Deluge
#2964 closed bug (Fixed)
TypeError when trying to check authentication level in RPC Server.
| Reported by: | georgetg | Owned by: | Cas |
|---|---|---|---|
| Priority: | trivial | Milestone: | 2.0.0 |
| Component: | Core | Version: | 1.3.13 |
| Keywords: | rpc server exception error | Cc: |
Description
In file deluge/core/rpcserver.py:
(connectionMade) - Line 208:
self.factory.authorized_sessions[self.transport.sessionno] = AUTH_LEVEL_NONE
Then in (dispatch) - Line 293:
auth_level = self.factory.authorized_sessions[self.transport.sessionno][0]
if auth_level < method_auth_requirement:
# This session is not allowed to call this method
log.debug("Session %s is trying to call a method it is not authorized to call!", self.transport.sessionno)
raise NotAuthorizedError("Auth level too low: %s < %s" % (auth_level, method_auth_requirement))
This will throw a TypeError? if the user is not authenticated, since
self.factory.authorized_sessions[self.transport.sessionno] is AUTH_LEVEL_NONE which is an int. The type error would be handled by the following except Exception, e: which is not the expected behavior of an unauthenticated call.
A trivial fix would be:
self.factory.authorized_sessions[self.transport.sessionno] = (AUTH_LEVEL_NONE, None)
at line 208, but I am not sure if it breaks something else.
Change History (5)
comment:1 Changed 6 years ago by Cas
- Milestone changed from needs verified to 1.3.14
- Owner set to Cas
- Status changed from new to assigned
- Version changed from other (please specify) to 1.3.13
comment:2 Changed 6 years ago by andar
Yes, you're right it is the username so the empty string would be best. Maybe changing this to a NamedTuple? would be better long-term?
comment:3 Changed 6 years ago by Cas
- Milestone changed from 1.3.14 to 2.0
Yeah namedtuple would be a good idea here. I'll do that for develop code.
Fixed in 1.3-stable: [1dc4c465c7]
comment:4 Changed 6 years ago by Cas
- Resolution set to Fixed
- Status changed from assigned to closed
Fixed [1d1bb2a2a72b]
Hmm a distinct lack of documentation in that module but since it appears that the second item should be a username string so empty string would be better.