Module: check_mk
Branch: master
Commit: bc3b3dd21bfd61085e3111b1a9aa7e76f89985e5
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bc3b3dd21bfd61…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Apr 4 16:37:50 2018 +0200
Added todo note
Change-Id: Ia05ce96da44e8832a97d82fac9dab864097a3627
---
web/htdocs/login.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/web/htdocs/login.py b/web/htdocs/login.py
index 6e895ca..6e281a5 100644
--- a/web/htdocs/login.py
+++ b/web/htdocs/login.py
@@ -257,6 +257,14 @@ def auth_cookie_is_valid(cookie_name):
return False
+# TODO: Needs to be cleaned up. When using HTTP header auth or web server auth it is not
+# ensured that a user exists after letting the user in. This is a problem for the
following
+# code! We need to define a point where the following code can rely on an existing user
+# object. userdb.hook_login() is doing some similar stuff
+# - It also checks the type() of the user_id (Not in the same way :-/)
+# - It also calls userdb.is_customer_user_allowed_to_login()
+# - It calls userdb.create_non_existing_user() but we don't
+# - It calls connection.is_locked() but we don't
def check_auth(mod_python_req):
user_id = check_auth_web_server(mod_python_req)