# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 2019-01-04 03:51:45
# Node ID 6104f9106a5ab96d33b1db62637ab26ec0f20e1b
# Parent  5c5f0eb456816c8246d158be334eabaee806ddf5

auth: drop authenticating_api_key from AuthUser

It doesn't belong as a user property - it is more of a session property ...
which is what we already use instead.

diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -399,7 +399,7 @@ class AuthUser(object):
     """
 
     @classmethod
-    def make(cls, dbuser=None, authenticating_api_key=None, is_external_auth=False, ip_addr=None):
+    def make(cls, dbuser=None, is_external_auth=False, ip_addr=None):
         """Create an AuthUser to be authenticated ... or return None if user for some reason can't be authenticated.
         Checks that a non-None dbuser is provided, is active, and that the IP address is ok.
         """
@@ -414,13 +414,10 @@ class AuthUser(object):
         if not check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
             log.info('Access for %s from %s forbidden - not in %s', dbuser.username, ip_addr, allowed_ips)
             return None
-        return cls(dbuser=dbuser, authenticating_api_key=authenticating_api_key,
-            is_external_auth=is_external_auth)
+        return cls(dbuser=dbuser, is_external_auth=is_external_auth)
 
-    def __init__(self, user_id=None, dbuser=None, authenticating_api_key=None,
-            is_external_auth=False):
+    def __init__(self, user_id=None, dbuser=None, is_external_auth=False):
         self.is_external_auth = is_external_auth # container auth - don't show logout option
-        self.authenticating_api_key = authenticating_api_key
 
         # These attributes will be overridden by fill_data, below, unless the
         # requested user cannot be found and the default anonymous user is
diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py
--- a/kallithea/lib/base.py
+++ b/kallithea/lib/base.py
@@ -486,7 +486,7 @@ class BaseController(TGController):
                 if dbuser is None:
                     log.info('No db user found for authentication with API key ****%s from %s',
                              api_key[-4:], ip_addr)
-                authuser = AuthUser.make(dbuser=dbuser, authenticating_api_key=api_key, is_external_auth=True, ip_addr=ip_addr)
+                authuser = AuthUser.make(dbuser=dbuser, is_external_auth=True, ip_addr=ip_addr)
                 needs_csrf_check = False # API key provides CSRF protection
 
             if authuser is None: