details: http://www.bx.psu.edu/hg/galaxy/rev/3a4561684257 changeset: 2463:3a4561684257 user: Nate Coraor <nate@bx.psu.edu> date: Mon Jul 06 20:41:24 2009 -0400 description: Fix deleted user access bug discovered by Pieter Neerincx 2 file(s) affected in this change: lib/galaxy/web/framework/__init__.py static/user_disabled.html diffs (74 lines): diff -r 8ad73e08978e -r 3a4561684257 lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py Mon Jun 29 17:04:18 2009 -0400 +++ b/lib/galaxy/web/framework/__init__.py Mon Jul 06 20:41:24 2009 -0400 @@ -147,6 +147,9 @@ self.workflow_building_mode = False # Always have a valid galaxy session self.__ensure_valid_session( session_cookie ) + # Prevent deleted users from accessing Galaxy + if self.app.config.use_remote_user and self.galaxy_session.user.deleted: + self.response.send_redirect( url_for( '/static/user_disabled.html' ) ) if self.app.config.require_login: self.__ensure_logged_in_user( environ ) def setup_i18n( self ): @@ -279,6 +282,9 @@ invalidate_existing_session = True log.warning( "User '%s' is an external user with an existing session, invalidating session since external auth is disabled", galaxy_session.user.email ) + elif galaxy_session is not None and galaxy_session.user is not None and galaxy_session.user.deleted: + invalidate_existing_session = True + log.warning( "User '%s' is marked deleted, invalidating session" % galaxy_session.user.email ) # Do we need to invalidate the session for some reason? if invalidate_existing_session: prev_galaxy_session = galaxy_session @@ -300,6 +306,9 @@ if prev_galaxy_session: objects_to_flush.append( prev_galaxy_session ) sa_session.flush( objects_to_flush ) + # If the old session was invalid, get a new history with our new session + if invalidate_existing_session: + self.new_history() def __ensure_logged_in_user( self, environ ): allowed_paths = ( url_for( controller='root', action='index' ), @@ -368,8 +377,6 @@ # We set default user permissions, before we log in and set the default history permissions self.app.security_agent.user_set_default_permissions( user ) #self.log_event( "Automatically created account '%s'", user.email ) - elif user.deleted: - return self.show_error_message( "Your account is no longer valid, contact your Galaxy administrator to activate your account." ) return user def __update_session_cookie( self, name='galaxysession' ): """ diff -r 8ad73e08978e -r 3a4561684257 static/user_disabled.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/static/user_disabled.html Mon Jul 06 20:41:24 2009 -0400 @@ -0,0 +1,28 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html lang="en"> + <head> + <title>Galaxy</title> + <style type="text/css"> + body { + min-width: 500px; + text-align: center; + } + .errormessage { + font: 75%% verdana, "Bitstream Vera Sans", geneva, arial, helvetica, helve, sans-serif; + padding: 10px; + margin: 100px auto; + min-height: 32px; + max-width: 500px; + border: 1px solid #AA6666; + background-color: #FFCCCC; + text-align: left; + } + </style> + </head> + <body> + <div class="errormessage"> + <h4>Account Disabled</h4> + <p>Your account is no longer valid, contact your Galaxy administrator to activate your account.</p> + </div> + </body> +</html>