QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-09 19:35:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9dfa33fedfc2f8524d07934fcf5dfd6dc4db794a
superset2/superset/security/api.py
Daniel Vaz Gaspar 9e2455aab7 refactor(api): csrf token on the new REST API (#13212) 
* refactor(api): csrf token on the new REST API

* improve OpenAPI spec description

* fix test

* remove public role like has default for all tests

* fix test
2021-02-23 09:50:22 +00:00

63 lines
2.0 KiB
Python
Raw Blame History

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
import logging
from flask import Response
from flask_appbuilder import expose
from flask_appbuilder.api import BaseApi, safe
from flask_appbuilder.security.decorators import permission_name, protect
from flask_wtf.csrf import generate_csrf
from superset.extensions import event_logger
logger = logging.getLogger(__name__)
class SecurityRestApi(BaseApi):
resource_name = "security"
allow_browser_login = True
openapi_spec_tag = "Security"
@expose("/csrf_token/", methods=["GET"])
@event_logger.log_this
@protect()
@safe
@permission_name("read")
def csrf_token(self) -> Response:
"""
Return the csrf token
---
get:
description: >-
Fetch the CSRF token
responses:
200:
description: Result contains the CSRF token
content:
application/json:
schema:
type: object
properties:
result:
type: string
401:
$ref: '#/components/responses/401'
500:
$ref: '#/components/responses/500'
"""
return self.response(200, result=generate_csrf())
Reference in New Issue View Git Blame Copy Permalink