1. Andrew Kesterson
  2. RhodeCode

Commits

liads  committed 9353189

Added automatic logout of deactivated/deleted users

  • Participants
  • Parent commits cf128ce
  • Branches beta

Comments (0)

Files changed (3)

File rhodecode/lib/auth.py

View file
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             #try go get user by api key
             log.debug('Auth User lookup by API KEY %s', self._api_key)
-            user_model.fill_data(self, api_key=self._api_key)
-            is_user_loaded = True
+            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
         elif self.user_id is not None \
             and self.user_id != self.anonymous_user.user_id:
             log.debug('Auth User lookup by USER ID %s', self.user_id)
-            user_model.fill_data(self, user_id=self.user_id)
-            is_user_loaded = True
+            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         elif self.username:
             log.debug('Auth User lookup by USER NAME %s', self.username)
             dbuser = User.get_by_username(self.username)
                 #then we set this user is logged in
                 self.is_authenticated = True
             else:
+                self.user_id = None
+                self.username = None
                 self.is_authenticated = False
 
         if not self.username:

File rhodecode/lib/base.py

View file
                 username = None
 
             self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
-            if not self.rhodecode_user.is_authenticated:
+            if not self.rhodecode_user.is_authenticated and \
+                       self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),
                                        'is_authenticated', False))

File rhodecode/model/user.py

View file
             else:
                 dbuser = self.get(user_id)
 
-            if dbuser is not None:
+            if dbuser is not None and dbuser.active:
                 log.debug('filling %s data', dbuser)
                 for k, v in dbuser.get_dict().items():
                     setattr(auth_user, k, v)
+            else:
+                return False
 
         except:
             log.error(traceback.format_exc())
             auth_user.is_authenticated = False
+            return False
 
-        return auth_user
+        return True
 
     def fill_perms(self, user):
         """