From ebf4fd9375df4cd15bd390ae1c4a684281bd6c0e Mon Sep 17 00:00:00 2001 From: Andrew Svetlov Date: Fri, 20 Nov 2015 13:39:10 +0200 Subject: [PATCH] Add couple assertions and short-cut --- aiohttp_security/api.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/aiohttp_security/api.py b/aiohttp_security/api.py index a8a024c..831f8de 100644 --- a/aiohttp_security/api.py +++ b/aiohttp_security/api.py @@ -17,6 +17,7 @@ def remember(request, response, identity, **kwargs): pushed into custom header also. """ assert isinstance(identity, str), identity + assert identity identity_policy = request.app.get(IDENTITY_KEY) if identity_policy is None: text = ("Security subsystem is not initialized, " @@ -53,6 +54,8 @@ def authorized_userid(request): if identity_policy is None or autz_policy is None: return None identity = yield from identity_policy.identify(request) + if identity is None: + return None # non-registered user has None user_id user_id = yield from autz_policy.authorized_userid(identity) return user_id @@ -60,11 +63,13 @@ def authorized_userid(request): @asyncio.coroutine def permits(request, permission, context=None): assert isinstance(permission, str), permission + assert permission identity_policy = request.app.get(IDENTITY_KEY) autz_policy = request.app.get(AUTZ_KEY) if identity_policy is None or autz_policy is None: return True identity = yield from identity_policy.identify(request) + # non-registered user still may has some permissions access = yield from autz_policy.permits(identity, permission, context) return access