#643 confusing error messages for some calls that require auth
Closed: Fixed 2 years ago Opened 2 years ago by mikem.

There are several calls that require authentication, but do not explicitly call assertLogin. Instead they fail deeper in the code, often producing a cryptic or confusing error message. E.g.

  File "/usr/share/koji-hub/kojihub.py", line 9525, in cancelTask
    if not task.verifyOwner() and not task.verifyHost():
  File "/usr/share/koji-hub/kojihub.py", line 106, in verifyHost
    host_id = context.session.host_id
  File "/usr/lib/python2.7/site-packages/koji/auth.py", line 224, in __getattr__
    if self._host_id == '':
  File "/usr/lib/python2.7/site-packages/koji/auth.py", line 228, in __getattr__
    raise AttributeError("%s" % name)
AttributeError: _host_id

I don't think there's a security issue here. All the calls I looked at require some sort of session info to work. That said, I have not exhaustively tested every call yet.

It seems to be correct. I've not found any similar cases (just by eye-scanning kojihub.py, so not 100%)

Metadata Update from @mikem:
- Issue set to the milestone: 1.15

2 years ago

Metadata Update from @mikem:
- Issue private status set to: False (was: True)

2 years ago

PR #740

Login to comment on this ticket.

Metadata
Attachments 1