Ignore:
Timestamp:
Oct 29, 2009, 2:12:01 AM (15 years ago)
Author:
quentin
Message:

Revert "Replace weird username logic with the old logic."

This reverts r2519. The "weird username logic" is in fact correctly
implementing the documented CherryPy? authentication API.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • package_branches/invirt-web/cherrypy/code/view.py

    r2522 r2531  
    101101def require_login():
    102102    """If the user isn't logged in, raise 403 with an error."""
    103     if not cherrypy.request.login:
     103    if cherrypy.request.login is False:
    104104        raise cherrypy.HTTPError(403,
    105105            "You are not authorized to access that resource")
     
    116116
    117117def remote_user_login():
    118     """Get the current user based on the SSL or GSSAPI environment variables"""
     118    """Get the current user based on the SSL or GSSAPI environment
     119variables and store it in the request object's login variable. This
     120conforms to the CherryPy API:
     121http://www.cherrypy.org/wiki/RequestObject#login
     122
     123If the user is logged in successfully, cherrypy.request.login is set
     124to the username. If the user failed to log in, cherrypy.request.login
     125is set to False. If the user did not attempt authentication,
     126cherrypy.request.login is set to None."""
    119127    environ = cherrypy.request.wsgi_environ
    120128    user = environ.get('REMOTE_USER')
    121129    if user is None:
    122         cherrypy.request.login = None
    123130        return
     131    else:
     132        cherrypy.request.login = None # clear what cherrypy put there
    124133
    125134    if environ.get('AUTH_TYPE') == 'Negotiate':
    126135        # Convert the krb5 principal into a krb4 username
    127136        if not user.endswith('@%s' % config.kerberos.realm):
    128             cherrypy.request.login = None
     137            cherrypy.request.login = False # failed to login
    129138        else:
    130139            cherrypy.request.login = user.split('@')[0].replace('/', '.')
Note: See TracChangeset for help on using the changeset viewer.