From aa65671ac7052e326fe7f674844546e87b2f2938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= Date: Tue, 28 Nov 2017 13:04:10 +0100 Subject: [PATCH] Always check active flag --- src/octoprint/server/__init__.py | 18 ++++++++++++------ src/octoprint/server/util/flask.py | 6 +++--- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/octoprint/server/__init__.py b/src/octoprint/server/__init__.py index 29ea347b..fd804cfe 100644 --- a/src/octoprint/server/__init__.py +++ b/src/octoprint/server/__init__.py @@ -129,17 +129,23 @@ def load_user(id): if id == "_api": return users.ApiUser() + if not userManager.enabled: + return users.DummyUser() + if session and "usersession.id" in session: sessionid = session["usersession.id"] else: sessionid = None - if userManager.enabled: - if sessionid: - return userManager.findUser(userid=id, session=sessionid) - else: - return userManager.findUser(userid=id) - return users.DummyUser() + if sessionid: + user = userManager.findUser(userid=id, session=sessionid) + else: + user = userManager.findUser(userid=id) + + if user and user.is_active(): + return user + + return None #~~ startup code diff --git a/src/octoprint/server/util/flask.py b/src/octoprint/server/util/flask.py index faf4bec2..63a3b0e2 100644 --- a/src/octoprint/server/util/flask.py +++ b/src/octoprint/server/util/flask.py @@ -487,7 +487,7 @@ def passive_login(): else: user = flask.ext.login.current_user - if user is not None and not user.is_anonymous(): + if user is not None and not user.is_anonymous() and user.is_active(): flask.ext.principal.identity_changed.send(flask.current_app._get_current_object(), identity=flask.ext.principal.Identity(user.get_id())) if hasattr(user, "session"): flask.session["usersession.id"] = user.session @@ -506,7 +506,7 @@ def passive_login(): remoteAddr = get_remote_address(flask.request) if netaddr.IPAddress(remoteAddr) in localNetworks: user = octoprint.server.userManager.findUser(autologinAs) - if user is not None: + if user is not None and user.is_active(): user = octoprint.server.userManager.login_user(user) flask.session["usersession.id"] = user.session flask.g.user = user @@ -1213,7 +1213,7 @@ def get_json_command_from_request(request, valid_commands): data = request.json if data is None: return None, None, make_response("Expected content-type JSON", 400) - + if not "command" in data.keys() or not data["command"] in valid_commands.keys(): return None, None, make_response("Expected valid command", 400)