QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-24 01:05:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ad0b5e3f8bb3e4ac968b0c9ca611fd2a8e6ed7d
superset2/tests/unit_tests
History
Amin Ghadersohi 7ad0b5e3f8 fix(mcp): create ApiKey permissions on init and support API keys with JWT auth 
Two fixes for MCP API key authentication:

1. superset init now creates ApiKey FAB permissions (can_list, can_create,
   can_get, can_delete) when FAB_API_KEY_ENABLED=True. Previously, because
   Superset uses AppBuilder(update_perms=False), FAB skipped permission
   creation during blueprint registration and superset init never picked
   them up, causing 403 errors on /api/v1/security/api_keys/.

2. CompositeTokenVerifier allows API key tokens (e.g. sst_...) to coexist
   with JWT auth on the MCP transport layer. Previously, when
   MCP_AUTH_ENABLED=True, the JWTVerifier rejected all non-JWT Bearer
   tokens at the transport layer before they could reach the Flask-level
   _resolve_user_from_api_key() handler. The composite verifier detects
   API key prefixes and passes them through with a marker claim, letting
   the existing auth priority chain handle validation.
2026-05-08 11:42:45 -04:00
..
advanced_data_type
annotation_layers
async_events
charts
fix(charts): set g.form_data for metric() Jinja macro on GET chart data endpoint (#39347)
2026-04-20 19:36:03 -07:00
columns
commands
fix(import): import tags during CLI native asset import (#39495)
2026-04-20 13:59:51 -07:00
common
fix(excel): remove unwanted index column from Excel exports (#38176)
2026-02-23 08:28:40 -08:00
connectors
fix(dataset): add email field to owners_data for Chart Explore path (#38836)
2026-03-27 09:44:11 -03:00
dao
refactor(core): reorganize superset-core packages into feature-based structure (#38448)
2026-03-05 17:41:15 -03:00
daos
fix(reports): escape SQL LIKE wildcards in find_by_extra_metadata (#38738)
2026-04-09 12:58:06 +03:00
dashboards
feat(dashboard): pre-filter time grain (#38922)
2026-04-21 10:35:24 -04:00
databases
chore: bump rison to 2.0.0 (#39529)
2026-04-24 15:52:42 -04:00
datasets
fix(query): pass datasource table to template processor for schema-aware Jinja rendering (#38984)
2026-04-01 13:08:12 -03:00
datasource
fix(drill-to-detail): ensure axis label filters map to original column names (#34694)
2025-09-10 18:18:37 +03:00
db_engine_specs
fix(mysql): fallback to pymysql when MySQLdb is not installed in get_datatype() (#39729)
2026-04-29 14:40:39 +01:00
distributed_lock
feat: add global task framework (#36368)
2026-02-09 10:45:56 -08:00
examples
test(examples): add tests for UUID threading and security bypass (#37557)
2026-02-12 14:12:12 -08:00
explore
extensions
chore(extensions): simplify backend package structure by removing superset_extensions namespace (#38476)
2026-03-06 14:49:49 -03:00
fixtures
importexport
feat: support for import/export masked_encrypted_extra (backend) (#38077)
2026-03-04 11:26:28 -08:00
key_value
feat: add option for hash algorithms (#35621)
2025-12-09 16:59:07 +00:00
mcp_service
fix(mcp): create ApiKey permissions on init and support API keys with JWT auth
2026-05-08 11:42:45 -04:00
migrations
refactor: Enable G logging rules and comprehensive ruff improvements (#35081)
2025-09-15 12:42:49 -07:00
models
fix(cross-filter): correctly cast adhoc column types when cross filtering (#39577)
2026-04-24 08:26:46 -03:00
pandas_postprocessing
fix(histogram): add NULL handling for histogram (#35693)
2025-11-14 11:54:13 -08:00
queries
fix: cache key generation (#36225)
2025-11-25 12:50:00 -05:00
reports
chore: bump rison to 2.0.0 (#39529)
2026-04-24 15:52:42 -04:00
scripts
security
feat: role/user CRUD events and login/logout tracking in the action log (#39121)
2026-04-09 15:55:25 +01:00
sql
fix(OpenSearch): OpenSearch dialect for sqlglot (#39538)
2026-04-22 12:17:15 -03:00
sql_validators
feat(sqllab): syntax validation for sqlite-based DB engine specs (#38698)
2026-04-20 18:29:51 -04:00
tables
tags
fix(tags): expire tag relationship after deleting all tagged objects (#38163)
2026-03-04 10:37:19 -03:00
tasks
refactor(core): reorganize superset-core packages into feature-based structure (#38448)
2026-03-05 17:41:15 -03:00
themes
feat(theming): add per-theme custom font URL support (#36317)
2025-12-08 16:46:01 -08:00
thumbnails
fix(thumbnails): stabilize digest by sorting datasources and charts (#38079)
2026-02-20 09:51:35 +01:00
utils
fix(reports): poll for spinner absence instead of snapshotting loading elements (#39579)
2026-04-23 22:03:43 -03:00
views
fix(i18n): Fix menu bar translations not updating on language change (#34565)
2026-04-24 22:49:03 -07:00
__init__.py
config_test.py
chore: proper current_app.config proxy usage (#34345)
2025-07-31 19:27:42 -07:00
conftest.py
fix: Bump FAB to 5.X (#33055)
2025-09-12 09:21:37 +01:00
core_tests.py
dataframe_test.py
fix(api): nan is not properly handled for athena connections (#37071)
2026-01-22 18:29:09 +03:00
extension_tests.py
fix(templates): restore css_bundle calls in spa.html for production builds (#38350)
2026-03-03 10:27:39 -08:00
feature_flag_test.py
initialization_test.py
chore: Support specifying app_root via superset_config.py (#38284)
2026-02-28 01:35:08 -03:00
jinja_context_test.py
fix(jinja): drill-to-detail respects remove_filter=True in Jinja templates (#39594)
2026-04-23 16:11:13 -03:00
legacy_tests.py
result_set_test.py
fix(SQL Lab): handle columns without names (#38986)
2026-04-06 10:09:16 -04:00
sql_lab_execution_context.py
sql_lab_test.py
fix(embedded): prevent double RLS application in virtual datasets (#37395)
2026-03-12 14:12:59 +01:00