Always set g.current_user (to None when not logged in).

This allows us to use g.current_user, instead of
g.get('current_user', None), which in turn simply causes an AttributeError
exception when the token validation wasn't performed when it should have.

pillar/application/modules/projects.py

@@ -33,7 +33,7 @@ def after_inserting_projects(items):
 
     :param items: List of project docs that have been inserted (normally one)
     """
-    current_user = g.get('current_user', None)
+    current_user = g.current_user
     users_collection = app.data.driver.db['users']
     user = users_collection.find_one({'_id': current_user['user_id']})
 

pillar/application/utils/authentication.py

@@ -52,14 +52,18 @@ def validate_token():
     from it.
 
     When the token is successfully validated, sets `g.current_user` to contain
-    the user information.
+    the user information, otherwise it is set to None.
 
     @returns True iff the user is logged in with a valid Blender ID token.
     """
 
+    # Default to no user at all.
+    g.current_user = None
+
     if not request.authorization:
         # If no authorization headers are provided, we are getting a request
         # from a non logged in user. Proceed accordingly.
+        log.debug('No authentication headers, so not logged in.')
         return False
 
     token = request.authorization.username

pillar/application/utils/authorization.py

@@ -17,7 +17,7 @@ def check_permissions(resource, method, append_allowed_methods=False):
     if method != 'GET' and append_allowed_methods:
         raise ValueError("append_allowed_methods only allowed with 'GET' method")
 
-    current_user = g.get('current_user', None)
+    current_user = g.current_user
 
     if 'permissions' in resource:
         # If permissions are embedded in the node (this overrides any other