessions when an account is disabled 
Disabling a user account (active=False) terminates that user's
outstanding sessions on their next request via a per-user invalidation
epoch (user_attribute.sessions_invalidated_at). Works for both
client-side cookie sessions and server-side session stores. Inert for
users that were never disabled (NULL epoch). The migration backfills the
epoch for accounts already disabled at upgrade time.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 11:24:30 -07:00
..
advanced_data_type
annotation_layers
async_events
fix: raise random_key entropy and add expiry to async query tokens (#40638)
2026-06-08 16:24:06 -07:00
charts
fix(charts): tighten chart schema input validation (query_context JSON, prophet/rolling bounds) (#40634)
2026-06-10 08:17:12 -07:00
cli
feat(embedded): add guest token revocation support (#40671)
2026-06-10 09:17:30 -07:00
columns
commands
fix(rls): apply standard datasource access checks in RLS rule commands (#40650)
2026-06-09 11:24:12 -07:00
common
fix: use pd.to_numeric in df_metrics_to_num to handle string-encoded numerics from ClickHouse (#40190)
2026-06-09 10:28:34 -07:00
connectors
fix(dataset): preserve numeric column types when pydruid infers STRING from first-row value (#40677)
2026-06-05 09:25:57 -07:00
dao
fix(uploads,dao): add zip-safety check to columnar reader and cap DAO page size (#40637)
2026-06-08 17:07:57 -07:00
daos
feat(core): SoftDeleteMixin and restore infrastructure (#39977)
2026-05-29 13:08:10 -07:00
dashboards
fix(schemas): tighten guest dataset fields, external_url protocols, ssh creds, prophet bounds (#40640)
2026-06-09 18:30:30 -07:00
databases
fix(schemas): tighten guest dataset fields, external_url protocols, ssh creds, prophet bounds (#40640)
2026-06-09 18:30:30 -07:00
datasets
fix(dataset): validate catalog against allow_multi_catalog on import (#40376)
2026-06-01 09:24:28 -07:00
datasource
feat: semantic layer extension (#37815)
2026-05-05 12:07:46 -04:00
db_engine_specs
fix: ODPS (MaxCompute) data source table preview failed (#38174)
2026-06-05 17:57:44 -07:00
distributed_lock
feat: add global task framework (#36368)
2026-02-09 10:45:56 -08:00
examples
test(examples): add tests for UUID threading and security bypass (#37557)
2026-02-12 14:12:12 -08:00
explore
extensions
feat(extensions): static supply-chain controls — denylist + version policy (#40668)
2026-06-04 12:29:03 -07:00
fixtures
fix(assets): Support uploading tags using the assets import endpoint (#38343)
2026-06-09 10:13:28 -04:00
importexport
fix(importexport): honor overwrite flag on /api/v1/assets/import (#39502)
2026-05-11 10:24:42 -07:00
initialization
fix: reject default guest/async JWT secrets at startup (#40649)
2026-06-08 16:53:37 -07:00
key_value
feat(embedded): add guest token revocation support (#40671)
2026-06-10 09:17:30 -07:00
mcp_service
fix(mcp): enforce audience, algorithm, issuer binding, and token scopes (strict mode) (#40653)
2026-06-09 11:08:20 -07:00
migrations
refactor: Enable G logging rules and comprehensive ruff improvements (#35081)
2025-09-15 12:42:49 -07:00
models
fix(charts): apply DISALLOWED_SQL_FUNCTIONS gate to adhoc expressions (#40568)
2026-06-03 12:52:22 +01:00
pandas_postprocessing
test(prophet): pin yhat_lower can be negative for negative series (#21734) (#40141)
2026-05-18 07:21:04 -07:00
queries
fix: Enforce per-user caching on legacy API endpoint (#39789)
2026-04-30 18:04:33 -03:00
reports
fix(reports): stamp email subject date at send time, not import time (#40693)
2026-06-04 12:03:28 -07:00
scripts
fix(i18n): don't flag intentional string deletions as translation regressions (#40716)
2026-06-03 14:47:31 -07:00
security
feat(security): terminate active sessions when an account is disabled
2026-06-10 11:24:30 -07:00
semantic_layers
fix(semantic layers): coerce filter types (#40222)
2026-05-21 09:25:27 -04:00
server
chore(deps-dev): bump gevent from 24.2.1 to 26.4.0 (#40378)
2026-06-03 12:58:17 -07:00
sql
fix: ODPS (MaxCompute) data source table preview failed (#38174)
2026-06-05 17:57:44 -07:00
sql_validators
feat(sqllab): syntax validation for sqlite-based DB engine specs (#38698)
2026-04-20 18:29:51 -04:00
sqllab
fix(export): sanitize user-supplied CSV export filename (charts + SQL Lab) (#40632)
2026-06-03 00:14:48 -07:00
tables
tags
fix(tags): expire tag relationship after deleting all tagged objects (#38163)
2026-03-04 10:37:19 -03:00
tasks
fix: cache warmup using WebDriver for reliable authentication (#38449)
2026-06-05 16:36:30 -07:00
themes
feat(theming): add per-theme custom font URL support (#36317)
2025-12-08 16:46:01 -08:00
thumbnails
fix(thumbnails): stabilize digest by sorting datasources and charts (#38079)
2026-02-20 09:51:35 +01:00
utils
fix(commands,api): enforce command validation, sanitize export filename/token, set cache TTLs (#40655)
2026-06-09 10:29:46 -07:00
views
fix(deck.gl): strip all JS-executed form_data keys when JavaScript controls are disabled (#40602)
2026-06-04 10:14:33 -07:00
__init__.py
config_test.py
chore: proper current_app.config proxy usage (#34345)
2025-07-31 19:27:42 -07:00
conftest.py
fix: Bump FAB to 5.X (#33055)
2025-09-12 09:21:37 +01:00
core_tests.py
dataframe_test.py
fix(api): nan is not properly handled for athena connections (#37071)
2026-01-22 18:29:09 +03:00
extension_tests.py
fix: replace deprecated appbuilder.app with current_app (#40876)
2026-06-09 15:01:43 -07:00
feature_flag_test.py
initialization_test.py
chore: Support specifying app_root via superset_config.py (#38284)
2026-02-28 01:35:08 -03:00
jinja_context_test.py
fix(jinja): expose dialect-escaped companion value on get_filters() (#40531)
2026-06-03 21:53:12 +01:00
legacy_tests.py
result_set_test.py
chore(deps): bump pyarrow from 20.0.0 to 24.0.0 (#39756)
2026-06-09 12:51:33 -07:00
sql_lab_execution_context.py
fix(sqllab): quote CTAS target identifiers and validate tmp_table_name format (#40245)
2026-06-03 12:55:25 +01:00
sql_lab_test.py
fix(sqllab): prevent corrupted query state from blocking SQL Lab access (#40580)
2026-06-09 10:51:45 +01:00
test_sqllab_error_stacktrace.py
fix(sqllab): surface stacktrace in SQL Lab error responses (#28248) (#40585)
2026-06-02 10:41:39 -07:00
test_viz_cache_key.py
fix: Enforce per-user caching on legacy API endpoint (#39789)
2026-04-30 18:04:33 -03:00
test_viz_get_df_payload.py
fix(viz): gate stacktrace behind SHOW_STACKTRACE and allowlist resample method (#40636)
2026-06-08 16:09:59 -07:00