1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/6f92d5b8bd12/ Changeset: 6f92d5b8bd12 User: dannon Date: 2014-08-19 15:47:35 Summary: Merged in jjohnson/galaxy-central-5/jjohnson/for-_ensure_valid_session-with-use_remo-1408455181422 (pull request #468) For _ensure_valid_session with use_remote_user set, when galaxy_session.user.email != remote_user_email invalidate the session UNLESS allowing user impersonation and the remote user is an admin. Affected #: 1 file diff -r b6ae7b6283c30bcb58e87003066102bfa5af5e11 -r 6f92d5b8bd12b72dee5465be693344b9175344b7 lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py +++ b/lib/galaxy/web/framework/__init__.py @@ -855,9 +855,9 @@ # No user, associate galaxy_session.user = self.get_or_create_remote_user( remote_user_email ) galaxy_session_requires_flush = True - elif (galaxy_session.user.email != remote_user_email and - self.app.config.allow_user_impersonation and - remote_user_email not in self.app.config.admin_users_list): + elif ((galaxy_session.user.email != remote_user_email) and + ((not self.app.config.allow_user_impersonation) or + (remote_user_email not in self.app.config.admin_users_list))): # Session exists but is not associated with the correct # remote user, and the currently set remote_user is not a # potentially impersonating admin. Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.