details:
http://www.bx.psu.edu/hg/galaxy/rev/3a4561684257
changeset: 2463:3a4561684257
user: Nate Coraor <nate(a)bx.psu.edu>
date: Mon Jul 06 20:41:24 2009 -0400
description:
Fix deleted user access bug discovered by Pieter Neerincx
2 file(s) affected in this change:
lib/galaxy/web/framework/__init__.py
static/user_disabled.html
diffs (74 lines):
diff -r 8ad73e08978e -r 3a4561684257 lib/galaxy/web/framework/__init__.py
--- a/lib/galaxy/web/framework/__init__.py Mon Jun 29 17:04:18 2009 -0400
+++ b/lib/galaxy/web/framework/__init__.py Mon Jul 06 20:41:24 2009 -0400
@@ -147,6 +147,9 @@
self.workflow_building_mode = False
# Always have a valid galaxy session
self.__ensure_valid_session( session_cookie )
+ # Prevent deleted users from accessing Galaxy
+ if self.app.config.use_remote_user and self.galaxy_session.user.deleted:
+ self.response.send_redirect( url_for( '/static/user_disabled.html' )
)
if self.app.config.require_login:
self.__ensure_logged_in_user( environ )
def setup_i18n( self ):
@@ -279,6 +282,9 @@
invalidate_existing_session = True
log.warning( "User '%s' is an external user with an existing
session, invalidating session since external auth is disabled",
galaxy_session.user.email )
+ elif galaxy_session is not None and galaxy_session.user is not None and
galaxy_session.user.deleted:
+ invalidate_existing_session = True
+ log.warning( "User '%s' is marked deleted, invalidating
session" % galaxy_session.user.email )
# Do we need to invalidate the session for some reason?
if invalidate_existing_session:
prev_galaxy_session = galaxy_session
@@ -300,6 +306,9 @@
if prev_galaxy_session:
objects_to_flush.append( prev_galaxy_session )
sa_session.flush( objects_to_flush )
+ # If the old session was invalid, get a new history with our new session
+ if invalidate_existing_session:
+ self.new_history()
def __ensure_logged_in_user( self, environ ):
allowed_paths = (
url_for( controller='root', action='index' ),
@@ -368,8 +377,6 @@
# We set default user permissions, before we log in and set the default
history permissions
self.app.security_agent.user_set_default_permissions( user )
#self.log_event( "Automatically created account '%s'",
user.email )
- elif user.deleted:
- return self.show_error_message( "Your account is no longer valid,
contact your Galaxy administrator to activate your account." )
return user
def __update_session_cookie( self, name='galaxysession' ):
"""
diff -r 8ad73e08978e -r 3a4561684257 static/user_disabled.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/static/user_disabled.html Mon Jul 06 20:41:24 2009 -0400
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+ <head>
+ <title>Galaxy</title>
+ <style type="text/css">
+ body {
+ min-width: 500px;
+ text-align: center;
+ }
+ .errormessage {
+ font: 75%% verdana, "Bitstream Vera Sans", geneva, arial,
helvetica, helve, sans-serif;
+ padding: 10px;
+ margin: 100px auto;
+ min-height: 32px;
+ max-width: 500px;
+ border: 1px solid #AA6666;
+ background-color: #FFCCCC;
+ text-align: left;
+ }
+ </style>
+ </head>
+ <body>
+ <div class="errormessage">
+ <h4>Account Disabled</h4>
+ <p>Your account is no longer valid, contact your Galaxy administrator
to activate your account.</p>
+ </div>
+ </body>
+</html>