Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AttributeError: 'ApiUser' object has no attribute 'email' #1824

Closed
sreynen opened this issue Jun 14, 2017 · 4 comments
Closed

AttributeError: 'ApiUser' object has no attribute 'email' #1824

sreynen opened this issue Jun 14, 2017 · 4 comments
Milestone
v3

Comments

@sreynen
Copy link
Contributor

sreynen commented Jun 14, 2017

Issue Summary

API POST calls to /api/queries/###/refresh throw this error on 1.0.3+b2850

Steps to Reproduce

  1. Make a POST call to /api/queries/###/refresh
  2. See error in api_error.log and 500 result

Full error with trace:

Exception on /api/queries/###/refresh [POST]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1639, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1625, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python2.7/dist-packages/flask_restful/__init__.py", line 477, in wrapper
    resp = resource(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/flask_login/utils.py", line 228, in decorated_view
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/flask/views.py", line 84, in view
    return self.dispatch_request(*args, **kwargs)
  File "/opt/redash/redash.1.0.3.b2850/redash/handlers/base.py", line 28, in dispatch_request
    return super(BaseResource, self).dispatch_request(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/flask_restful/__init__.py", line 587, in dispatch_request
    resp = meth(*args, **kwargs)
  File "/opt/redash/redash.1.0.3.b2850/redash/handlers/queries.py", line 266, in post
    return run_query(query.data_source, parameter_values, query.query_text, query.id)
  File "/opt/redash/redash.1.0.3.b2850/redash/handlers/query_results.py", line 45, in run_query
    job = enqueue_query(query_text, data_source, current_user.id, metadata={"Username": current_user.email, "Query ID": query_id})
  File "/usr/local/lib/python2.7/dist-packages/werkzeug/local.py", line 343, in __getattr__
    return getattr(self._get_current_object(), name)
AttributeError: 'ApiUser' object has no attribute 'email'

Same request worked in some previous version of Redash. Looking at the current code on master, it seems to still make the same reference to current_user.email so assuming this bug still exists, but haven't confirmed that yet.

Technical details:

  • Redash Version: 1.0.3+b2850
  • Browser/OS: N/A
  • How did you install Redash: N/A
@sreynen
Copy link
Contributor Author

sreynen commented Jun 14, 2017

Just to be clear, ### in those URL paths is an actual query ID number.

@arikfr
Copy link
Member

arikfr commented Jun 15, 2017

I assume you call this API call with a query API key?

@sreynen
Copy link
Contributor Author

sreynen commented Jun 15, 2017

Yes, the request is called with an api_key param.

@arikfr
Copy link
Member

arikfr commented Aug 6, 2017

This is the reason for the error. We should probably check the API key here and only allow a user API key, because otherwise it's a security concern (in the case of queries with parameters).

@arikfr arikfr added this to the v3 milestone Aug 6, 2017
@arikfr arikfr closed this as completed in 4e4a3e1 Nov 1, 2017
arikfr added a commit that referenced this issue Nov 1, 2017
@arikfr
Merge pull request #2071 from getredash/bugfixes
a799303 
Fix #1824: allow only user API key to be used with query refresh API.
@arikfr arikfr mentioned this issue Nov 2, 2017
Closed
vabanin added a commit to vabanin/redash that referenced this issue Nov 13, 2017
@vabanin
Merge branch 'master' of https://github.com/getredash/redash
3603745 
* 'master' of https://github.com/getredash/redash: (95 commits)
  CR3
  In editing mode hide menu button and show remove button instead
  Fix: widget menu not visible on small widgets
  Fix widget auto-height behaviour
  Cleanup CSS
  CR2
  CR1
  getredash#335 Better dashboard editor
  CirlceCI: Docker build for release branches.
  Redshift: change default SSL mode to prefer.
  Update v3 CHANGELOG.
  Add Query Results to the default query runners list.
  Add: data source to run queries on top of query results.
  Fix getredash#1824: allow only user API key to be used with query refresh API.
  Disable fork button for those can't fork
  Fix: require full access to the data source to fork a query.
  Remove unused variables
  Fix getredash#1979: API key of one query could be used to get results of another one
  Copy parameters value when forking a query
  Save only the query id instead of query id and name
  ...
dairyo pushed a commit to KiiCorp/redash that referenced this issue Mar 1, 2019
@arikfr
Fix getredash#1824: allow only user API key to be used with query ref…
323a526 
…resh API.
dairyo pushed a commit to KiiCorp/redash that referenced this issue Mar 1, 2019
@arikfr
Merge pull request getredash#2071 from getredash/bugfixes
39c5a50 
Fix getredash#1824: allow only user API key to be used with query refresh API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3
Development

No branches or pull requests
2 participants
@arikfr @sreynen