You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by jo...@apache.org on 2014/03/19 21:20:53 UTC

git commit: [#6701] Must call get_basic_auth_pw before req.user

Repository: incubator-allura
Updated Branches:
  refs/heads/cj/6701 d0364df61 -> a3dc656d6


[#6701] Must call get_basic_auth_pw before req.user

Signed-off-by: Cory Johns <cj...@slashdotmedia.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/a3dc656d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/a3dc656d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/a3dc656d

Branch: refs/heads/cj/6701
Commit: a3dc656d6384ab1083f9a9f1691431b01ad9d714
Parents: d0364df
Author: Cory Johns <cj...@slashdotmedia.com>
Authored: Wed Mar 19 20:20:42 2014 +0000
Committer: Cory Johns <cj...@slashdotmedia.com>
Committed: Wed Mar 19 20:20:42 2014 +0000

----------------------------------------------------------------------
 scripts/ApacheAccessHandler.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/a3dc656d/scripts/ApacheAccessHandler.py
----------------------------------------------------------------------
diff --git a/scripts/ApacheAccessHandler.py b/scripts/ApacheAccessHandler.py
index bbd0929..69e1d62 100644
--- a/scripts/ApacheAccessHandler.py
+++ b/scripts/ApacheAccessHandler.py
@@ -91,11 +91,13 @@ def check_repo_path(req):
 
 
 def check_authentication(req):
-    log(req, "checking auth for: %s" % req.user)
+    password = req.get_basic_auth_pw()  # MUST be called before req.user
+    username = req.user
+    log(req, "checking auth for: %s" % username)
     auth_url = req.get_options().get('ALLURA_AUTH_URL', 'https://127.0.0.1/auth/do_login')
     r = requests.post(auth_url, allow_redirects=False, data={
-        'username': req.user,
-        'password': req.get_basic_auth_pw(),
+        'username': username,
+        'password': password,
         'return_to': '/login_successful'})
     return r.status_code == 302 and r.headers['location'].endswith('/login_successful')