From 455778d138ea623d224c9206e5001fd2a1fd7e1c Mon Sep 17 00:00:00 2001 From: Tres Seaver <tseaver@palladion.com> Date: Tue, 31 May 2016 19:35:57 +0200 Subject: [PATCH] middleware: Avoid passing extracted 'identity' to 'remember' during egress. --- repoze/who/middleware.py | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/repoze/who/middleware.py b/repoze/who/middleware.py index 8b5771e..d84c4ed 100644 --- a/repoze/who/middleware.py +++ b/repoze/who/middleware.py @@ -72,8 +72,7 @@ logger = self.logger path_info = environ.get('PATH_INFO', None) logger and logger.info(_STARTED % path_info) - identity = None - identity = api.authenticate() + api.authenticate() # identity saved in environ # allow identifier plugins to replace the downstream # application (to do redirection and unauthorized themselves @@ -114,7 +113,7 @@ raise RuntimeError('no challengers found') else: logger and logger.info('no challenge required') - remember_headers = api.remember(identity) + remember_headers = api.remember() wrapper.finish_response(remember_headers) logger and logger.info(_ENDED % path_info) -- Gitblit v1.9.3