Mercurial > kallithea
view MANIFEST.in @ 5548:23a86f1c33a1
auth: note that we never emit authuser "cookies" for the default user
The only place where we set "authuser" in the session is in log_in_user,
which is called only by the internal auth system and by auth plugins.
The internal auth system cannot log a user in as the default user,
because the default user doesn't have a password (and cannot have a
password assigned). Auth plugins cannot log a user in as the default
user, because the user doesn't have the right extern_type. As such, it's
a bug if log_in_user is ever called with the default user (which this
commit documents with an assert).
This realization makes the is_authenticated field of the authuser cookie
redundant, as it's always True. It also emphasizes that is_default_user
and is_authenticated are mutually exclusive.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 08 Sep 2015 11:00:02 +0200 |
parents | 19267f233d39 |
children | 968f2d4214e8 |
line wrap: on
line source
include Apache-License-2.0.txt include CONTRIBUTORS include COPYING include LICENSE-MERGELY.html include LICENSE.md include MIT-Permissive-License.txt include README.rst include development.ini recursive-include docs * recursive-include init.d * include kallithea/bin/ldap_sync.conf include kallithea/bin/template.ini.mako include kallithea/config/deployment.ini_tmpl recursive-include kallithea/i18n * recursive-include kallithea/lib/dbmigrate *.py_tmpl README migrate.cfg recursive-include kallithea/public * recursive-include kallithea/templates * recursive-include kallithea/tests/fixtures * recursive-include kallithea/tests/scripts * include kallithea/tests/test.ini include kallithea/tests/vcs/aconfig