New submission from Heikki Partanen:
Crash in roundup_helper/middleware.py
1. Open an issue review (bugs.python.org/review#####) link in one browser,
session gets created
2. Log into your account with another browser, edit your account, change
username into something else
3. Open again the issue review link in the old browser that has the session
with old username
As the old session has the wrong username, it crashes on this line as no user
is found with the old username:
roundup_user = User.objects.filter(_username=username)[0]
----------
files: username_change_crashes_rietfeld.patch
messages: 2628
nosy: heikki.partanen
priority: bug
status: unread
title: Review links crash after changing username
_______________________________________________________
PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue490>
_______________________________________________________
diff -r 94173dcc4b3b roundup_helper/middleware.py
--- a/roundup_helper/middleware.py Sat Jul 07 17:58:10 2012 +0200
+++ b/roundup_helper/middleware.py Sun Nov 04 23:48:06 2012 +0400
@@ -21,8 +21,14 @@
self.logout(request)
return
username = eval(session[0].session_value)['user']
- # the username comes from the cookie, so it really ought to exist
- roundup_user = User.objects.filter(_username=username)[0]
+
+ # the username comes from the cookie, but might still be invalid
+ users = User.objects.filter(_username=username)
+ if not users:
+ # No user found, force logout to clear bad session
+ self.logout(request)
+ return
+
# if we already have a user from the session, we are done.
if request.user.is_authenticated():
if request.user.username == username:
@@ -41,7 +47,7 @@
nickname=username, fresh=True)
account.put()
auth.login(request, user)
-
+
def logout(self, request):
# Clear django session if roundup session is gone.
auth.logout(request)
_______________________________________________
Tracker-discuss mailing list
Tracker-discuss@python.org
http://mail.python.org/mailman/listinfo/tracker-discuss
