Mercurial > kallithea
changeset 7704:6104f9106a5a
auth: drop authenticating_api_key from AuthUser
It doesn't belong as a user property - it is more of a session property ...
which is what we already use instead.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 04 Jan 2019 03:51:45 +0100 |
parents | 5c5f0eb45681 |
children | cad3185863e0 |
files | kallithea/lib/auth.py kallithea/lib/base.py |
diffstat | 2 files changed, 4 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Fri Jan 04 03:51:38 2019 +0100 +++ b/kallithea/lib/auth.py Fri Jan 04 03:51:45 2019 +0100 @@ -399,7 +399,7 @@ """ @classmethod - def make(cls, dbuser=None, authenticating_api_key=None, is_external_auth=False, ip_addr=None): + def make(cls, dbuser=None, is_external_auth=False, ip_addr=None): """Create an AuthUser to be authenticated ... or return None if user for some reason can't be authenticated. Checks that a non-None dbuser is provided, is active, and that the IP address is ok. """ @@ -414,13 +414,10 @@ if not check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips): log.info('Access for %s from %s forbidden - not in %s', dbuser.username, ip_addr, allowed_ips) return None - return cls(dbuser=dbuser, authenticating_api_key=authenticating_api_key, - is_external_auth=is_external_auth) + return cls(dbuser=dbuser, is_external_auth=is_external_auth) - def __init__(self, user_id=None, dbuser=None, authenticating_api_key=None, - is_external_auth=False): + def __init__(self, user_id=None, dbuser=None, is_external_auth=False): self.is_external_auth = is_external_auth # container auth - don't show logout option - self.authenticating_api_key = authenticating_api_key # These attributes will be overridden by fill_data, below, unless the # requested user cannot be found and the default anonymous user is
--- a/kallithea/lib/base.py Fri Jan 04 03:51:38 2019 +0100 +++ b/kallithea/lib/base.py Fri Jan 04 03:51:45 2019 +0100 @@ -486,7 +486,7 @@ if dbuser is None: log.info('No db user found for authentication with API key ****%s from %s', api_key[-4:], ip_addr) - authuser = AuthUser.make(dbuser=dbuser, authenticating_api_key=api_key, is_external_auth=True, ip_addr=ip_addr) + authuser = AuthUser.make(dbuser=dbuser, is_external_auth=True, ip_addr=ip_addr) needs_csrf_check = False # API key provides CSRF protection if authuser is None: