#2964 closed bug (Fixed)
TypeError when trying to check authentication level in RPC Server.
| Reported by: | georgetg | Owned by: | Calum |
|---|---|---|---|
| Priority: | trivial | Milestone: | 2.0.0 |
| Component: | Core | Version: | 1.3.13 |
| Keywords: | rpc server exception error | Cc: |
Description
In file deluge/core/rpcserver.py:
(connectionMade) - Line 208:
self.factory.authorized_sessions[self.transport.sessionno] = AUTH_LEVEL_NONE
Then in (dispatch) - Line 293:
auth_level = self.factory.authorized_sessions[self.transport.sessionno][0]
if auth_level < method_auth_requirement:
# This session is not allowed to call this method
log.debug("Session %s is trying to call a method it is not authorized to call!", self.transport.sessionno)
raise NotAuthorizedError("Auth level too low: %s < %s" % (auth_level, method_auth_requirement))
This will throw a TypeError if the user is not authenticated, since
self.factory.authorized_sessions[self.transport.sessionno]
is AUTH_LEVEL_NONE which is an int.
The type error would be handled by the following
except Exception, e:
which is not the expected behavior of an unauthenticated call.
A trivial fix would be:
self.factory.authorized_sessions[self.transport.sessionno] = (AUTH_LEVEL_NONE, None)
at line 208, but I am not sure if it breaks something else.
Change History (5)
comment:1 by , 9 years ago
| Milestone: | needs verified → 1.3.14 |
|---|---|
| Owner: | set to |
| Status: | new → assigned |
| Version: | other (please specify) → 1.3.13 |
comment:2 by , 9 years ago
Yes, you're right it is the username so the empty string would be best. Maybe changing this to a NamedTuple would be better long-term?
comment:3 by , 9 years ago
| Milestone: | 1.3.14 → 2.0 |
|---|
Yeah namedtuple would be a good idea here. I'll do that for develop code.
Fixed in 1.3-stable: [1dc4c465c7]
Note:
See TracTickets
for help on using tickets.
Hmm a distinct lack of documentation in that module but since it appears that the second item should be a username string so empty string would be better.