p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed #2770 -- Fixed a database connection leak in 

django.contrib.auth.handlers.modpython.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3789 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2006-09-22 12:01:15 +00:00
parent 14be60c4cb
commit 9e05fc1598
1 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
django/contrib/auth/handlers/modpython.py
View File

@ -22,6 +22,8 @@ def authenhandler(req, **kwargs):
os.environ['DJANGO_SETTINGS_MODULE'] = settings_module os.environ['DJANGO_SETTINGS_MODULE'] = settings_module
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django import db
db.reset_queries()
# check that the username is valid # check that the username is valid
kwargs = {'username': req.user, 'is_active': True} kwargs = {'username': req.user, 'is_active': True}
@ -30,18 +32,21 @@ def authenhandler(req, **kwargs):
if superuser_only: if superuser_only:
kwargs['is_superuser'] = True kwargs['is_superuser'] = True
try: try:
user = User.objects.get(**kwargs) try:
except User.DoesNotExist: user = User.objects.get(**kwargs)
return apache.HTTP_UNAUTHORIZED except User.DoesNotExist:
return apache.HTTP_UNAUTHORIZED
# check the password and any permission given
if user.check_password(req.get_basic_auth_pw()): # check the password and any permission given
if permission_name: if user.check_password(req.get_basic_auth_pw()):
if user.has_perm(permission_name): if permission_name:
return apache.OK if user.has_perm(permission_name):
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
else: else:
return apache.HTTP_UNAUTHORIZED return apache.OK
else: else:
return apache.OK return apache.HTTP_UNAUTHORIZED
else: finally:
return apache.HTTP_UNAUTHORIZED db.connection.close()