Files
@ ad70180effaf
Branch filter:
Location: kallithea/docs/changelog.rst - annotation
ad70180effaf
200 B
text/prs.fallenstein.rst
BaseController: refactor session cookie authentication
Untangle session cookie authentication. If no session cookie is set,
AuthUser constructor will be called with user_id set to None (the
argument default value), and will never raise a UserCreationError. Thus
that case can safely be moved to the end of _determine_auth_user and
outside the try-except block.
If a session cookie *is* set, but we get a UserCreationError, we fall
through to the "no cookie" case, which is also effectively the same
behavior as before. (Not sure what circumstances, if any, can actually
trigger a UserCreationError here, since the user is already logged in
and - presumably - created, plus the user is identified by the Kallithea
database ID, not user name, which would make it difficult to create a
new user... but judging from the existing code, it's possible.)
Untangle session cookie authentication. If no session cookie is set,
AuthUser constructor will be called with user_id set to None (the
argument default value), and will never raise a UserCreationError. Thus
that case can safely be moved to the end of _determine_auth_user and
outside the try-except block.
If a session cookie *is* set, but we get a UserCreationError, we fall
through to the "no cookie" case, which is also effectively the same
behavior as before. (Not sure what circumstances, if any, can actually
trigger a UserCreationError here, since the user is already logged in
and - presumably - created, plus the user is identified by the Kallithea
database ID, not user name, which would make it difficult to create a
new user... but judging from the existing code, it's possible.)