Changeset 2712

Timestamp:

Dec 20, 2009, 9:47:01 PM (15 years ago)

Author:

broder

Message:

Revert "Replace weird username logic with the old logic."

This reverts r2519. The "weird username logic" is in fact correctly
implementing the documented CherryPy? authentication API.

File:

• package_branches/invirt-web/cherrypy-rebased/code/view.py (modified) (2 diffs)

package_branches/invirt-web/cherrypy-rebased/code/view.py

@@ -101 +101 @@
 def require_login():
     """If the user isn't logged in, raise 403 with an error."""
-    if not cherrypy.request.login:
+    if cherrypy.request.login is False:
         raise cherrypy.HTTPError(403,
             "You are not authorized to access that resource")
@@ -116 +116 @@
 
 def remote_user_login():
-    """Get the current user based on the SSL or GSSAPI environment variables"""
+    """Get the current user based on the SSL or GSSAPI environment
+variables and store it in the request object's login variable. This
+conforms to the CherryPy API:
+http://www.cherrypy.org/wiki/RequestObject#login
+
+If the user is logged in successfully, cherrypy.request.login is set
+to the username. If the user failed to log in, cherrypy.request.login
+is set to False. If the user did not attempt authentication,
+cherrypy.request.login is set to None."""
     environ = cherrypy.request.wsgi_environ
     user = environ.get('REMOTE_USER')
     if user is None:
-        cherrypy.request.login = None
         return
+    else:
+        cherrypy.request.login = None # clear what cherrypy put there
 
     if environ.get('AUTH_TYPE') == 'Negotiate':
         # Convert the krb5 principal into a krb4 username
         if not user.endswith('@%s' % config.kerberos.realm):
-            cherrypy.request.login = None
+            cherrypy.request.login = False # failed to login
         else:
             cherrypy.request.login = user.split('@')[0].replace('/', '.')