PyPI - apache-airflow-providers-fab - Versions diffs - 2.2.1rc2__py3-none-any.whl → 2.3.0rc1__py3-none-any.whl - Mend

apache-airflow-providers-fab 2.2.1rc2py3-none-any.whl → 2.3.0rc1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

airflow/providers/fab/__init__.py CHANGED Viewed

@@ -29,7 +29,7 @@ from airflow import __version__ as airflow_version
 __all__ = ["__version__"]
-__version__ = "2.2.1"
+__version__ = "2.3.0"
 if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
     "3.0.2"

airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py CHANGED Viewed

@@ -18,8 +18,9 @@
 from __future__ import annotations
+from collections.abc import Callable
 from functools import wraps
-from typing import TYPE_CHECKING, Any, Callable, TypeVar, cast
+from typing import TYPE_CHECKING, Any, TypeVar, cast
 from flask import Response, current_app, request
 from flask_appbuilder.const import AUTH_LDAP

airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py CHANGED Viewed

@@ -19,8 +19,9 @@ from __future__ import annotations
 import logging
 import os
+from collections.abc import Callable
 from functools import wraps
-from typing import TYPE_CHECKING, Any, Callable, NamedTuple, TypeVar, cast
+from typing import TYPE_CHECKING, Any, NamedTuple, TypeVar, cast
 import kerberos
 from flask import Response, current_app, g, make_response, request

airflow/providers/fab/auth_manager/api/auth/backend/session.py CHANGED Viewed

@@ -18,8 +18,9 @@
 from __future__ import annotations
+from collections.abc import Callable
 from functools import wraps
-from typing import Any, Callable, TypeVar, cast
+from typing import Any, TypeVar, cast
 from flask import Response

airflow/providers/fab/auth_manager/api_fastapi/openapi/v2-fab-auth-manager-generated.yaml CHANGED Viewed

@@ -6,7 +6,7 @@ info:
     endpoints to manage users and permissions managed by the FAB auth manager.
   version: 0.1.0
 paths:
-  /token:
+  /auth/token:
     post:
       tags:
       - FabAuthManager
@@ -44,7 +44,7 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/HTTPValidationError'
-  /token/cli:
+  /auth/token/cli:
     post:
       tags:
       - FabAuthManager

airflow/providers/fab/auth_manager/api_fastapi/services/login.py CHANGED Viewed

@@ -18,6 +18,7 @@ from __future__ import annotations
 from typing import TYPE_CHECKING, cast
+from flask_appbuilder.const import AUTH_LDAP
 from starlette import status
 from starlette.exceptions import HTTPException
@@ -44,14 +45,22 @@ class FABAuthManagerLogin:
             )
         auth_manager = cast("FabAuthManager", get_auth_manager())
-        user: User = auth_manager.security_manager.find_user(username=body.username)
+        user: User | None = None
+        if auth_manager.security_manager.auth_type == AUTH_LDAP:
+            user = auth_manager.security_manager.auth_user_ldap(
+                body.username, body.password, rotate_session_id=False
+            )
+        if user is None:
+            user = auth_manager.security_manager.auth_user_db(
+                body.username, body.password, rotate_session_id=False
+            )
         if not user:
-            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid username")
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
-        if auth_manager.security_manager.check_password(username=body.username, password=body.password):
-            return LoginResponse(
-                access_token=auth_manager.generate_jwt(
-                    user=user, expiration_time_in_seconds=expiration_time_in_seconds
-                )
+        return LoginResponse(
+            access_token=auth_manager.generate_jwt(
+                user=user, expiration_time_in_seconds=expiration_time_in_seconds
             )
-        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid password")
+        )

