Mercurial > kallithea

changeset 5547:c64c076b96c3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: avoid setting AuthUser.is_authenticated for unauthenticated users AuthUser.is_authenticated could be True for three reasons: because the user "was" the default user, because the user was authenticated by session cookie, or because the user was just authenticated by an auth module (including the internal auth module). In the last case, a session cookie is emitted (even when using container auth), so the last two cases are closely related. This commit do that unauthenticated users (the first case) only get the is_default_user attribute set, and that the is_authenticated attribute only is set for authenticated users (for the second and third case). This complicates some expressions, but allows others to be simplified. More importantly, it makes the code more explicit, and makes the "is_authenticated" name mean what it says. (This will temporarily make the is_authenticated session value look even more weird than before.)
author Søren Løvborg <sorenl@unity3d.com>
date Tue, 08 Sep 2015 11:09:00 +0200
parents 95bc1801d480
children 23a86f1c33a1
files kallithea/lib/auth.py
diffstat 1 files changed, 6 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Wed Sep 09 12:21:25 2015 +0200
+++ b/kallithea/lib/auth.py	Tue Sep 08 11:09:00 2015 +0200
@@ -465,8 +465,7 @@
     access to Kallithea is enabled, the default user is loaded instead.
 
     `AuthUser` does not by itself authenticate users and the constructor
-    sets the `is_authenticated` field to False, except when falling back
-    to the default anonymous user (if enabled). It's up to other parts
+    sets the `is_authenticated` field to False. It's up to other parts
     of the code to check e.g. if a supplied password is correct, and if
     so, set `is_authenticated` to True.
 
@@ -508,10 +507,7 @@
         if not is_user_loaded:
             is_user_loaded =  self._fill_data(self.anonymous_user)
 
-        # The anonymous user is always "logged in".
         self.is_default_user = (self.user_id == self.anonymous_user.user_id)
-        if self.is_default_user:
-            self.is_authenticated = True
 
         if not self.username:
             self.username = 'None'
@@ -624,13 +620,13 @@
 
     def __repr__(self):
         return "<AuthUser('id:%s[%s] auth:%s')>"\
-            % (self.user_id, self.username, self.is_authenticated)
+            % (self.user_id, self.username, (self.is_authenticated or self.is_default_user))
 
     def to_cookie(self):
         """ Serializes this login session to a cookie `dict`. """
         return {
             'user_id': self.user_id,
-            'is_authenticated': self.is_authenticated,
+            'is_authenticated': self.is_authenticated or self.is_default_user,
             'is_external_auth': self.is_external_auth,
         }
 
@@ -644,10 +640,9 @@
             user_id=cookie.get('user_id'),
             is_external_auth=cookie.get('is_external_auth', False),
         )
-        if not au.is_authenticated and au.user_id is not None:
+        if not au.is_default_user and au.user_id is not None:
             # user is not authenticated and not empty
-            if not au.is_default_user:
-                au.is_authenticated = cookie.get('is_authenticated')
+            au.is_authenticated = cookie.get('is_authenticated')
         return au
 
     @classmethod
@@ -793,7 +788,7 @@
             raise HTTPBadRequest()
 
         # regular user authentication
-        if user.is_authenticated:
+        if user.is_authenticated or user.is_default_user:
             log.info('user %s authenticated with regular auth @ %s', user, loc)
             return func(*fargs, **fkwargs)
         else: