Mercurial > kallithea
changeset 5316:49f656a0ccdd
auth: miscellaneous improvements and typo fixes
author | Søren Løvborg <kwi@kwi.dk> |
---|---|
date | Sun, 26 Jul 2015 13:58:50 +0200 |
parents | 8b8f51f36542 |
children | 71c2b7054e55 |
files | kallithea/controllers/admin/auth_settings.py kallithea/controllers/login.py kallithea/lib/auth.py kallithea/lib/base.py kallithea/model/user.py |
diffstat | 5 files changed, 9 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/auth_settings.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/controllers/admin/auth_settings.py Sun Jul 26 13:58:50 2015 +0200 @@ -107,6 +107,9 @@ try: new_enabled_plugins = _auth_plugins_validator.to_python(request.POST.get('auth_plugins')) except formencode.Invalid: + # User provided an invalid plugin list. Just fall back to + # the list of currently enabled plugins. (We'll re-validate + # and show an error message to the user, below.) pass else: # Hide plugins that the user has asked to be disabled, but
--- a/kallithea/controllers/login.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/controllers/login.py Sun Jul 26 13:58:50 2015 +0200 @@ -235,7 +235,7 @@ def authentication_token(self): """Return the CSRF protection token for the session - just like it - could have been screen scrabed from a page with a form. + could have been screen scraped from a page with a form. Only intended for testing but might also be useful for other kinds of automation. """
--- a/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 @@ -472,6 +472,8 @@ to the default anonymous user (if enabled). It's up to other parts of the code to check e.g. if a supplied password is correct, and if so, set `is_authenticated` to True. + + However, `AuthUser` does refuse to load a user that is not `active`. """ def __init__(self, user_id=None, api_key=None, username=None,
--- a/kallithea/lib/base.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/lib/base.py Sun Jul 26 13:58:50 2015 +0200 @@ -378,8 +378,8 @@ @staticmethod def _determine_auth_user(api_key, session_authuser): """ - Create an `AuthUser` object given the IP address of the request, the - API key (if any), and the authuser from the session. + Create an `AuthUser` object given the API key (if any) and the + value of the authuser session cookie. """ # Authenticate by API key
--- a/kallithea/model/user.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/model/user.py Sun Jul 26 13:58:50 2015 +0200 @@ -333,10 +333,8 @@ def fill_data(self, auth_user, user_id=None, api_key=None, username=None): """ - Fetches auth_user by user_id,or api_key if present. + Fetches auth_user by user_id, api_key or username, if present. Fills auth_user attributes with those taken from database. - Additionally sets is_authenticated if lookup fails - present in database :param auth_user: instance of user to set attributes :param user_id: user id to fetch by