airflow/providers/fab/auth_manager/security_manager/override.py CHANGED Viewed

@@ -62,7 +62,7 @@ from flask_babel import lazy_gettext
 from flask_jwt_extended import JWTManager
 from flask_login import LoginManager
 from itsdangerous import want_bytes
-from markupsafe import Markup
+from markupsafe import Markup, escape
 from sqlalchemy import func, inspect, or_, select
 from sqlalchemy.exc import MultipleResultsFound
 from sqlalchemy.orm import joinedload
@@ -547,8 +547,9 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             user_session_model = interface.sql_session_model
             num_sessions = session.query(user_session_model).count()
             if num_sessions > MAX_NUM_DATABASE_USER_SESSIONS:
+                safe_username = escape(user.username)
                 self._cli_safe_flash(
-                    f"The old sessions for user {user.username} have <b>NOT</b> been deleted!<br>"
+                    f"The old sessions for user {safe_username} have <b>NOT</b> been deleted!<br>"
                     f"You have a lot ({num_sessions}) of user sessions in the 'SESSIONS' table in "
                     f"your database.<br> "
                     "This indicates that this deployment might have an automated API calls that create "
@@ -565,9 +566,10 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
                         session.delete(s)
                 session.commit()
         else:
+            safe_username = escape(user.username)
             self._cli_safe_flash(
                 "Since you are using `securecookie` session backend mechanism, we cannot prevent "
-                f"some old sessions for user {user.username} to be reused.<br> If you want to make sure "
+                f"some old sessions for user {safe_username} to be reused.<br> If you want to make sure "
                 "that the user is logged out from all sessions, you should consider using "
                 "`database` session backend mechanism.<br> You can also change the 'secret_key` "
                 "webserver configuration for all your webserver instances and restart the webserver. "
@@ -1723,7 +1725,7 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
     --------------------
     """
-    def auth_user_ldap(self, username, password):
+    def auth_user_ldap(self, username, password, rotate_session_id=True):
         """
         Authenticate user with LDAP.
@@ -1890,7 +1892,8 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             # LOGIN SUCCESS (only if user is now registered)
             if user:
-                self._rotate_session_id()
+                if rotate_session_id:
+                    self._rotate_session_id()
                 self.update_user_auth_stat(user)
                 return user
             return None
@@ -1919,7 +1922,7 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             return False
         return check_password_hash(user.password, password)
-    def auth_user_db(self, username, password):
+    def auth_user_db(self, username, password, rotate_session_id=True):
         """
         Authenticate user, auth db style.
@@ -1927,6 +1930,8 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             The username or registered email address
         :param password:
             The password, will be tested against hashed password on db
+        :param rotate_session_id:
+            Whether to rotate the session ID
         """
         if username is None or username == "":
             return None
@@ -1942,7 +1947,8 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             log.info(LOGMSG_WAR_SEC_LOGIN_FAILED, username)
             return None
         if check_password_hash(user.password, password):
-            self._rotate_session_id()
+            if rotate_session_id:
+                self._rotate_session_id()
             self.update_user_auth_stat(user, True)
             return user
         self.update_user_auth_stat(user, False)

airflow/providers/fab/version_compat.py ADDED Viewed

@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# NOTE! THIS FILE IS COPIED MANUALLY IN OTHER PROVIDERS DELIBERATELY TO AVOID ADDING UNNECESSARY
+# DEPENDENCIES BETWEEN PROVIDERS. IF YOU WANT TO ADD CONDITIONAL CODE IN YOUR PROVIDER THAT DEPENDS
+# ON AIRFLOW VERSION, PLEASE COPY THIS FILE TO THE ROOT PACKAGE OF YOUR PROVIDER AND IMPORT
+# THOSE CONSTANTS FROM IT RATHER THAN IMPORTING THEM FROM ANOTHER PROVIDER OR TEST CODE
+#
+from __future__ import annotations
+def get_base_airflow_version_tuple() -> tuple[int, int, int]:
+    from packaging.version import Version
+    from airflow import __version__
+    airflow_version = Version(__version__)
+    return airflow_version.major, airflow_version.minor, airflow_version.micro
+AIRFLOW_V_3_1_PLUS = get_base_airflow_version_tuple() >= (3, 1, 0)

