Mercurial > kallithea
view .hgignore @ 5548:23a86f1c33a1
auth: note that we never emit authuser "cookies" for the default user
The only place where we set "authuser" in the session is in log_in_user,
which is called only by the internal auth system and by auth plugins.
The internal auth system cannot log a user in as the default user,
because the default user doesn't have a password (and cannot have a
password assigned). Auth plugins cannot log a user in as the default
user, because the user doesn't have the right extern_type. As such, it's
a bug if log_in_user is ever called with the default user (which this
commit documents with an assert).
This realization makes the is_authenticated field of the authuser cookie
redundant, as it's always True. It also emphasizes that is_default_user
and is_authenticated are mutually exclusive.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 08 Sep 2015 11:00:02 +0200 |
parents | bfa66e8887d7 |
children | 9358211ee144 |
line wrap: on
line source
syntax: glob *.pyc *.swp *.sqlite *.tox *.egg-info *.egg *.mo .eggs/ tarballcache/ syntax: regexp ^rcextensions ^build ^dist/ ^docs/build/ ^docs/_build/ ^data$ ^kallithea/tests/data$ ^sql_dumps/ ^\.settings$ ^\.project$ ^\.pydevproject$ ^\.coverage$ ^kallithea\.db$ ^test\.db$ ^Kallithea\.egg-info$ ^my\.ini$ ^fabfile.py ^\.idea$ ^\.cache$