kallithea Changeset - 5a148717d392

Changeset - 5a148717d392

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich - 10 years ago 2015-11-27 01:47:06
madski@unity3d.com

auth: let login helper function return exception to raise instead of raising it self

Make the execution flow more obvious by raising the exception where it matters.

Avoid redundant and potentially misleading return statement that tried to make
it clear that execution wouldn't continue after the function call.

1 file changed with 12 insertions and 9 deletions:

kallithea/lib/auth.py

0 comments (0 inline, 0 general)

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -697,19 +697,22 @@ def set_available_permissions(config): @@
 #==============================================================================
 # CHECK DECORATORS
 #==============================================================================
 def redirect_to_login(message=None):
 def _redirect_to_login(message=None):
     """Return an exception that must be raised. It will redirect to the login
     page which will redirect back to the current URL after authentication.
     The optional message will be shown in a flash message."""
     from kallithea.lib import helpers as h
     p = request.path_qs
     if message:
         h.flash(h.literal(message), category='warning')
     p = request.path_qs
     log.debug('Redirecting to login page, origin: %s', p)
-    raise HTTPFound(location=url('login_home', came_from=p))
+    return HTTPFound(location=url('login_home', came_from=p))
 class LoginRequired(object):
     """
     Must be logged in to execute this function else
     redirect to login page
@@ @@ -728,26 +731,26 @@ class LoginRequired(object): @@
         controller = fargs[0]
         user = controller.authuser
         loc = "%s:%s" % (controller.__class__.__name__, func.__name__)
         log.debug('Checking access for user %s @ %s', user, loc)
         if not AuthUser.check_ip_allowed(user, controller.ip_addr):
-            return redirect_to_login(_('IP %s not allowed') % controller.ip_addr)
+            raise _redirect_to_login(_('IP %s not allowed') % controller.ip_addr)
         # check if we used an API key and it's a valid one
         api_key = request.GET.get('api_key')
         if api_key is not None:
             # explicit controller is enabled or API is in our whitelist
             if self.api_access or allowed_api_access(loc, api_key=api_key):
                 if api_key in user.api_keys:
                     log.info('user %s authenticated with API key ****%s @ %s',
                              user, api_key[-4:], loc)
                     return func(*fargs, **fkwargs)
                 else:
                     log.warning('API key ****%s is NOT valid', api_key[-4:])
-                    return redirect_to_login(_('Invalid API key'))
+                    raise _redirect_to_login(_('Invalid API key'))
             else:
                 # controller does not allow API access
                 log.warning('API access to %s is not allowed', loc)
                 raise HTTPForbidden()
         # Only allow the following HTTP request methods. (We sometimes use POST
@@ @@ -787,13 +790,13 @@ class LoginRequired(object): @@
         # regular user authentication
         if user.is_authenticated or user.is_default_user:
             log.info('user %s authenticated with regular auth @ %s', user, loc)
             return func(*fargs, **fkwargs)
         else:
             log.warning('user %s NOT authenticated with regular auth @ %s', user, loc)
-            return redirect_to_login()
+            raise _redirect_to_login()
 class NotAnonymous(object):
     """
     Must be logged in to execute this function else
     redirect to login page"""
@@ @@ -804,14 +807,14 @@ class NotAnonymous(object): @@
         cls = fargs[0]
         self.user = cls.authuser
         log.debug('Checking if user is not anonymous @%s', cls)
         if self.user.is_default_user:
             return redirect_to_login(_('You need to be a registered user to '
                     'perform this action'))
             raise _redirect_to_login(_('You need to be a registered user to '
                                        'perform this action'))
         else:
             return func(*fargs, **fkwargs)
 class PermsDecorator(object):
     """Base class for controller decorators"""
@@ @@ -834,13 +837,13 @@ class PermsDecorator(object): @@
             log.debug('Permission granted for %s %s', cls, self.user)
             return func(*fargs, **fkwargs)
         else:
             log.debug('Permission denied for %s %s', cls, self.user)
             if self.user.is_default_user:
-                return redirect_to_login(_('You need to be signed in to view this page'))
+                raise _redirect_to_login(_('You need to be signed in to view this page'))
             else:
                 raise HTTPForbidden()
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')

0 comments (0 inline, 0 general)