From 455778d138ea623d224c9206e5001fd2a1fd7e1c Mon Sep 17 00:00:00 2001
From: Tres Seaver <tseaver@palladion.com>
Date: Tue, 31 May 2016 19:35:57 +0200
Subject: [PATCH] middleware: Avoid passing extracted 'identity' to 'remember' during egress.

---
 repoze/who/middleware.py |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/repoze/who/middleware.py b/repoze/who/middleware.py
index 8b5771e..d84c4ed 100644
--- a/repoze/who/middleware.py
+++ b/repoze/who/middleware.py
@@ -72,8 +72,7 @@
         logger = self.logger
         path_info = environ.get('PATH_INFO', None)
         logger and logger.info(_STARTED % path_info)
-        identity = None
-        identity = api.authenticate()
+        api.authenticate()  # identity saved in environ
 
         # allow identifier plugins to replace the downstream
         # application (to do redirection and unauthorized themselves
@@ -114,7 +113,7 @@
                 raise RuntimeError('no challengers found')
         else:
             logger and logger.info('no challenge required')
-            remember_headers = api.remember(identity)
+            remember_headers = api.remember()
             wrapper.finish_response(remember_headers)
 
         logger and logger.info(_ENDED % path_info)

--
Gitblit v1.9.3