This is an automated email from the ASF dual-hosted git repository. brondsem pushed a commit to branch db/8409 in repository https://gitbox.apache.org/repos/asf/allura.git
commit c1cd4c5f9de73369f6cda382ed6d6d32b74b3d49 Author: Dave Brondsema <[email protected]> AuthorDate: Fri Feb 4 16:19:37 2022 -0500 [#8409] avoid User query when no username in session --- Allura/allura/lib/plugin.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py index c6d7306..20d2ef7 100644 --- a/Allura/allura/lib/plugin.py +++ b/Allura/allura/lib/plugin.py @@ -113,7 +113,10 @@ class AuthenticationProvider(object): def authenticate_request(self): from allura import model as M username = self.session.get('username') or self.session.get('expired-username') - user = M.User.query.get(username=username) + if username: + user = M.User.query.get(username=username) # not .by_username() since that excludes pending/disabled + else: + user = None if 'multifactor-username' in self.session and request.path not in self.multifactor_allowed_urls: # ensure any partially completed multifactor login is not left open, if user goes to any other pages
