zhqagp opened a new issue, #34696: URL: https://github.com/apache/superset/issues/34696
### Bug description When a Guest user accesses via a Guest Token, the asynchronous query function fails to work properly. The root cause lies in the handling logic of the sub field when generating JWT in async_query_manager.py. Specifically: Guest users (GuestUser) do not have an id attribute, and get_user_id() returns None. The code sub = str(user_id) if user_id else None causes the sub field in the JWT for Guest users to be None. JWTs lacking a valid sub field cannot pass subsequent authentication, ultimately preventing Guest users from using asynchronous query functions (such as report generation, long-running queries, etc.). Reproduction steps Generate a valid Guest Token (with necessary permissions). Log in to Superset using this Guest Token. Access features requiring asynchronous processing (e.g., executing time-consuming SQL queries, generating scheduled reports). Observe that the function fails, and the backend logs may show JWT verification errors (missing or invalid sub field). Expected behavior Guest users should be able to use asynchronous query functions normally. The JWT should contain a valid sub field based on the Guest user's unique identifier (e.g., username). Actual behavior When a Guest user triggers an asynchronous query, authentication fails due to the sub field being None in the JWT, making the function unavailable. Screenshots/recordings <img width="970" height="760" alt="Image" src="https://github.com/user-attachments/assets/803535e8-a7aa-4426-b061-a84755b172f6"; /> Config Content LOBAL_ASYNC_QUERIES_REDIS_STREAM_PREFIX = "async-events-" GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME = 'async-token' GLOBAL_ASYNC_QUERIES_JWT_SECRET = 'xxx' GLOBAL_ASYNC_QUERIES_TRANSPORT = "polling" GLOBAL_ASYNC_QUERIES_POLLING_DELAY = 500 GUEST_ROLE_NAME = "Admin" GUEST_TOKEN_JWT_SECRET = "xxx" GUEST_TOKEN_JWT_ALGO = "HS256" GUEST_TOKEN_HEADER_NAME = "X-GuestToken" GUEST_TOKEN_JWT_EXP_SECONDS = 3600*24*30 # 30 days GUEST_TOKEN_JWT_AUDIENCE = 'superset' ### Screenshots/recordings _No response_ ### Superset version 5.0.0 ### Python version 3.11 ### Node version 18 or greater ### Browser Chrome ### Additional context _No response_ ### Checklist - [ ] I have searched Superset docs and Slack and didn't find a solution to my problem. - [ ] I have searched the GitHub issue tracker and didn't find a similar bug report. - [ ] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
