Opened 8 years ago

Closed 8 years ago

Last modified 6 years ago

#2964 closed bug (Fixed)

TypeError when trying to check authentication level in RPC Server.

Reported by: georgetg Owned by: Calum
Priority: trivial Milestone: 2.0.0
Component: Core Version: 1.3.13
Keywords: rpc server exception error Cc:

Description

In file deluge/core/rpcserver.py:

(connectionMade) - Line 208:

self.factory.authorized_sessions[self.transport.sessionno] = AUTH_LEVEL_NONE

Then in (dispatch) - Line 293:

auth_level = self.factory.authorized_sessions[self.transport.sessionno][0]
if auth_level < method_auth_requirement:
    # This session is not allowed to call this method
    log.debug("Session %s is trying to call a method it is not authorized to call!", self.transport.sessionno)
    raise NotAuthorizedError("Auth level too low: %s < %s" % (auth_level, method_auth_requirement))

This will throw a TypeError if the user is not authenticated, since

self.factory.authorized_sessions[self.transport.sessionno] is AUTH_LEVEL_NONE which is an int. The type error would be handled by the following except Exception, e: which is not the expected behavior of an unauthenticated call.

A trivial fix would be:

self.factory.authorized_sessions[self.transport.sessionno] = (AUTH_LEVEL_NONE, None)

at line 208, but I am not sure if it breaks something else.

Change History (5)

comment:1 by Calum, 8 years ago

Milestone: needs verified1.3.14
Owner: set to Calum
Status: newassigned
Version: other (please specify)1.3.13

Hmm a distinct lack of documentation in that module but since it appears that the second item should be a username string so empty string would be better.

comment:2 by andar, 8 years ago

Yes, you're right it is the username so the empty string would be best. Maybe changing this to a NamedTuple would be better long-term?

comment:3 by Calum, 8 years ago

Milestone: 1.3.142.0

Yeah namedtuple would be a good idea here. I'll do that for develop code.

Fixed in 1.3-stable: [1dc4c465c7]

comment:4 by Calum, 8 years ago

Resolution: Fixed
Status: assignedclosed

comment:5 by Calum, 6 years ago

Milestone: 2.02.0.0

Milestone renamed

Note: See TracTickets for help on using tickets.