Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalidate user session on password reset #45139

Merged
merged 8 commits into from
Dec 22, 2024

Conversation

shubhamraj-git
Copy link
Contributor

@shubhamraj-git shubhamraj-git commented Dec 21, 2024

Session expire on pass change

The key difference is automatic transaction handling in the UI vs the manual control required in CLI operations. In the CLI, it does not automatically commit the session unless you explicitly tell it to, while the UI framework does this at the end of a successful request. So, session.commit() is added.


^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

@potiuk
Copy link
Member

potiuk commented Dec 21, 2024

Just a static check failure :)

Copy link
Contributor

@amoghrajesh amoghrajesh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shubhamraj-git nice work on the PR. Could you please change the PR title to something better, like "Invalidate a session on password change"?

@shubhamraj-git shubhamraj-git force-pushed the session_expire_from_cli branch from 9e2b387 to 86dd8de Compare December 22, 2024 09:32
@potiuk potiuk added this to the Airflow 2.10.5 milestone Dec 22, 2024
@potiuk potiuk added the backport-to-v2-10-test Mark PR with this label to backport to v2-10-test branch label Dec 22, 2024
@potiuk potiuk removed the backport-to-v2-10-test Mark PR with this label to backport to v2-10-test branch label Dec 22, 2024
@potiuk potiuk removed this from the Airflow 2.10.5 milestone Dec 22, 2024
@potiuk
Copy link
Member

potiuk commented Dec 22, 2024

This is provider-only change - so we do not need to backport it.

@shubhamraj-git shubhamraj-git changed the title Session expire on pass change Invalidate user session on password reset Dec 22, 2024
@eladkal
Copy link
Contributor

eladkal commented Dec 22, 2024

This is provider-only change - so we do not need to backport it.

Not so simple. It was decided that fab provider next release is breaking change and compatible with Airflow 3 only.
https://github.com/eladkal/airflow/blob/c8c5756530b95de7f53b1f4cfc296d04627c7b25/providers/src/airflow/providers/fab/provider.yaml#L53

to release this change to fab provider that is compatible with Airflow 2.9 we need to create a branch from fab tag 1.5.1 and follow on:
https://github.com/apache/airflow/blob/main/PROVIDERS.rst#mixed-governance-model-for-3rd-party-related-community-providers

Copy link
Contributor

@amoghrajesh amoghrajesh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, looks good now +1

@potiuk
Copy link
Member

potiuk commented Dec 22, 2024

This is provider-only change - so we do not need to backport it.

Not so simple. It was decided that fab provider next release is breaking change and compatible with Airflow 3 only. https://github.com/eladkal/airflow/blob/c8c5756530b95de7f53b1f4cfc296d04627c7b25/providers/src/airflow/providers/fab/provider.yaml#L53

to release this change to fab provider that is compatible with Airflow 2.9 we need to create a branch from fab tag 1.5.1 and follow on: https://github.com/apache/airflow/blob/main/PROVIDERS.rst#mixed-governance-model-for-3rd-party-related-community-providers

Indeed. First time!. So wiil simply need to create a branch from FAB and use cherry-picker to cherry-pick it there after merging. Probably manual cherry_picker command. I can do it once this one is merged.

@potiuk potiuk merged commit cf401c4 into apache:main Dec 22, 2024
64 checks passed
potiuk pushed a commit to potiuk/airflow that referenced this pull request Dec 22, 2024
…e#45139)

* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>
potiuk pushed a commit to potiuk/airflow that referenced this pull request Dec 22, 2024
…e#45139)

* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>
potiuk pushed a commit to potiuk/airflow that referenced this pull request Dec 22, 2024
…e#45139)

* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>
potiuk pushed a commit to potiuk/airflow that referenced this pull request Dec 22, 2024
…e#45139)

* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>
potiuk pushed a commit to potiuk/airflow that referenced this pull request Dec 22, 2024
…e#45139)

* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>
potiuk pushed a commit to potiuk/airflow that referenced this pull request Dec 22, 2024
…e#45139)

* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>

Avoid 1.1.8 version of msgraph-core (apache#45044)

The 1.1.8 version of msgraph-core is buggy - importing some basic
classes causes import error "ABCMeta" is not subscriptable.

We are removing the version from azure provider dependencies hoping
that it will be fixed in the next version.

microsoftgraph/msgraph-sdk-python-core#781
(cherry picked from commit 3310b86)
potiuk pushed a commit to potiuk/airflow that referenced this pull request Dec 23, 2024
…e#45139)

* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>
potiuk added a commit to potiuk/airflow that referenced this pull request Dec 23, 2024
The apache#45139 imported isabs from "airflow.www.app" - but isabs has
been added there fairly recently and it is anyhow stdlib's os.path
isabs - so it should be imported from there.

This breaks fab 1.5.2 backport compatibility tests, so we need to
cherry-pick it there alongside apache#45139
potiuk added a commit that referenced this pull request Dec 23, 2024
The #45139 imported isabs from "airflow.www.app" - but isabs has
been added there fairly recently and it is anyhow stdlib's os.path
isabs - so it should be imported from there.

This breaks fab 1.5.2 backport compatibility tests, so we need to
cherry-pick it there alongside #45139
potiuk added a commit to potiuk/airflow that referenced this pull request Dec 23, 2024
The apache#45139 imported isabs from "airflow.www.app" - but isabs has
been added there fairly recently and it is anyhow stdlib's os.path
isabs - so it should be imported from there.

This breaks fab 1.5.2 backport compatibility tests, so we need to
cherry-pick it there alongside apache#45139

(cherry picked from commit 7002966)
potiuk added a commit that referenced this pull request Dec 23, 2024
The #45139 imported isabs from "airflow.www.app" - but isabs has
been added there fairly recently and it is anyhow stdlib's os.path
isabs - so it should be imported from there.

This breaks fab 1.5.2 backport compatibility tests, so we need to
cherry-pick it there alongside #45139

(cherry picked from commit 7002966)
potiuk pushed a commit that referenced this pull request Dec 24, 2024
* session expire on pass change

* fix statis checks

* add tests
(cherry picked from commit cf401c4)

Co-authored-by: Shubham Raj <48172486+shubhamraj-git@users.noreply.github.com>
potiuk added a commit that referenced this pull request Dec 24, 2024
The #45139 imported isabs from "airflow.www.app" - but isabs has
been added there fairly recently and it is anyhow stdlib's os.path
isabs - so it should be imported from there.

This breaks fab 1.5.2 backport compatibility tests, so we need to
cherry-pick it there alongside #45139

(cherry picked from commit 7002966)
LefterisXefteris pushed a commit to LefterisXefteris/airflow that referenced this pull request Jan 5, 2025
* session expire on pass change

* fix statis checks

* add tests
LefterisXefteris pushed a commit to LefterisXefteris/airflow that referenced this pull request Jan 5, 2025
The apache#45139 imported isabs from "airflow.www.app" - but isabs has
been added there fairly recently and it is anyhow stdlib's os.path
isabs - so it should be imported from there.

This breaks fab 1.5.2 backport compatibility tests, so we need to
cherry-pick it there alongside apache#45139
agupta01 pushed a commit to agupta01/airflow that referenced this pull request Jan 6, 2025
* session expire on pass change

* fix statis checks

* add tests
agupta01 pushed a commit to agupta01/airflow that referenced this pull request Jan 6, 2025
The apache#45139 imported isabs from "airflow.www.app" - but isabs has
been added there fairly recently and it is anyhow stdlib's os.path
isabs - so it should be imported from there.

This breaks fab 1.5.2 backport compatibility tests, so we need to
cherry-pick it there alongside apache#45139
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants