Skip to content

Commit

Permalink
Fix authorization check bug (#5504)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ndmlny-qs
ndmlny-qs committed Sep 13, 2023
1 parent ff43d36 commit 65d0a5b
Showing 1 changed file with 16 additions and 6 deletions.
22 changes: 16 additions & 6 deletions panel/io/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -507,22 +507,32 @@ async def get(self, *args, **kwargs):
with set_curdoc(session.document):
resources = Resources.from_bokeh(self.application.resources())
auth_cb = config.authorize_callback
authorized = False
if auth_cb:
auth_cb = config.authorize_callback
auth_params = inspect.signature(auth_cb).parameters
auth_args = (state.user_info,)
if len(auth_params) == 2:
auth_args += (self.request.path,)
if len(auth_params) == 1:
auth_args = (state.user_info,)
elif len(auth_params) == 2:
auth_args = (state.user_info, self.request.path,)
else:
raise RuntimeError(
'Authorization callback must accept either one or two arguments.'
'Authorization callback must accept either 1) a single argument '
'which is the user name or 2) two arguments which includes the '
'user name and the url path the user is trying to access.'
)
auth_error = f'{state.user} is not authorized to access this application.'
try:
authorized = auth_cb(*auth_args)
auth_error = None
if not authorized:
auth_error = (
f'Authorization callback errored. Could not validate user name "{state.user}" '
f'for the given app "{self.request.path}".'
)
if authorized:
auth_error = None
except Exception:
auth_error = f'Authorization callback errored. Could not validate user {state.user}'
auth_error = f'Authorization callback errored. Could not validate user {state.user}.'
else:
authorized = True

Expand Down

0 comments on commit 65d0a5b

Please sign in to comment.