kallithea Changeset - 5b12cbae0b50

Changeset - 5b12cbae0b50

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 14 years ago 2012-02-27 03:28:40
marcin@python-works.com

fixed issue with sessions that lead to redirection loops

3 files changed with 6 insertions and 4 deletions:

rhodecode/controllers/login.py

rhodecode/lib/auth.py

rhodecode/lib/base.py

0 comments (0 inline, 0 general)

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -64,25 +64,25 @@ class LoginController(BaseController): @@
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
                 username = c.form_result['username']
                 user = User.get_by_username(username, case_insensitive=True)
                 auth_user = AuthUser(user.user_id)
                 auth_user.set_authenticated()
                 cs = auth_user.get_cookie_store()
                 session['rhodecode_user'] = cs
                 # If they want to be remembered, update the cookie
                 if c.form_result['remember'] is not False:
                     session.cookie_expires = False
-                    session._set_cookie_values()
                 session._set_cookie_values()
                 session._update_cookie_out()
                 session.save()
                 log.info('user %s is now authenticated and stored in '
                          'session, session attrs %s' % (username, cs))
                 user.update_lastlogin()
                 Session.commit()
                 if c.came_from:
                     return redirect(c.came_from)
                 else:
                     return redirect(url('home'))

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -346,24 +346,26 @@ class AuthUser(object): @@
             is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         # lookup by username
         elif self.username and \
             str2bool(config.get('container_auth_enabled', False)):
             log.debug('Auth User lookup by USER NAME %s' % self.username)
             dbuser = login_container_auth(self.username)
             if dbuser is not None:
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         else:
             log.debug('No data in %s that could been used to log in' % self)
         if not is_user_loaded:
             # if we cannot authenticate user try anonymous
             if self.anonymous_user.active is True:
                 user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                 # then we set this user is logged in
                 self.is_authenticated = True
             else:
                 self.user_id = None
                 self.username = None
                 self.is_authenticated = False
@@ @@ -652,30 +654,31 @@ class PermsFunction(object): @@
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission in not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.granted_for = ''
         self.repo_name = None
     def __call__(self, check_Location=''):
         user = request.user
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
         self.granted_for = user
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if self.check_permissions():
             log.debug('Permission granted %s @ %s', self.granted_for,
                       check_Location or 'unspecified location')
             return True
         else:
             log.debug('Permission denied for %s @ %s', self.granted_for,
                         check_Location or 'unspecified location')
             return False
     def check_permissions(self):

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -127,25 +127,24 @@ class BaseController(WSGIController): @@
     def __call__(self, environ, start_response):
         """Invoke the Controller"""
         # WSGIController.__call__ dispatches to the Controller method
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         start = time.time()
         try:
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
             user_id = cookie_store.get('user_id', None)
             username = get_container_username(environ, config)
             auth_user = AuthUser(user_id, api_key, username)
             request.user = auth_user
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                     cookie_store.get('is_authenticated')
+                )
             log.info('User: %s accessed %s' % (
                 auth_user, safe_unicode(environ.get('PATH_INFO')))
+            )
             return WSGIController.__call__(self, environ, start_response)

0 comments (0 inline, 0 general)