Mercurial > kallithea

changeset 5255:ad70180effaf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
BaseController: refactor session cookie authentication Untangle session cookie authentication. If no session cookie is set, AuthUser constructor will be called with user_id set to None (the argument default value), and will never raise a UserCreationError. Thus that case can safely be moved to the end of _determine_auth_user and outside the try-except block. If a session cookie *is* set, but we get a UserCreationError, we fall through to the "no cookie" case, which is also effectively the same behavior as before. (Not sure what circumstances, if any, can actually trigger a UserCreationError here, since the user is already logged in and - presumably - created, plus the user is identified by the Kallithea database ID, not user name, which would make it difficult to create a new user... but judging from the existing code, it's possible.)
author Søren Løvborg <kwi@kwi.dk>
date Tue, 14 Jul 2015 13:59:59 +0200
parents d052078e0a16
children c5ff0bfefdf8
files kallithea/lib/base.py
diffstat 1 files changed, 12 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/base.py	Tue Jul 14 13:59:59 2015 +0200
+++ b/kallithea/lib/base.py	Tue Jul 14 13:59:59 2015 +0200
@@ -352,9 +352,9 @@
             return AuthUser(api_key=api_key)
 
         # Authenticate by session cookie
-        if True:
-            cookie_store = CookieStoreWrapper(session_authuser)
-            user_id = cookie_store.get('user_id')
+        cookie_store = CookieStoreWrapper(session_authuser)
+        user_id = cookie_store.get('user_id')
+        if user_id is not None:
             try:
                 auth_user = AuthUser(user_id=user_id)
             except UserCreationError as e:
@@ -364,15 +364,17 @@
                 # exception object.
                 from kallithea.lib import helpers as h
                 h.flash(e, 'error')
-                auth_user = AuthUser()
-
-            authenticated = cookie_store.get('is_authenticated')
+            else:
+                authenticated = cookie_store.get('is_authenticated')
 
-        if not auth_user.is_authenticated and auth_user.user_id is not None:
-            # user is not authenticated and not empty
-            auth_user.set_authenticated(authenticated)
+                if not auth_user.is_authenticated and auth_user.user_id is not None:
+                    # user is not authenticated and not empty
+                    auth_user.set_authenticated(authenticated)
 
-        return auth_user
+                return auth_user
+
+        # User is anonymous
+        return AuthUser()
 
     def __call__(self, environ, start_response):
         """Invoke the Controller"""