#2964 closed bug (Fixed)
TypeError when trying to check authentication level in RPC Server.
Reported by: | georgetg | Owned by: | Calum |
---|---|---|---|
Priority: | trivial | Milestone: | 2.0.0 |
Component: | Core | Version: | 1.3.13 |
Keywords: | rpc server exception error | Cc: |
Description
In file deluge/core/rpcserver.py:
(connectionMade) - Line 208:
self.factory.authorized_sessions[self.transport.sessionno] = AUTH_LEVEL_NONE
Then in (dispatch) - Line 293:
auth_level = self.factory.authorized_sessions[self.transport.sessionno][0] if auth_level < method_auth_requirement: # This session is not allowed to call this method log.debug("Session %s is trying to call a method it is not authorized to call!", self.transport.sessionno) raise NotAuthorizedError("Auth level too low: %s < %s" % (auth_level, method_auth_requirement))
This will throw a TypeError if the user is not authenticated, since
self.factory.authorized_sessions[self.transport.sessionno]
is AUTH_LEVEL_NONE which is an int.
The type error would be handled by the following
except Exception, e:
which is not the expected behavior of an unauthenticated call.
A trivial fix would be:
self.factory.authorized_sessions[self.transport.sessionno] = (AUTH_LEVEL_NONE, None)
at line 208, but I am not sure if it breaks something else.
Change History (5)
comment:1 by , 8 years ago
Milestone: | needs verified → 1.3.14 |
---|---|
Owner: | set to |
Status: | new → assigned |
Version: | other (please specify) → 1.3.13 |
comment:2 by , 8 years ago
Yes, you're right it is the username so the empty string would be best. Maybe changing this to a NamedTuple would be better long-term?
comment:3 by , 8 years ago
Milestone: | 1.3.14 → 2.0 |
---|
Yeah namedtuple would be a good idea here. I'll do that for develop code.
Fixed in 1.3-stable: [1dc4c465c7]
Hmm a distinct lack of documentation in that module but since it appears that the second item should be a username string so empty string would be better.