#2964 closed bug (Fixed)

TypeError when trying to check authentication level in RPC Server.

Reported by: georgetg Owned by: Cas
Priority: trivial Milestone: 2.0
Component: Core Version: 1.3.13
Keywords: rpc server exception error Cc:

Description

In file deluge/core/rpcserver.py:

(connectionMade) - Line 208:

self.factory.authorized_sessions[self.transport.sessionno] = AUTH_LEVEL_NONE

Then in (dispatch) - Line 293:

auth_level = self.factory.authorized_sessions[self.transport.sessionno][0]
if auth_level < method_auth_requirement:
    # This session is not allowed to call this method
    log.debug("Session %s is trying to call a method it is not authorized to call!", self.transport.sessionno)
    raise NotAuthorizedError("Auth level too low: %s < %s" % (auth_level, method_auth_requirement))

This will throw a TypeError? if the user is not authenticated, since

self.factory.authorized_sessions[self.transport.sessionno] is AUTH_LEVEL_NONE which is an int. The type error would be handled by the following except Exception, e: which is not the expected behavior of an unauthenticated call.

A trivial fix would be:

self.factory.authorized_sessions[self.transport.sessionno] = (AUTH_LEVEL_NONE, None)

at line 208, but I am not sure if it breaks something else.

Change History (4)

comment:1 Changed 12 months ago by Cas

  • Milestone changed from needs verified to 1.3.14
  • Owner set to Cas
  • Status changed from new to assigned
  • Version changed from other (please specify) to 1.3.13

Hmm a distinct lack of documentation in that module but since it appears that the second item should be a username string so empty string would be better.

comment:2 Changed 12 months ago by andar

Yes, you're right it is the username so the empty string would be best. Maybe changing this to a NamedTuple? would be better long-term?

comment:3 Changed 12 months ago by Cas

  • Milestone changed from 1.3.14 to 2.0

Yeah namedtuple would be a good idea here. I'll do that for develop code.

Fixed in 1.3-stable: [1dc4c465c7]

comment:4 Changed 11 months ago by Cas

  • Resolution set to Fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.