Skip to content

Commit

Permalink
Merge pull request #308 from smacker/oauth_support
Browse files Browse the repository at this point in the history 
Oauth support
  • Loading branch information
@smacker
smacker authored Oct 22, 2019
2 parents 5cc50c4 + 21524cc commit b17b7af
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 30 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

## [Unreleased]

### Added

- Support for Google OAuth authorization ([#293](https://github.com/src-d/sourced-ui/issues/293))

### Changed

- Superset was updated to v0.34.1, which brings some bug fixes. See more details in [their changelog](https://github.com/apache/incubator-superset/blob/master/CHANGELOG.md#0341-20190927-1822-0000) ([#278](https://github.com/src-d/sourced-ui/issues/278)).
Expand Down
65 changes: 35 additions & 30 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,36 +22,41 @@ The image is designed to be deployed as two containers, one with `SUPERSET_ENV=p

You can configure the Docker image using the following environment variables:

| Environment Variable | Description |
|-----------------------|------------------------------------------------------------------|
| `ADMIN_LOGIN` | Username for the admin user |
| `ADMIN_FIRST_NAME` | First name of the admin user |
| `ADMIN_LAST_NAME` | Last name of the admin user |
| `ADMIN_EMAIL` | Email of the admin user |
| `ADMIN_PASSWORD` | Password of the admin user |
| `BBLFSH_WEB_HOST` | Hostname for bblfsh-web |
| `BBLFSH_WEB_PORT` | Port for bblfsh-web |
| `GITBASE_HOST` | Hostname for Gitbase |
| `GITBASE_PORT` | Port for Gitbase |
| `GITBASE_DB` | Database name for Gitbase |
| `GITBASE_USER` | Username for Gitbase |
| `GITBASE_PASSWORD` | Password for Gitbase |
| `POSTGRES_HOST` | Hostname for Superset DB |
| `POSTGRES_PORT` | Port for Superset DB |
| `POSTGRES_DB` | Database for Superset DB |
| `POSTGRES_USER` | Username for Superset DB |
| `POSTGRES_PASSWORD` | Password for Superset DB |
| `REDIS_HOST` | Hostname for Redis |
| `REDIS_PORT` | Port for Redis |
| `SUPERSET_ENV` | Environment Superset runs in `production`/`celery`/`development` |
| `SUPERSET_NO_INIT_DB` | Does not run the database init script if set to `true` |
| `SYNC_MODE` | Adds metadata datasource and welcome dashboard if set to `true` |
| `METADATA_HOST` | Hostname for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_PORT` | Port for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_USER` | Username for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_PASSWORD` | Password for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_DB` | Database name for metadata (when `SYNC_MODE` is set to `true`) |

| Environment Variable | Description |
|---------------------------|-------------------------------------------------------------------------|
| `ADMIN_LOGIN` | Username for the admin user |
| `ADMIN_FIRST_NAME` | First name of the admin user |
| `ADMIN_LAST_NAME` | Last name of the admin user |
| `ADMIN_EMAIL` | Email of the admin user |
| `ADMIN_PASSWORD` | Password of the admin user |
| `BBLFSH_WEB_HOST` | Hostname for bblfsh-web |
| `BBLFSH_WEB_PORT` | Port for bblfsh-web |
| `GITBASE_HOST` | Hostname for Gitbase |
| `GITBASE_PORT` | Port for Gitbase |
| `GITBASE_DB` | Database name for Gitbase |
| `GITBASE_USER` | Username for Gitbase |
| `GITBASE_PASSWORD` | Password for Gitbase |
| `POSTGRES_HOST` | Hostname for Superset DB |
| `POSTGRES_PORT` | Port for Superset DB |
| `POSTGRES_DB` | Database for Superset DB |
| `POSTGRES_USER` | Username for Superset DB |
| `POSTGRES_PASSWORD` | Password for Superset DB |
| `REDIS_HOST` | Hostname for Redis |
| `REDIS_PORT` | Port for Redis |
| `SUPERSET_ENV` | Environment Superset runs in `production`/`celery`/`development` |
| `SUPERSET_NO_INIT_DB` | Does not run the database init script if set to `true` |
| `SYNC_MODE` | Adds metadata datasource and welcome dashboard if set to `true` |
| `METADATA_HOST` | Hostname for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_PORT` | Port for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_USER` | Username for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_PASSWORD` | Password for metadata DB (when `SYNC_MODE` is set to `true`) |
| `METADATA_DB` | Database name for metadata (when `SYNC_MODE` is set to `true`) |
| `OAUTH_PROVIDER` | Use OAuth provider for authorization. Currently only `google` |
| `OAUTH_CONSUMER_KEY` | OAuth provider consumer key (aka client_id) |
| `OAUTH_CONSUMER_SECRET` | OAuth provider consumer secret (aka client_secret) |
| `OAUTH_REGISTRATION_ROLE` | The role for newly registered users using OAuth `Admin`/`Alpha`/`Gamma` |

To see the differences between roles in `OAUTH_REGISTRATION_ROLE` variable consult [official superset documentation](https://superset.incubator.apache.org/security.html#provided-roles).

## Contribute

Expand Down
2 changes: 2 additions & 0 deletions superset/contrib/docker/requirements-extra.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,5 @@ thrift==0.11.0
-e git+https://github.com/src-d/[email protected]#egg=PyHive
# for cache and queue
redis==3.2.1
# for OAuth login
Flask-OAuthlib==0.9.5
33 changes: 33 additions & 0 deletions superset/contrib/docker/superset_config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,36 @@ def mutator(f):
# This parameter documented as deprecated but frontend still uses it
# Should match `--timeout` value of gunicorn
SUPERSET_WEBSERVER_TIMEOUT = 300

# Authorization configuration

OAUTH_PROVIDER = get_env_variable('OAUTH_PROVIDER', False)
OAUTH_PROVIDERS = [
{
'name': 'google',
'icon': 'fa-google',
'token_key': 'access_token',
'remote_app': {
'consumer_key': get_env_variable('OAUTH_CONSUMER_KEY'),
'consumer_secret': get_env_variable('OAUTH_CONSUMER_SECRET'),
'base_url': 'https://www.googleapis.com/oauth2/v2/',
'request_token_params': {
'scope': 'email profile'
},
'request_token_url': None,
'access_token_url': 'https://accounts.google.com/o/oauth2/token',
'authorize_url': 'https://accounts.google.com/o/oauth2/auth'
}
}
]

if OAUTH_PROVIDER:
if OAUTH_PROVIDER not in [p['name'] for p in OAUTH_PROVIDERS]:
raise EnvironmentError(
'Unknown OAuth provider {}'.format(OAUTH_PROVIDER))

from flask_appbuilder.security.manager import AUTH_OAUTH

AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = get_env_variable('OAUTH_REGISTRATION_ROLE')

0 comments on commit b17b7af

Please sign in to comment.