incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [1/2] git commit: [#6053] ticket:363 check for disabled users in user lookups
Date Thu, 13 Jun 2013 19:32:45 GMT
Updated Branches:
  refs/heads/master 504e5084a -> 0670467d1


[#6053]  ticket:363 check for disabled users in user lookups


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/c8dff0a9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/c8dff0a9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/c8dff0a9

Branch: refs/heads/master
Commit: c8dff0a9c2dabd0f67b0204d1e95d19e46b93679
Parents: 504e508
Author: Yuriy Arhipov <yuriyarhipovua@yandex.ru>
Authored: Mon May 27 11:31:34 2013 +0400
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Thu Jun 13 19:32:28 2013 +0000

----------------------------------------------------------------------
 Allura/allura/model/auth.py            |  4 ++--
 Allura/allura/tests/model/test_auth.py | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/c8dff0a9/Allura/allura/model/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/auth.py b/Allura/allura/model/auth.py
index 4883531..38890fc 100644
--- a/Allura/allura/model/auth.py
+++ b/Allura/allura/model/auth.py
@@ -197,7 +197,7 @@ class EmailAddress(MappedClass):
     nonce = FieldProperty(str)
 
     def claimed_by_user(self):
-        return User.query.get(_id=self.claimed_by_user_id)
+        return User.query.get(_id=self.claimed_by_user_id, disabled=False)
 
     @classmethod
     def upsert(cls, addr):
@@ -256,7 +256,7 @@ class OpenId(MappedClass):
 
     def claimed_by_user(self):
         if self.claimed_by_user_id:
-            result = User.query.get(_id=self.claimed_by_user_id)
+            result = User.query.get(_id=self.claimed_by_user_id, disabled=False)
         else: # pragma no cover
             result = User.register(
                 dict(username=None, password=None,

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/c8dff0a9/Allura/allura/tests/model/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/model/test_auth.py b/Allura/allura/tests/model/test_auth.py
index fe2a4e1..36e7cca 100644
--- a/Allura/allura/tests/model/test_auth.py
+++ b/Allura/allura/tests/model/test_auth.py
@@ -174,3 +174,18 @@ def test_dup_api_token():
     except DuplicateKeyError:
         pass
     assert len(M.ApiToken.query.find().all()) == 1, "Duplicate entries with unique key found"
+
+@with_setup(setUp)
+def test_openid_claimed_by_user():
+    oid = M.OpenId.upsert('http://google.com/accounts/1', 'My Google OID')
+    c.user.disabled = True
+    oid.claimed_by_user_id = c.user._id
+    ThreadLocalORMSession.flush_all()
+    assert oid.claimed_by_user() is not c.user
+
+@with_setup(setUp)
+def test_q():
+    addr = M.EmailAddress(_id='test_admin@sf.net', claimed_by_user_id=c.user._id)
+    c.user.disabled = True
+    ThreadLocalORMSession.flush_all()
+    assert addr.claimed_by_user() is not c.user


Mime
View raw message