You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2022/02/07 15:56:21 UTC
[allura] 01/02: [#8409] avoid User query when no username in session
This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch db/8409
in repository https://gitbox.apache.org/repos/asf/allura.git
commit c1cd4c5f9de73369f6cda382ed6d6d32b74b3d49
Author: Dave Brondsema <db...@slashdotmedia.com>
AuthorDate: Fri Feb 4 16:19:37 2022 -0500
[#8409] avoid User query when no username in session
---
Allura/allura/lib/plugin.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index c6d7306..20d2ef7 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -113,7 +113,10 @@ class AuthenticationProvider(object):
def authenticate_request(self):
from allura import model as M
username = self.session.get('username') or self.session.get('expired-username')
- user = M.User.query.get(username=username)
+ if username:
+ user = M.User.query.get(username=username) # not .by_username() since that excludes pending/disabled
+ else:
+ user = None
if 'multifactor-username' in self.session and request.path not in self.multifactor_allowed_urls:
# ensure any partially completed multifactor login is not left open, if user goes to any other pages