[CMF-checkins] CVS: Products/CMFCore - CookieCrumbler.py:1.18.10.5.2.1

Zachery Bir zbir at urbanape.com
Thu Sep 8 12:50:24 EDT 2005 

Update of /cvs-repository/Products/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv27473

Modified Files:
      Tag: CMF-1_7_7-tseaver-cookie-crumbler-branch
	CookieCrumbler.py 
Log Message:
local changes to CookieCrumbler.py to satisfy one-off


=== Products/CMFCore/CookieCrumbler.py 1.18.10.5 => 1.18.10.5.2.1 ===
--- Products/CMFCore/CookieCrumbler.py:1.18.10.5	Fri Apr 23 17:11:33 2004
+++ Products/CMFCore/CookieCrumbler.py	Thu Sep  8 12:50:23 2005
@@ -68,6 +68,8 @@
                     'label':'Auto-login page ID'},
                    {'id':'logout_page', 'type': 'string', 'mode':'w',
                     'label':'Logout page ID'},
+                   {'id':'log_username', 'type':'boolean', 'mode': 'w',
+                    'label':'Log cookie auth username to access log'}
                    )
 
     auth_cookie = '__ac'
@@ -76,6 +78,7 @@
     persist_cookie = '__ac_persistent'
     auto_login_page = 'login_form'
     logout_page = 'logged_out'
+    log_username = 1
 
     security.declarePrivate('delRequestVar')
     def delRequestVar(self, req, name):
@@ -102,6 +105,23 @@
     security.declarePrivate('defaultExpireAuthCookie')
     def defaultExpireAuthCookie( self, resp, cookie_name ):
         resp.expireCookie( cookie_name, path='/')
+    
+    def _setAuthHeader(self, ac, request, response):
+        """Set the auth headers for both the Zope and Medusa http request
+        objects.
+        """
+        request._auth = 'Basic %s' % ac
+        request._cookie_auth = 1
+        response._auth = 1
+        if self.log_username:
+            # Set the authorization header in the medusa http request
+            # so that the username can be logged to the Z2.log
+            try:
+                medusa_headers = response.stdout._request._header_cache
+            except AttributeError:
+                pass
+            else:
+                medusa_headers['authorization'] = request._auth
 
     security.declarePrivate('modifyRequest')
     def modifyRequest(self, req, resp):
@@ -126,9 +146,7 @@
                 name = req[self.name_cookie]
                 pw = req[self.pw_cookie]
                 ac = encodestring('%s:%s' % (name, pw))
-                req._auth = 'Basic %s' % ac
-                req._cookie_auth = 1
-                resp._auth = 1
+                self._setAuthHeader(ac, req, resp)
                 if req.get(self.persist_cookie, 0):
                     # Persist the user name (but not the pw or session)
                     expires = (DateTime() + 365).toZone('GMT').rfc822()
@@ -146,9 +164,7 @@
             elif req.has_key(self.auth_cookie):
                 # Copy __ac to the auth header.
                 ac = unquote(req[self.auth_cookie])
-                req._auth = 'Basic %s' % ac
-                req._cookie_auth = 1
-                resp._auth = 1
+                self._setAuthHeader(ac, req, resp)
                 self.delRequestVar(req, self.auth_cookie)
                 return ATTEMPT_RESUME
             return ATTEMPT_NONE

More information about the CMF-checkins mailing list