Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Make the login/logout methods in AuthView configurable #2248

Open
shahar1 opened this issue Jun 8, 2024 · 0 comments
Open

Feature Request: Make the login/logout methods in AuthView configurable #2248

shahar1 opened this issue Jun 8, 2024 · 0 comments

Comments

@shahar1
Copy link

shahar1 commented Jun 8, 2024

In Apache Airflow, we have a use case for protecting the logout route from CSRF attacks (apache/airflow#33030), and for that we need to convert the methods of logout route in AuthView to ["POST"] only. As we use the default configuration, we need to override the method manually which is a bit hacky.
It would be nice if we could make the login and logout methods in AuthView configurable, somewhat like the following snippet:

conf = {
    "login_methods": ["POST"],
    "logout_methods": ["POST"}
    ...
}

class AuthView(BaseView):
    route_base = ""
    login_template = ""
    invalid_login_message = lazy_gettext("Invalid login. Please try again.")
    title = lazy_gettext("Sign In")

    @expose("/login/", methods=conf["login_methods"]) # <-
    def login(self):
        pass

    @expose("/logout/", methods=conf["logout_methods"]) # <-
    def logout(self):
        logout_user()
        return redirect(
            self.appbuilder.app.config.get(
                "LOGOUT_REDIRECT_URL", self.appbuilder.get_url_for_index
            )
        )
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shahar1