# HG changeset patch # User Thomas De Schampheleire # Date 1585045445 -3600 # Node ID afe30226491e162ee00795637a8eea8ced786b82 # Parent 9d3ac5963e4ef836f1600bff67253b982cb089a8 login: assert that the validated user actually is found Due to another bug, it was possible that authentication succeeded but the user object couldn't be obtained. This was for example noticed when the LDAP auth module did not correctly parse the email attribute, and a login via email was attempted. In this case, the user was retrieved from email address and LDAP found the user, but the email attribute in the Kallithea database was then changed incorrectly and a subsequent retrieval based on the same original email address would not find the user. Such problem would lead to an assert in Kallithea: File ".../kallithea/controllers/login.py", line 104, in index auth_user = log_in_user(user, c.form_result['remember'], is_external_auth=False, ip_addr=request.ip_addr) File ".../kallithea/lib/base.py", line 122, in log_in_user assert not user.is_default_user, user AttributeError: 'NoneType' object has no attribute 'is_default_user' This assert cought the problem but is not a spot-on indicator of the real problem. Instead, we can catch this problem sooner by adding an assert already in the login controller. diff -r 9d3ac5963e4e -r afe30226491e kallithea/controllers/login.py --- a/kallithea/controllers/login.py Wed Mar 25 16:24:26 2020 +0100 +++ b/kallithea/controllers/login.py Tue Mar 24 11:24:05 2020 +0100 @@ -83,6 +83,7 @@ # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username_or_email(username, case_insensitive=True) + assert user is not None # the same user get just passed in the form validation except formencode.Invalid as errors: defaults = errors.value # remove password from filling in form again