kallithea Changeset - fffb4e73700e

Changeset - fffb4e73700e

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Søren Løvborg - 9 years ago 2017-02-14 20:27:45
sorenl@unity3d.com

vcs: restructure authorization check

This is a pure refactoring, except for some changed debug log messages.

With this change, we simply return early if anonymous (= default user)
access is enabled, which should help overall readability.

(Diff becomes clearer if whitespace changes are ignored.)

1 file changed with 11 insertions and 17 deletions:

kallithea/lib/base.py

0 comments (0 inline, 0 general)

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -200,28 +200,23 @@ class BaseVCSController(object): @@
         inspection, or by using container authentication to delegate the
         authentication to the web server.
         Returns (user, None) on successful authentication and authorization.
         Returns (None, wsgi_app) to send the wsgi_app response to the client.
         """
         anonymous_user = User.get_default_user(cache=True)
         user = anonymous_user
         if anonymous_user.active:
             # ONLY check permissions if the user is activated
             anonymous_perm = self._check_permission(action, anonymous_user,
                                                     repo_name, ip_addr)
         # Check if anonymous access is allowed.
         default_user = User.get_default_user(cache=True)
         is_default_user_allowed = (default_user.active and
             self._check_permission(action, default_user, repo_name, ip_addr))
         if is_default_user_allowed:
             return default_user, None
         if not default_user.active:
             log.debug('Anonymous access is disabled')
         else:
             anonymous_perm = False
         if not anonymous_user.active or not anonymous_perm:
             if not anonymous_user.active:
                 log.debug('Anonymous access is disabled, running '
                           'authentication')
             if not anonymous_perm:
                 log.debug('Not enough credentials to access this '
             log.debug('Not authorized to access this '
                           'repository as anonymous user')
             username = None
             #==============================================================
             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
@@ @@ -233,14 +228,13 @@ class BaseVCSController(object): @@
             if pre_auth is not None and pre_auth.get('username'):
                 username = pre_auth['username']
             log.debug('PRE-AUTH got %s as username', username)
             # If not authenticated by the container, running basic auth
             if not username:
                 self.authenticate.realm = \
                     safe_str(self.config['realm'])
             self.authenticate.realm = safe_str(self.config['realm'])
                 result = self.authenticate(environ)
                 if isinstance(result, str):
                     paste.httpheaders.AUTH_TYPE.update(environ, 'basic')
                     paste.httpheaders.REMOTE_USER.update(environ, result)
                     username = result
                 else:

0 comments (0 inline, 0 general)