Don't fail hard if the user's permissions cannot be found

Salt enforces authorization not salt-api. Showing the user his/her permissions is a nicety only. We should make a best effort to retrieve them but if we cannot we should log the user in instead of blocking.
2025-04-17 10:10:20 +00:00 · 2016-08-17 18:42:28 -06:00 · 2016-08-17 18:42:28 -06:00 · eb3574adae
commit eb3574adae
parent ec597bd54c
1 changed files with 4 additions and 5 deletions
--- a/salt/netapi/rest_cherrypy/app.py
+++ b/salt/netapi/rest_cherrypy/app.py
@ -1522,13 +1522,12 @@ class Login(LowDataAdapter):
                    perms.extend(eauth['{0}%'.format(group)])

            if not perms:
-                raise ValueError("Eauth permission list not found.")
-        except (AttributeError, IndexError, KeyError, ValueError):
+                logger.debug("Eauth permission list not found.")
+        except Exception:
            logger.debug("Configuration for external_auth malformed for "
                "eauth '{0}', and user '{1}'."
                .format(token.get('eauth'), token.get('name')), exc_info=True)
-            raise cherrypy.HTTPError(500,
-                'Configuration for external_auth could not be read.')
+            perms = None

        return {'return': [{
            'token': cherrypy.session.id,
@ -1536,7 +1535,7 @@ class Login(LowDataAdapter):
            'start': token['start'],
            'user': token['name'],
            'eauth': token['eauth'],
-            'perms': perms,
+            'perms': perms or {},
        }]}