Mercurial > kallithea

changeset 7695:31aa5b6c107d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: remove AuthUser __init__ magic for fallback to default user instead of the requested user Be reliably explicit about what user we expect. If we want default user / anonymous user, say so explicitly.
author Mads Kiilerich <mads@kiilerich.com>
date Sun, 07 Apr 2019 23:44:17 +0200
parents 1e83cda87899
children 077ba994ee03
files kallithea/lib/auth.py kallithea/lib/base.py
diffstat 2 files changed, 12 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Thu Jan 03 01:22:06 2019 +0100
+++ b/kallithea/lib/auth.py	Sun Apr 07 23:44:17 2019 +0200
@@ -400,7 +400,7 @@
 
     def __init__(self, user_id=None, dbuser=None, authenticating_api_key=None,
             is_external_auth=False):
-        self.is_external_auth = is_external_auth
+        self.is_external_auth = is_external_auth # container auth - don't show logout option
         self.authenticating_api_key = authenticating_api_key
 
         # These attributes will be overridden by fill_data, below, unless the
@@ -416,27 +416,22 @@
 
         # Look up database user, if necessary.
         if user_id is not None:
+            assert dbuser is None
             log.debug('Auth User lookup by USER ID %s', user_id)
             dbuser = UserModel().get(user_id)
+            assert dbuser is not None
         else:
-            # Note: dbuser is allowed to be None.
+            assert dbuser is not None
             log.debug('Auth User lookup by database user %s', dbuser)
 
-        is_user_loaded = self._fill_data(dbuser)
-
-        # If user cannot be found, try falling back to anonymous.
-        if is_user_loaded:
-            assert dbuser is not None
+        if self._fill_data(dbuser):
             self.is_default_user = dbuser.is_default_user
         else:
-            default_user = User.get_default_user(cache=True)
-            is_user_loaded = self._fill_data(default_user)
-            self.is_default_user = is_user_loaded
-
-        self.is_anonymous = not is_user_loaded or self.is_default_user
-
-        if not self.username:
+            assert dbuser.is_default_user
+            assert not self.username
             self.username = 'None'
+            self.is_default_user = False
+        self.is_anonymous = dbuser.is_default_user
 
         log.debug('Auth User is now %s', self)
 
--- a/kallithea/lib/base.py	Thu Jan 03 01:22:06 2019 +0100
+++ b/kallithea/lib/base.py	Sun Apr 07 23:44:17 2019 +0200
@@ -432,8 +432,9 @@
                     return log_in_user(user, remember=False,
                                        is_external_auth=True)
 
-        # User is anonymous
-        return AuthUser()
+        # User is default user (if active) or anonymous
+        default_user = User.get_default_user(cache=True)
+        return AuthUser(dbuser=default_user)
 
     @staticmethod
     def _basic_security_checks():