You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by br...@apache.org on 2022/02/07 15:56:21 UTC

[allura] 01/02: [#8409] avoid User query when no username in session

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/8409
in repository https://gitbox.apache.org/repos/asf/allura.git

commit c1cd4c5f9de73369f6cda382ed6d6d32b74b3d49
Author: Dave Brondsema <db...@slashdotmedia.com>
AuthorDate: Fri Feb 4 16:19:37 2022 -0500

    [#8409] avoid User query when no username in session
---
 Allura/allura/lib/plugin.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index c6d7306..20d2ef7 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -113,7 +113,10 @@ class AuthenticationProvider(object):
     def authenticate_request(self):
         from allura import model as M
         username = self.session.get('username') or self.session.get('expired-username')
-        user = M.User.query.get(username=username)
+        if username:
+            user = M.User.query.get(username=username)  # not .by_username() since that excludes pending/disabled
+        else:
+            user = None
 
         if 'multifactor-username' in self.session and request.path not in self.multifactor_allowed_urls:
             # ensure any partially completed multifactor login is not left open, if user goes to any other pages