Mercurial > kallithea
changeset 5254:d052078e0a16
BaseController: refactor API key authentication
Untangle API key authentication. Creating an AuthUser from an API key
can leave the AuthUser authenticated or not, depending on key validity
and Kallithea configuration; but either way, _determine_auth_user will
not change this fact, and we can return early.
author | Søren Løvborg <kwi@kwi.dk> |
---|---|
date | Tue, 14 Jul 2015 13:59:59 +0200 |
parents | ad89cd5a6e1a |
children | ad70180effaf |
files | kallithea/lib/base.py |
diffstat | 1 files changed, 5 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 @@ -346,11 +346,13 @@ API key (if any), and the authuser from the session. """ + # Authenticate by API key if api_key: # when using API_KEY we are sure user exists. - auth_user = AuthUser(api_key=api_key) - authenticated = False - else: + return AuthUser(api_key=api_key) + + # Authenticate by session cookie + if True: cookie_store = CookieStoreWrapper(session_authuser) user_id = cookie_store.get('user_id') try: