[FIX] ir.http.authenticate: avoid discarding sessions when authentication status...

In some cases the authentication check can fail
for an unknown reason (e.g. connection pool is
temporarily full). This should not be treated
as an authentication failure, as the status is
really unknown. Let those exceptions bubble up
instead.

bzr revid: odo@openerp.com-20140228170712-l8smq6u3cmvjtd5e

diff --git a/openerp/addons/base/ir/ir_http.py b/openerp/addons/base/ir/ir_http.py
index 1869911..93dc4d8 100644 (file)
--- a/openerp/addons/base/ir/ir_http.py
+++ b/openerp/addons/base/ir/ir_http.py
@@ -77,7 +77,9 @@ class ir_http(osv.AbstractModel):
                 # what if error in security.check()
                 #   -> res_users.check()
                 #   -> res_users.check_credentials()
-            except Exception:
+            except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
+                # All other exceptions mean undetermined status (e.g. connection pool full),
+                # let them bubble up
                 request.session.logout()
         getattr(self, "_auth_method_%s" % auth_method)()
         return auth_method