Mercurial > kallithea
changeset 5547:c64c076b96c3
auth: avoid setting AuthUser.is_authenticated for unauthenticated users
AuthUser.is_authenticated could be True for three reasons: because the
user "was" the default user, because the user was authenticated by session
cookie, or because the user was just authenticated by an auth module
(including the internal auth module). In the last case, a session
cookie is emitted (even when using container auth), so the last two
cases are closely related.
This commit do that unauthenticated users (the first case) only get the
is_default_user attribute set, and that the is_authenticated attribute only is
set for authenticated users (for the second and third case).
This complicates some expressions, but allows others to be simplified.
More importantly, it makes the code more explicit, and makes the
"is_authenticated" name mean what it says.
(This will temporarily make the is_authenticated session value look even more
weird than before.)
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 08 Sep 2015 11:09:00 +0200 |
parents | 95bc1801d480 |
children | 23a86f1c33a1 |
files | kallithea/lib/auth.py |
diffstat | 1 files changed, 6 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Wed Sep 09 12:21:25 2015 +0200 +++ b/kallithea/lib/auth.py Tue Sep 08 11:09:00 2015 +0200 @@ -465,8 +465,7 @@ access to Kallithea is enabled, the default user is loaded instead. `AuthUser` does not by itself authenticate users and the constructor - sets the `is_authenticated` field to False, except when falling back - to the default anonymous user (if enabled). It's up to other parts + sets the `is_authenticated` field to False. It's up to other parts of the code to check e.g. if a supplied password is correct, and if so, set `is_authenticated` to True. @@ -508,10 +507,7 @@ if not is_user_loaded: is_user_loaded = self._fill_data(self.anonymous_user) - # The anonymous user is always "logged in". self.is_default_user = (self.user_id == self.anonymous_user.user_id) - if self.is_default_user: - self.is_authenticated = True if not self.username: self.username = 'None' @@ -624,13 +620,13 @@ def __repr__(self): return "<AuthUser('id:%s[%s] auth:%s')>"\ - % (self.user_id, self.username, self.is_authenticated) + % (self.user_id, self.username, (self.is_authenticated or self.is_default_user)) def to_cookie(self): """ Serializes this login session to a cookie `dict`. """ return { 'user_id': self.user_id, - 'is_authenticated': self.is_authenticated, + 'is_authenticated': self.is_authenticated or self.is_default_user, 'is_external_auth': self.is_external_auth, } @@ -644,10 +640,9 @@ user_id=cookie.get('user_id'), is_external_auth=cookie.get('is_external_auth', False), ) - if not au.is_authenticated and au.user_id is not None: + if not au.is_default_user and au.user_id is not None: # user is not authenticated and not empty - if not au.is_default_user: - au.is_authenticated = cookie.get('is_authenticated') + au.is_authenticated = cookie.get('is_authenticated') return au @classmethod @@ -793,7 +788,7 @@ raise HTTPBadRequest() # regular user authentication - if user.is_authenticated: + if user.is_authenticated or user.is_default_user: log.info('user %s authenticated with regular auth @ %s', user, loc) return func(*fargs, **fkwargs) else: