feat(security): add guest user attributes and get_guest_user_attribute() macro

[Yash2412]

SUMMARY

Add support for user attributes in guest tokens and a corresponding Jinja macro get_guest_user_attribute() to enable dynamic user-specific data filtering in embedded dashboards.

Changes include:

• Add attributes field to GuestTokenUser TypedDict and GuestUser class
• Implement get_guest_user_attribute(attribute_name, default=None) Jinja macro
• Update guest token API schema to accept and validate user attributes
• Integrate attributes with cache key mechanism for proper cache invalidation
• Comprehensive test coverage for new functionality

This enables embedded dashboard use cases like multi-tenant data filtering, role-based access control, and regional data restrictions by allowing applications to pass user-specific attributes when creating guest tokens.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

1. Test Guest Token Creation with Attributes:

   # Create guest token with user attributes
   user = {
       "username": "test_user",
       "attributes": {
           "tenant": "company_123",
           "region": "us-west"
       }
   }
   resources = [{"type": "dashboard", "id": "test-dashboard-uuid"}]
   token = security_manager.create_guest_access_token(user, resources, [])

2. Test Jinja Macro in SQL Lab:

   • Login as admin and go to SQL Lab
   • Create a test dataset with query:

   SELECT 
       '{{ get_guest_user_attribute("tenant", "default") }}' as tenant,
       '{{ get_guest_user_attribute("region", "global") }}' as region

   • Verify it returns "default" and "global" for non-guest users

3. Test with Guest Token:

   • Use created guest token to access embedded dashboard
   • Verify SQL queries using the macro resolve to correct attribute values
   • Test cache key generation includes attribute values

4. Test Backward Compatibility:

   • Create guest token without attributes field
   • Verify existing functionality works unchanged
   • Verify macro returns default values when attributes not present

5. Run Test Suite:

   python -m pytest tests/integration_tests/security_tests.py::TestGuestTokens -v
   python -m pytest tests/unit_tests/jinja_context_test.py -v

ADDITIONAL INFORMATION

• Has associated issue: #33922
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

Files Modified:

• superset/security/guest_token.py - Add attributes field to GuestTokenUser and GuestUser
• superset/security/api.py - Update UserSchema validation
• superset/jinja_context.py - Add get_guest_user_attribute() macro
• tests/integration_tests/security_tests.py - Guest token tests
• tests/unit_tests/jinja_context_test.py - Jinja macro tests

Backward Compatibility: Fully backward compatible - attributes field is optional with graceful fallbacks.

[github-actions]

Congrats on making your first PR and thank you for contributing to Superset! 🎉 ❤️

We hope to see you in our Slack community too! Not signed up? Use our Slack App to self-register.

[korbit-ai]

Review by Korbit AI

Korbit automatically attempts to detect when you fix issues in new commits.

Category	Issue	Status
	SQL Injection Vulnerability in Guest User Attributes ▹ view	🧠 Incorrect

Files scanned

​

File Path	Reviewed
superset/security/guest_token.py	✅
superset/security/api.py	✅
docs/docs/configuration/sql-templating.mdx	✅
superset/jinja_context.py	✅

Explore our documentation to understand the languages and file types we support and the files we ignore.

Check out our docs on how you can make Korbit work best for you and your team.

Loving Korbit!? Share us on LinkedIn Reddit and X

[codecov]

Codecov Report

Attention: Patch coverage is 20.83333% with 19 lines in your changes missing coverage. Please review.

Project coverage is 72.87%. Comparing base (e25be0f) to head (eff9b17).
Report is 5 commits behind head on master.

Files with missing lines	Patch %	Lines
superset/jinja_context.py	9.52%	19 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #33924       +/-   ##
===========================================
+ Coverage        0   72.87%   +72.87%     
===========================================
  Files           0      559      +559     
  Lines           0    40471    +40471     
  Branches        0     4256     +4256     
===========================================
+ Hits            0    29492    +29492     
- Misses          0     9875     +9875     
- Partials        0     1104     +1104     

Flag	Coverage Δ
hive	47.17% <20.83%> (?)
mysql	71.86% <20.83%> (?)
postgres	71.91% <20.83%> (?)
presto	50.94% <20.83%> (?)
python	72.83% <20.83%> (?)
sqlite	71.45% <20.83%> (?)
unit	100.00% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sadpandajoe]

@Yash2412 thanks for opening a SIP for this. Here are the instruction for the SIP process before this PR can be merged: #5602. If @mistercrunch or @michael-s-molina does not think this requires a SIP, we can go through our regular PR process to get this merged.