kallithea Changeset - 5b12cbae0b50

Changeset - 5b12cbae0b50

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 14 years ago 2012-02-27 03:28:40
marcin@python-works.com

fixed issue with sessions that lead to redirection loops

3 files changed with 6 insertions and 4 deletions:

rhodecode/controllers/login.py

rhodecode/lib/auth.py

rhodecode/lib/base.py

0 comments (0 inline, 0 general)

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -70,13 +70,13 @@ class LoginController(BaseController): @@
                 auth_user.set_authenticated()
                 cs = auth_user.get_cookie_store()
                 session['rhodecode_user'] = cs
                 # If they want to be remembered, update the cookie
                 if c.form_result['remember'] is not False:
                     session.cookie_expires = False
-                    session._set_cookie_values()
                 session._set_cookie_values()
                 session._update_cookie_out()
                 session.save()
                 log.info('user %s is now authenticated and stored in '
                          'session, session attrs %s' % (username, cs))
                 user.update_lastlogin()

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -352,12 +352,14 @@ class AuthUser(object): @@
             dbuser = login_container_auth(self.username)
             if dbuser is not None:
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         else:
             log.debug('No data in %s that could been used to log in' % self)
         if not is_user_loaded:
             # if we cannot authenticate user try anonymous
             if self.anonymous_user.active is True:
                 user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                 # then we set this user is logged in
@@ @@ -658,18 +660,19 @@ class PermsFunction(object): @@
         self.user_perms = None
         self.granted_for = ''
         self.repo_name = None
     def __call__(self, check_Location=''):
         user = request.user
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
         self.granted_for = user
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if self.check_permissions():
             log.debug('Permission granted %s @ %s', self.granted_for,
                       check_Location or 'unspecified location')
             return True

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -133,13 +133,12 @@ class BaseController(WSGIController): @@
         try:
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
             user_id = cookie_store.get('user_id', None)
             username = get_container_username(environ, config)
             auth_user = AuthUser(user_id, api_key, username)
             request.user = auth_user
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(

0 comments (0 inline, 0 general)