Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ def login_callback(request: Request):

if relay_state == "login-redirect":
response = RedirectResponse(url=url, status_code=303)
secure = bool(conf.get("api", "ssl_cert", fallback=""))
secure = request.base_url.scheme == "https" or bool(conf.get("api", "ssl_cert", fallback=""))
# In Airflow 3.1.1 authentication changes, front-end no longer handle the token
# See https://github.com/apache/airflow/pull/55506
cookie_path = get_cookie_path()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -80,15 +80,15 @@ def test_client():
yield TestClient(create_app())


def get_login_callback_response(relay_state: str):
def get_login_callback_response(relay_state: str, *, base_url: str = "http://testserver"):
with conf_vars(
{
(
"core",
"auth_manager",
): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
("aws_auth_manager", "saml_metadata_url"): SAML_METADATA_URL,
("api", "ssl_cert"): "false",
("api", "ssl_cert"): "",
}
):
with (
Expand All @@ -112,7 +112,7 @@ def get_login_callback_response(relay_state: str):
"email": ["email"],
}
mock_init_saml_auth.return_value = auth
client = TestClient(create_app())
client = TestClient(create_app(), base_url=base_url)
return client.post(
AUTH_MANAGER_FASTAPI_APP_PREFIX + "/login_callback",
follow_redirects=False,
Expand Down Expand Up @@ -141,6 +141,11 @@ def test_login_callback_successful_with_relay_state_redirect(self):
assert "_token" in response.cookies
assert response.headers["location"].startswith("http://localhost:8080/")

def test_login_callback_sets_secure_cookie_behind_tls_proxy(self):
response = get_login_callback_response("login-redirect", base_url="https://testserver")

assert "Secure" in response.headers["set-cookie"]

def test_login_callback_successful_with_relay_state_token(self):
response = get_login_callback_response("login-token")
assert response.status_code == 200
Expand Down