Mercurial > kallithea
changeset 5255:ad70180effaf
BaseController: refactor session cookie authentication
Untangle session cookie authentication. If no session cookie is set,
AuthUser constructor will be called with user_id set to None (the
argument default value), and will never raise a UserCreationError. Thus
that case can safely be moved to the end of _determine_auth_user and
outside the try-except block.
If a session cookie *is* set, but we get a UserCreationError, we fall
through to the "no cookie" case, which is also effectively the same
behavior as before. (Not sure what circumstances, if any, can actually
trigger a UserCreationError here, since the user is already logged in
and - presumably - created, plus the user is identified by the Kallithea
database ID, not user name, which would make it difficult to create a
new user... but judging from the existing code, it's possible.)
author | Søren Løvborg <kwi@kwi.dk> |
---|---|
date | Tue, 14 Jul 2015 13:59:59 +0200 |
parents | d052078e0a16 |
children | c5ff0bfefdf8 |
files | kallithea/lib/base.py |
diffstat | 1 files changed, 12 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 @@ -352,9 +352,9 @@ return AuthUser(api_key=api_key) # Authenticate by session cookie - if True: - cookie_store = CookieStoreWrapper(session_authuser) - user_id = cookie_store.get('user_id') + cookie_store = CookieStoreWrapper(session_authuser) + user_id = cookie_store.get('user_id') + if user_id is not None: try: auth_user = AuthUser(user_id=user_id) except UserCreationError as e: @@ -364,15 +364,17 @@ # exception object. from kallithea.lib import helpers as h h.flash(e, 'error') - auth_user = AuthUser() - - authenticated = cookie_store.get('is_authenticated') + else: + authenticated = cookie_store.get('is_authenticated') - if not auth_user.is_authenticated and auth_user.user_id is not None: - # user is not authenticated and not empty - auth_user.set_authenticated(authenticated) + if not auth_user.is_authenticated and auth_user.user_id is not None: + # user is not authenticated and not empty + auth_user.set_authenticated(authenticated) - return auth_user + return auth_user + + # User is anonymous + return AuthUser() def __call__(self, environ, start_response): """Invoke the Controller"""