Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting 403 when I use swagger endpoint api/v1/security/roles/ with admin user #23300

Closed
miaguicam7 opened this issue Mar 7, 2023 · 9 comments
Closed

Getting 403 when I use swagger endpoint api/v1/security/roles/ with admin user #23300

miaguicam7 opened this issue Mar 7, 2023 · 9 comments
Labels
#bug Bug report

Comments

@miaguicam7
Copy link

miaguicam7 commented Mar 7, 2023
edited
Loading

I get a 403 response from the security endpoints. The rest of the endpoints work correctly.
He añadido a mi config.py:

FAB_ADD_SECURITY_API = True
PREVENT_UNSAFE_DB_CONNECTIONS = False
SESSION_COOKIE_HTTPONLY=True
TESTING = True
WTF_CSRF_ENABLED = False
FLASK_DEBUG = 1
FAB_API_SHOW_STACKTRACE = True

GUEST_ROLE_NAME = "Gamma"
SESSION_COOKIE_SAMESITE = None
ENABLE_PROXY_FIX = True
PUBLIC_ROLE_LIKE_GAMMA = True

How to reproduce the bug

  1. Generate a bearer token with the user admin
  2. Add Bearer to request
  3. Call to api/v1/security/roles/

Expected results

To obtain the roles

Actual results

403 httpstatus Forebidden

Environment

PYTHON_VERSION | 3.8.16

Checklist

Make sure to follow these steps before submitting your issue - thank you!

  • [x ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
  • [ x] I have reproduced the issue with at least the latest released version of superset.
  • [ x] I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

Add any other context about the problem here.
Captura de pantalla 2023-03-07 a las 16 30 35
@miaguicam7 miaguicam7 added the #bug Bug report label Mar 7, 2023
@miaguicam7 miaguicam7 changed the title getting 403 when I use swagger endpoint api/v1/security/roles/ Getting 403 when I use swagger endpoint api/v1/security/roles/ with admin user Mar 7, 2023
@miaguicam7
Copy link
Author

Is not a bug, just needed superset init.

@harshadv
Copy link

harshadv commented Sep 15, 2023
edited
Loading

How to do superset init, is mentioned here - https://stackoverflow.com/a/76826712/326835

@eviltweats
Copy link

Its still not working for me even after following above link and added init.

@bryanjknight
Copy link

FWIW, I hit this as well and I had set FAB_ADD_SECURITY_API = True after running superset init. I needed to drop my database and rerun superset init with that flag enabled in superset_config.py for it to work

@joshstackintegrated
Copy link

FWIW, I hit this as well and I had set FAB_ADD_SECURITY_API = True after running superset init. I needed to drop my database and rerun superset init with that flag enabled in superset_config.py for it to work

@bryanjknight is drop database really needed? I imagine if a user is in production already then dropping the database might lose alot of data...

@bryanjknight
Copy link

FWIW, I hit this as well and I had set FAB_ADD_SECURITY_API = True after running superset init. I needed to drop my database and rerun superset init with that flag enabled in superset_config.py for it to work

@bryanjknight is drop database really needed? I imagine if a user is in production already then dropping the database might lose alot of data...

@joshstackintegrated I had tried without dropping but couldn't get it to work. I suspect that there might be some configuration in the database tables that needs to happen but I'm not exactly sure. Unfortunately not working on superset anymore but that was my experience from a few months ago

@joshstackintegrated
Copy link

FWIW, I hit this as well and I had set FAB_ADD_SECURITY_API = True after running superset init. I needed to drop my database and rerun superset init with that flag enabled in superset_config.py for it to work

@bryanjknight is drop database really needed? I imagine if a user is in production already then dropping the database might lose alot of data...

@joshstackintegrated I had tried without dropping but couldn't get it to work. I suspect that there might be some configuration in the database tables that needs to happen but I'm not exactly sure. Unfortunately not working on superset anymore but that was my experience from a few months ago

@bryanjknight yeah i was worried that it had to do with some database configuration that happens at superset init. Hopefully a superset dev can shine some more light on this. In case there's a way to manually run the needed changes in the DB without needing to drop it

@darshanik
Copy link

I'm facing the same issue as well. I have also tried the custom initializer class which calls "SupersetSecuritymanager.role_api"

Superset_Forbidden_Error

My Custom Initializer class:

image

superset-config.py:

image
image

I'm not sure if I'm missing anything.

However, I may not be able to drop the data base as our Superset instance is being used by many users in prod.

Would appreciate any help. I looked into the source code and went all the way until the parent class that is being used by superset security manager and not sure why I'm getting 403 forbidden:

https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/sqla/apis/role/api.py

@Fadeevrep
Copy link

A similar problem on superset 4.0.1. I don't even know where to look

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
#bug Bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@bryanjknight @harshadv @eviltweats @miaguicam7 @darshanik @Fadeevrep @joshstackintegrated