Files
@ 245b4e3abf39
Branch filter:
Location: kallithea/setup.cfg - annotation
245b4e3abf39
726 B
text/x-ini
auth: add AuthUser.is_anonymous, along with some exposition
This reveals the name of the NotAnonymous decorator to be misleading,
an unfortunate detail only documented here, but which must be properly
resolved in a later changeset.
Note that NotAnonymous behaves as advertised as long as it is used
together with LoginRequired, which is always the case in the current
code, so there's no actual security issue here, the code is just weird,
hard to read and fragile.
---
Some thoughts on cleaning this up in a future changeset: As it turns
out, every controller (except the login page!) should be LoginRequired
decorated (since it doesn't actually block anonymous users, as long as
anonymous access is enabled in the Kallithea config). Thus the most
obvious solution would be to move the LoginRequired functionality into
BaseController (with an override for LoginController), and delete the
decorator entirely. However, LoginRequired does one other thing: it
carries information about whether API access is enabled for individual
controller methods ("@LoginRequired(api_key=True)"), and also performs
the check for this, something which is not easily moved into the base
controller class, since the base controller doesn't know which method is
about to be called. Possibly that can be determined by poking Pylons,
but such code is likely to break with the upcoming TurboGears 2 move.
Thus such cleanup is probably better revisited after the switch to TG2.
This reveals the name of the NotAnonymous decorator to be misleading,
an unfortunate detail only documented here, but which must be properly
resolved in a later changeset.
Note that NotAnonymous behaves as advertised as long as it is used
together with LoginRequired, which is always the case in the current
code, so there's no actual security issue here, the code is just weird,
hard to read and fragile.
---
Some thoughts on cleaning this up in a future changeset: As it turns
out, every controller (except the login page!) should be LoginRequired
decorated (since it doesn't actually block anonymous users, as long as
anonymous access is enabled in the Kallithea config). Thus the most
obvious solution would be to move the LoginRequired functionality into
BaseController (with an override for LoginController), and delete the
decorator entirely. However, LoginRequired does one other thing: it
carries information about whether API access is enabled for individual
controller methods ("@LoginRequired(api_key=True)"), and also performs
the check for this, something which is not easily moved into the base
controller class, since the base controller doesn't know which method is
about to be called. Possibly that can be determined by poking Pylons,
but such code is likely to break with the upcoming TurboGears 2 move.
Thus such cleanup is probably better revisited after the switch to TG2.
564e40829f80 1949ece749ce acaa02179aeb acaa02179aeb 564e40829f80 d88077fae3d6 d88077fae3d6 8c1258f69892 564e40829f80 7e5f8c12a3fc 7e5f8c12a3fc 564e40829f80 564e40829f80 564e40829f80 564e40829f80 7e5f8c12a3fc 10df28cbcce7 ad38f9f93b3b 3483de9d11e5 564e40829f80 564e40829f80 7e5f8c12a3fc 7e5f8c12a3fc 7e5f8c12a3fc 564e40829f80 564e40829f80 7e5f8c12a3fc 7e5f8c12a3fc 7e5f8c12a3fc 564e40829f80 0a48c1ec04fc 0a48c1ec04fc 0a48c1ec04fc acaa02179aeb acaa02179aeb 0a48c1ec04fc 0a48c1ec04fc 3483de9d11e5 | [egg_info]
tag_build =
tag_svn_revision = 0
tag_date = 0
[aliases]
test = pytest
[compile_catalog]
domain = kallithea
directory = kallithea/i18n
statistics = true
[extract_messages]
add_comments = TRANSLATORS:
output_file = kallithea/i18n/kallithea.pot
msgid-bugs-address = translations@kallithea-scm.org
copyright-holder = Various authors, licensing as GPLv3
no-wrap = true
[init_catalog]
domain = kallithea
input_file = kallithea/i18n/kallithea.pot
output_dir = kallithea/i18n
[update_catalog]
domain = kallithea
input_file = kallithea/i18n/kallithea.pot
output_dir = kallithea/i18n
previous = true
[build_sphinx]
source-dir = docs/
build-dir = docs/_build
all_files = 1
[upload_sphinx]
upload-dir = docs/_build/html
|