# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 2015-12-25 12:32:25
# Node ID 74e669d8a479c32188208fee41329bf8e3a29eab
# Parent  720339c9f81cbdde035f476545f1657c2b9f0b28

auth: fail pam and internal authentication attempts if no username is provided (Issue #180)

When the Mercurial client communicates with a server over HTTP, it will always
first try to perform operations unauthenticated before providing credentials.
Authentication attempts without credentials is usually pointless and will just
slow operations down.

Some authentication plugins (such as LDAP) already skipped these
unauthenticated requests. Now, do the same for other authentication plugions.

Other authentication plugins also skip if no password is provided ... but that
doesn't seem necessary.

diff --git a/kallithea/lib/auth_modules/auth_internal.py b/kallithea/lib/auth_modules/auth_internal.py
--- a/kallithea/lib/auth_modules/auth_internal.py
+++ b/kallithea/lib/auth_modules/auth_internal.py
@@ -67,6 +67,9 @@ class KallitheaAuthPlugin(auth_modules.K
             log.warning("userobj:%s extern_type mismatch got:`%s` expected:`%s`",
                      userobj, userobj.extern_type, self.name)
             return None
+        if not username:
+            log.debug('Empty username - skipping...')
+            return None
 
         user_data = {
             "username": userobj.username,
diff --git a/kallithea/lib/auth_modules/auth_pam.py b/kallithea/lib/auth_modules/auth_pam.py
--- a/kallithea/lib/auth_modules/auth_pam.py
+++ b/kallithea/lib/auth_modules/auth_pam.py
@@ -85,6 +85,9 @@ class KallitheaAuthPlugin(auth_modules.K
         return True
 
     def auth(self, userobj, username, password, settings, **kwargs):
+        if not username:
+            log.debug('Empty username - skipping...')
+            return None
         if username not in _auth_cache:
             # Need lock here, as PAM authentication is not thread safe
             _pam_lock.acquire()