# HG changeset patch # User Søren Løvborg # Date 1437911930 -7200 # Node ID 49f656a0ccddea7c9416fb47ceb96a9f12f95e99 # Parent 8b8f51f36542f6ea096e5401d4fb6fbe2324d0d4 auth: miscellaneous improvements and typo fixes diff -r 8b8f51f36542 -r 49f656a0ccdd kallithea/controllers/admin/auth_settings.py --- a/kallithea/controllers/admin/auth_settings.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/controllers/admin/auth_settings.py Sun Jul 26 13:58:50 2015 +0200 @@ -107,6 +107,9 @@ try: new_enabled_plugins = _auth_plugins_validator.to_python(request.POST.get('auth_plugins')) except formencode.Invalid: + # User provided an invalid plugin list. Just fall back to + # the list of currently enabled plugins. (We'll re-validate + # and show an error message to the user, below.) pass else: # Hide plugins that the user has asked to be disabled, but diff -r 8b8f51f36542 -r 49f656a0ccdd kallithea/controllers/login.py --- a/kallithea/controllers/login.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/controllers/login.py Sun Jul 26 13:58:50 2015 +0200 @@ -235,7 +235,7 @@ def authentication_token(self): """Return the CSRF protection token for the session - just like it - could have been screen scrabed from a page with a form. + could have been screen scraped from a page with a form. Only intended for testing but might also be useful for other kinds of automation. """ diff -r 8b8f51f36542 -r 49f656a0ccdd kallithea/lib/auth.py --- a/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 @@ -472,6 +472,8 @@ to the default anonymous user (if enabled). It's up to other parts of the code to check e.g. if a supplied password is correct, and if so, set `is_authenticated` to True. + + However, `AuthUser` does refuse to load a user that is not `active`. """ def __init__(self, user_id=None, api_key=None, username=None, diff -r 8b8f51f36542 -r 49f656a0ccdd kallithea/lib/base.py --- a/kallithea/lib/base.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/lib/base.py Sun Jul 26 13:58:50 2015 +0200 @@ -378,8 +378,8 @@ @staticmethod def _determine_auth_user(api_key, session_authuser): """ - Create an `AuthUser` object given the IP address of the request, the - API key (if any), and the authuser from the session. + Create an `AuthUser` object given the API key (if any) and the + value of the authuser session cookie. """ # Authenticate by API key diff -r 8b8f51f36542 -r 49f656a0ccdd kallithea/model/user.py --- a/kallithea/model/user.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/model/user.py Sun Jul 26 13:58:50 2015 +0200 @@ -333,10 +333,8 @@ def fill_data(self, auth_user, user_id=None, api_key=None, username=None): """ - Fetches auth_user by user_id,or api_key if present. + Fetches auth_user by user_id, api_key or username, if present. Fills auth_user attributes with those taken from database. - Additionally sets is_authenticated if lookup fails - present in database :param auth_user: instance of user to set attributes :param user_id: user id to fetch by