airflow/providers/fab/www/api_connexion/parameters.py CHANGED Viewed

@@ -17,9 +17,9 @@
 from __future__ import annotations
 import logging
-from collections.abc import Container
+from collections.abc import Callable, Container
 from functools import wraps
-from typing import TYPE_CHECKING, Any, Callable, TypeVar, cast
+from typing import TYPE_CHECKING, Any, TypeVar, cast
 from pendulum.parsing import ParserError
 from sqlalchemy import text

airflow/providers/fab/www/api_connexion/security.py CHANGED Viewed

@@ -16,8 +16,9 @@
 # under the License.
 from __future__ import annotations
+from collections.abc import Callable
 from functools import wraps
-from typing import TYPE_CHECKING, Callable, TypeVar, cast
+from typing import TYPE_CHECKING, TypeVar, cast
 from flask import Response, current_app

airflow/providers/fab/www/api_connexion/types.py CHANGED Viewed

@@ -17,14 +17,12 @@
 from __future__ import annotations
 from collections.abc import Mapping, Sequence
-from typing import Any, Optional, Union
+from typing import Any
 from flask import Response
-APIResponse = Union[
-    Response,
-    tuple[object, int],  # For '(NoContent, 201)'.
-    Mapping[str, Any],  # JSON.
-]
+# tuple[object, int] For '(NoContent, 201)'.
+# Mapping[str, Any] for json
+APIResponse = Response | tuple[object, int] | Mapping[str, Any]
-UpdateMask = Optional[Sequence[str]]
+UpdateMask = Sequence[str] | None

airflow/providers/fab/www/auth.py CHANGED Viewed

@@ -18,9 +18,9 @@ from __future__ import annotations
 import functools
 import logging
-from collections.abc import Sequence
+from collections.abc import Callable, Sequence
 from functools import wraps
-from typing import TYPE_CHECKING, Callable, TypeVar, cast
+from typing import TYPE_CHECKING, TypeVar, cast
 from flask import flash, redirect, render_template, request, url_for
 from flask_appbuilder._compat import as_unicode

airflow/providers/fab/www/extensions/init_views.py CHANGED Viewed

@@ -26,6 +26,7 @@ from connexion.exceptions import BadRequestProblem, ProblemException
 from flask import request
 from airflow.api_fastapi.app import get_auth_manager
+from airflow.providers.fab.version_compat import AIRFLOW_V_3_1_PLUS
 from airflow.providers.fab.www.api_connexion.exceptions import common_error_handler
 if TYPE_CHECKING:
@@ -120,11 +121,14 @@ def init_plugins(app):
             log.debug("Adding view %s without menu", str(type(view["view"])))
             appbuilder.add_view_no_menu(view["view"])
-    for menu_link in sorted(
-        plugins_manager.flask_appbuilder_menu_links, key=lambda x: (x.get("category", ""), x["name"])
-    ):
-        log.debug("Adding menu link %s to %s", menu_link["name"], menu_link["href"])
-        appbuilder.add_link(**menu_link)
+    # Since Airflow 3.1 flask_appbuilder_menu_links are added to the Airflow 3 UI
+    # navbar..
+    if not AIRFLOW_V_3_1_PLUS:
+        for menu_link in sorted(
+            plugins_manager.flask_appbuilder_menu_links, key=lambda x: (x.get("category", ""), x["name"])
+        ):
+            log.debug("Adding menu link %s to %s", menu_link["name"], menu_link["href"])
+            appbuilder.add_link(**menu_link)
     for blue_print in plugins_manager.flask_blueprints:
         log.debug("Adding blueprint %s:%s", blue_print["name"], blue_print["blueprint"].import_name)

apache-airflow-providers-fab 2.2.1rc2__py3-none-any.whl → 2.3.0rc1__py3-none-any.whl

apache-airflow-providers-fab 2.2.1rc2py3-none-any.whl → 2.3.0rc1py3-none-any.whl