##// END OF EJS Templates
auth-token: expose fetched token in unified way into request attribute....
marcink -
r4002:5f150e86 default
parent child Browse files
Show More
@@ -459,9 +459,14 b' def get_auth_user(request):'
459 session = request.session
459 session = request.session
460
460
461 ip_addr = get_ip_addr(environ)
461 ip_addr = get_ip_addr(environ)
462
462 # make sure that we update permissions each time we call controller
463 # make sure that we update permissions each time we call controller
463 _auth_token = (request.GET.get('auth_token', '') or
464 _auth_token = (request.GET.get('auth_token', '') or request.GET.get('api_key', ''))
464 request.GET.get('api_key', ''))
465 if not _auth_token:
466 url_auth_token = request.matchdict.get('_auth_token')
467 _auth_token = url_auth_token
468 if _auth_token:
469 log.debug('Using URL extracted auth token `...%s`', _auth_token[-4:])
465
470
466 if _auth_token:
471 if _auth_token:
467 # when using API_KEY we assume user exists, and
472 # when using API_KEY we assume user exists, and
@@ -495,7 +500,7 b' def get_auth_user(request):'
495 # user is not authenticated and not empty
500 # user is not authenticated and not empty
496 auth_user.set_authenticated(authenticated)
501 auth_user.set_authenticated(authenticated)
497
502
498 return auth_user
503 return auth_user, _auth_token
499
504
500
505
501 def h_filter(s):
506 def h_filter(s):
@@ -95,8 +95,9 b' def add_request_user_context(event):'
95 # skip api calls
95 # skip api calls
96 return
96 return
97
97
98 auth_user = get_auth_user(request)
98 auth_user, auth_token = get_auth_user(request)
99 request.user = auth_user
99 request.user = auth_user
100 request.user_auth_token = auth_token
100 request.environ['rc_auth_user'] = auth_user
101 request.environ['rc_auth_user'] = auth_user
101 request.environ['rc_auth_user_id'] = auth_user.user_id
102 request.environ['rc_auth_user_id'] = auth_user.user_id
102 request.environ['rc_req_id'] = req_id
103 request.environ['rc_req_id'] = req_id
General Comments 0
You need to be logged in to leave comments. Login now