From 0aad9c6f4820ba3e917ca49a154a03fa74c4c11c Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Wed, 29 Jul 2020 09:32:10 +0100
Subject: [PATCH] fix(log): log endpoint authentication (#10435)

* fix(log): log crashes if expired or not authenticated

* add auth to log endpoint
---
 superset/utils/log.py  | 2 +-
 superset/views/core.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/superset/utils/log.py b/superset/utils/log.py
index 1b6e1b694..5b11d4538 100644
--- a/superset/utils/log.py
+++ b/superset/utils/log.py
@@ -42,7 +42,7 @@ class AbstractEventLogger(ABC):
         @functools.wraps(f)
         def wrapper(*args: Any, **kwargs: Any) -> Any:
             user_id = None
-            if g.user:
+            if hasattr(g, "user") and g.user:
                 user_id = g.user.get_id()
             payload = request.form.to_dict() or {}
 
diff --git a/superset/views/core.py b/superset/views/core.py
index fdf989268..e4f6be3d1 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -1690,6 +1690,7 @@ class Superset(BaseSupersetView):  # pylint: disable=too-many-public-methods
 
     @api
     @event_logger.log_this
+    @has_access
     @expose("/log/", methods=["POST"])
     def log(self) -> FlaskResponse:  # pylint: disable=no-self-use
         return Response(status=200)