QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-06-11 18:49:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4415b8a4003b072193d853eed613bcf2b2fa7607
superset2/tests/unit_tests/security
History
Evan 4415b8a400 feat(security): terminate active sessions when an account is disabled 
Disabling a user account (active=False) terminates that user's
outstanding sessions on their next request via a per-user invalidation
epoch (user_attribute.sessions_invalidated_at). Works for both
client-side cookie sessions and server-side session stores. Inert for
users that were never disabled (NULL epoch). The migration backfills the
epoch for accounts already disabled at upgrade time.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 11:24:30 -07:00
..
__init__.py
api_test.py
feat: semantic layer extension (#37815)
2026-05-05 12:07:46 -04:00
audit_log_test.py
feat(security): terminate active sessions when an account is disabled
2026-06-10 11:24:30 -07:00
exclude_users_filter_test.py
fix: apply EXCLUDE_USERS_FROM_LISTS to /api/v1/security/users/ (#36742)
2025-12-23 15:18:34 -08:00
guest_rls_test.py
fix(embedded): prevent double RLS application in virtual datasets (#37395)
2026-03-12 14:12:59 +01:00
guest_token_revocation_test.py
feat(embedded): add guest token revocation support (#40671)
2026-06-10 09:17:30 -07:00
manager_test.py
fix(embedded): resolve guest user permissions in user_view_menu_names (#39197)
2026-06-01 10:30:05 -07:00
test_granular_export_permissions.py
fix(mcp): API key authentication for MCP — transport, validation, and RBAC (#39604)
2026-06-04 15:04:43 -04:00
test_guest_token_dataset_allowlist.py
fix(embedding): add optional dataset allowlist to guest tokens (#39302)
2026-06-03 12:55:09 +01:00
test_session_invalidation.py
feat(security): terminate active sessions when an account is disabled
2026-06-10 11:24:30 -07:00