fix(security): add missing active attribute to GuestUser class

[irodriguez-nebustream]

SUMMARY

Fixes a SupersetApiError where 'GuestUser' object has no attribute 'active' occurred when using guest authentication in embedded dashboards.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

Set up Superset with embedded dashboard configuration
Create a guest token for embedded dashboard access
Access an embedded dashboard using guest authentication
Verify that the dashboard loads without the 'GuestUser' object has no attribute 'active' error
Confirm that guest user authentication flows work properly throughout the application

Changes made:

Added self.active = True to the GuestUser.init method since guest users are active by definition (they have valid authentication tokens)
Added is_active property that returns self.active to match the Flask-AppBuilder User model interface
Added proper documentation explaining the purpose of these attributes
This ensures GuestUser objects provide the same authentication interface as regular users for attributes relevant to guest authentication, while maintaining the distinction that guest users are temporary and don't have database-persisted attributes.

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[bito-code-review]

Code Review Agent Run #24bed3

Actionable Suggestions - 0

Additional Suggestions - 1

• superset/security/guest_token.py - 1

  • Docstring formatting issues in is_active method · Line 82-82
    The `is_active` method docstring has formatting issues: missing blank line after summary line and multi-line summary not starting at first line. Please follow PEP 257 docstring conventions.
    Code suggestion

     @@ -80,9 +81,10 @@
          @property
          def is_active(self) -> bool:
              """
    -        Property to match Flask-AppBuilder User model interface.
    -        Returns the active status of the guest user.
    +        Returns the active status of the guest user.
    +        
    +        Property to match Flask-AppBuilder User model interface.
              """
              return self.active
     

Review Details

• Files reviewed - 1 · Commit Range: 219a217..219a217

  • superset/security/guest_token.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[korbit-ai]

I've completed my review and didn't find any issues.

Files scanned

​

File Path	Reviewed
superset/security/guest_token.py	✅

Explore our documentation to understand the languages and file types we support and the files we ignore.

Check out our docs on how you can make Korbit work best for you and your team.

Loving Korbit!? Share us on LinkedIn Reddit and X

[codecov]

Codecov Report

❌ Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 71.87%. Comparing base (d39c55e) to head (219a217).
⚠️ Report is 3 commits behind head on master.

Files with missing lines	Patch %	Lines
superset/security/guest_token.py	75.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #35507       +/-   ##
===========================================
+ Coverage        0   71.87%   +71.87%     
===========================================
  Files           0      589      +589     
  Lines           0    43576    +43576     
  Branches        0     4713     +4713     
===========================================
+ Hits            0    31322    +31322     
- Misses          0    11018    +11018     
- Partials        0     1236     +1236     

Flag	Coverage Δ
hive	46.29% <50.00%> (?)
mysql	70.91% <75.00%> (?)
postgres	70.96% <75.00%> (?)
presto	50.00% <50.00%> (?)
python	71.84% <75.00%> (?)
sqlite	70.55% <75.00%> (?)
unit	100.00% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sadpandajoe]

Duplicate PR. Pr #35454 already addresses it.