1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/bd6f6d645762/ Changeset: bd6f6d645762 User: greg Date: 2013-04-04 17:59:18 Summary: Better handling for mercurial command line pushes to tool shed repositories when invalid credentials are sent. Affected #: 1 file diff -r c7bd5efd3e3140a1ad0de22bf3a02e4ef8e4a948 -r bd6f6d6457624d8c59f7d821b6a478e81d70b558 lib/galaxy/webapps/tool_shed/framework/middleware/hg.py --- a/lib/galaxy/webapps/tool_shed/framework/middleware/hg.py +++ b/lib/galaxy/webapps/tool_shed/framework/middleware/hg.py @@ -112,6 +112,7 @@ return self.__authenticate( username, password ) def __authenticate( self, username, password ): + db_password = None # Instantiate a database connection engine = sqlalchemy.create_engine( self.db_url ) connection = engine.connect() @@ -121,14 +122,17 @@ db_email = row[ 'email' ] db_password = row[ 'password' ] connection.close() - # Check if password matches db_password when hashed. - return new_secure_hash( text_type=password ) == db_password + if db_password: + # Check if password matches db_password when hashed. + return new_secure_hash( text_type=password ) == db_password + return False def __authenticate_remote_user( self, environ, username, password ): """ Look after a remote user and "authenticate" - upstream server should already have achieved this for us, but we check that the user exists at least. Hg allow_push = must include username - some versions of mercurial blow up with 500 errors. """ + db_username = None ru_email = environ[ 'HTTP_REMOTE_USER' ].lower() ## Instantiate a database connection... engine = sqlalchemy.create_engine( self.db_url ) @@ -140,9 +144,8 @@ db_password = row[ 'password' ] db_username = row[ 'username' ] connection.close() - - """ - We could check the password here except that the function galaxy.web.framework.get_or_create_remote_user() does some random generation of - a password - so that no-one knows the password and only the hash is stored... - """ - return db_username == username + if db_username: + # We could check the password here except that the function galaxy.web.framework.get_or_create_remote_user() does some random generation of + # a password - so that no-one knows the password and only the hash is stored... + return db_username == username + return False Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.