details: https://code.tryton.org/tryton/commit/14cfe28a68c2
branch: default
user: Cédric Krier <[email protected]>
date: Tue Mar 31 13:26:00 2026 +0200
description:
Use session property instead of authorization for bus subscription
Since 375fb083e95a the userid may be defined in a cookie instead of the
authorization header.
Closes #14726
diffstat:
trytond/trytond/bus.py | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diffs (30 lines):
diff -r d7e0dcf4ac45 -r 14cfe28a68c2 trytond/trytond/bus.py
--- a/trytond/trytond/bus.py Mon Mar 30 11:29:57 2026 +0200
+++ b/trytond/trytond/bus.py Tue Mar 31 13:26:00 2026 +0200
@@ -226,19 +226,22 @@
url_host = config.get('bus', 'url_host')
if url_host and url_host != request.host_url:
abort(HTTPStatus.UNAUTHORIZED)
- user = request.authorization.get('userid')
+ if session := request.session:
+ userid = session.userid
+ else:
+ abort(HTTPStatus.UNAUTHORIZED)
channels = request.parsed_data.get('channels', [])
- if user is None:
+ if userid is None:
raise exceptions.BadRequest
channels = set(filter(lambda c: not c.startswith('user:'), channels))
- channels.add('user:%s' % user)
+ channels.add('user:%s' % userid)
last_message = request.parsed_data.get('last_message')
logger.info(
"get bus messages for %s since %s from %s@%s%s",
- channels, last_message, request.authorization.username,
+ channels, last_message, session.username,
request.remote_addr, request.path)
bus_response = Bus.subscribe(database_name, channels, last_message)
return Response(
