# HG changeset patch
# User Søren Løvborg <kwi@kwi.dk>
# Date 2015-07-14 13:59:59
# Node ID d052078e0a16b7c9b3f4ebb075c738f763168f65
# Parent  ad89cd5a6e1ae76b893e3b1559f6664a1736bba4

BaseController: refactor API key authentication

Untangle API key authentication. Creating an AuthUser from an API key
can leave the AuthUser authenticated or not, depending on key validity
and Kallithea configuration; but either way, _determine_auth_user will
not change this fact, and we can return early.

diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py
--- a/kallithea/lib/base.py
+++ b/kallithea/lib/base.py
@@ -346,11 +346,13 @@ class BaseController(WSGIController):
         API key (if any), and the authuser from the session.
         """
 
+        # Authenticate by API key
         if api_key:
             # when using API_KEY we are sure user exists.
-            auth_user = AuthUser(api_key=api_key)
-            authenticated = False
-        else:
+            return AuthUser(api_key=api_key)
+
+        # Authenticate by session cookie
+        if True:
             cookie_store = CookieStoreWrapper(session_authuser)
             user_id = cookie_store.get('user_id')
             try: