From 688b85d96c03bea014b3aea687234c0c13c6c83f Mon Sep 17 00:00:00 2001
From: Sinisa Veseli <sveseli@aps.anl.gov>
Date: Thu, 8 Oct 2015 19:04:38 +0000
Subject: [PATCH] fix unauthorized string error in login controller

---
 .../dm/common/service/loginController.py      | 23 ++++++++++---------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/python/dm/common/service/loginController.py b/src/python/dm/common/service/loginController.py
index fd87167d..8226be02 100755
--- a/src/python/dm/common/service/loginController.py
+++ b/src/python/dm/common/service/loginController.py
@@ -170,19 +170,20 @@ class LoginController(DmController):
             raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', InvalidSession(errorMsg))
 
         username = sessionInfo.get(LoginController.SESSION_USERNAME_KEY)
+        if not username:
+            errorMsg = 'Invalid session id: %s (no username supplied).' % sessionId
+            logger.debug(errorMsg)
+            raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', InvalidSession(errorMsg))
+
         cherrypy.session[LoginController.SESSION_ROLE_KEY] = sessionInfo[LoginController.SESSION_ROLE_KEY]
         logger.debug('Session id %s is valid (username: %s)' % (sessionId, username))
-        if username:
-            cherrypy.request.login = username
-            for condition in conditions:
-                # A condition is just a callable that returns true or false
-                if not condition():
-                    logger.debug('Authorization check %s() failed for username %s' % (condition.func_name, username))
-                    errorMsg = 'Authorization check %s() failed for user %s.' % (condition.func_name, username)
-                    raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', AuthorizationError(errorMsg))
-        else:
-            logger.debug('Username is not supplied')
-            raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', ex)
+        cherrypy.request.login = username
+        for condition in conditions:
+            # A condition is just a callable that returns true or false
+            if not condition():
+                logger.debug('Authorization check %s() failed for username %s' % (condition.func_name, username))
+                errorMsg = 'Authorization check %s() failed for user %s.' % (condition.func_name, username)
+                raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', AuthorizationError(errorMsg))
 
 
     @cherrypy.expose
-- 
GitLab