Learn more about these different git repos.
Other Git URLs
There are several calls that require authentication, but do not explicitly call assertLogin. Instead they fail deeper in the code, often producing a cryptic or confusing error message. E.g.
assertLogin
File "/usr/share/koji-hub/kojihub.py", line 9525, in cancelTask if not task.verifyOwner() and not task.verifyHost(): File "/usr/share/koji-hub/kojihub.py", line 106, in verifyHost host_id = context.session.host_id File "/usr/lib/python2.7/site-packages/koji/auth.py", line 224, in __getattr__ if self._host_id == '': File "/usr/lib/python2.7/site-packages/koji/auth.py", line 228, in __getattr__ raise AttributeError("%s" % name) AttributeError: _host_id
I don't think there's a security issue here. All the calls I looked at require some sort of session info to work. That said, I have not exhaustively tested every call yet.
<img alt="0001-Check-for-login-earlier.patch" src="/koji/issue/raw/files/43c474e7a050fd25866054e636c9e0db71b6ba3a4d0f3da8400b670ad56bafd4-0001-Check-for-login-earlier.patch" />
@tkopecek Can you review this?
It seems to be correct. I've not found any similar cases (just by eye-scanning kojihub.py, so not 100%)
Metadata Update from @mikem: - Issue set to the milestone: 1.15
Metadata Update from @mikem: - Issue private status set to: False (was: True)
PR #740
Commit a81ab3a fixes this issue
Commit 49853af fixes this issue
Login to comment on this ticket.