Files @ afe30226491e
Branch filter:

Location: kallithea/MIT-Permissive-License.txt

afe30226491e 1023 B text/plain Show Annotation Show as Raw Download as Raw
Thomas De Schampheleire
login: assert that the validated user actually is found

Due to another bug, it was possible that authentication succeeded but the user
object couldn't be obtained. This was for example noticed when the LDAP auth
module did not correctly parse the email attribute, and a login via email
was attempted. In this case, the user was retrieved from email address and LDAP
found the user, but the email attribute in the Kallithea database was then
changed incorrectly and a subsequent retrieval based on the same original email
address would not find the user.

Such problem would lead to an assert in Kallithea:

File ".../kallithea/controllers/login.py", line 104, in index
auth_user = log_in_user(user, c.form_result['remember'], is_external_auth=False, ip_addr=request.ip_addr)
File ".../kallithea/lib/base.py", line 122, in log_in_user
assert not user.is_default_user, user
AttributeError: 'NoneType' object has no attribute 'is_default_user'

This assert cought the problem but is not a spot-on indicator of the real
problem. Instead, we can catch this problem sooner by adding an assert already
in the login controller.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.