[Zope-CMF] Re: PATCH: CMFCore/CookieCrumbler, add getAuthCookie method

Andy Dustman andy@dustman.net
25 Aug 2002 23:15:25 -0400 

--=-VJJEzo4AzKg1qFC2YHfR
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Sun, 2002-08-25 at 22:35, Andy Dustman wrote:
> The attached patch allows for a user-defined getAuthCookie method to
> complement expireAuthCookie and setAuthCookie.

I found one bug. I've backed out the change to delRequestVar
(authentication was being prematurely deleted) and it seems to be
alright, but it still needs more testing/inspection.

-- 
Andy Dustman         PGP: 0x930B8AB6
    @       .net     http://dustman.net/andy
"Cogito, ergo sum." -- Rene Descartes
"I yam what I yam and that's all what I yam." -- Popeye

--=-VJJEzo4AzKg1qFC2YHfR
Content-Disposition: attachment; filename=CookieCrumbler-getAuthCookie.patch
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; name=CookieCrumbler-getAuthCookie.patch; charset=ISO-8859-15

--- CMFCore/CookieCrumbler.py.orig	Sat Aug  3 22:42:22 2002
+++ CMFCore/CookieCrumbler.py	Sun Aug 25 22:59:05 2002
@@ -98,10 +98,17 @@
     def defaultExpireAuthCookie( self, resp, cookie_name ):
         resp.expireCookie( cookie_name, path=3D'/')
=20
+    security.declarePrivate('defaultGetAuthCookie')
+    def defaultGetAuthCookie( self, resp, cookie_name ):
+        return resp.cookies.get( cookie_name, None )
+
     security.declarePrivate('modifyRequest')
     def modifyRequest(self, req, resp):
         # Returns flags indicating what the user is trying to do.
=20
+        method =3D self.getCookieMethod( 'getAuthCookie'
+                                       , self.defaultGetAuthCookie )
+        ac =3D method( resp, self.auth_cookie )
         if req.__class__ is not HTTPRequest:
             return ATTEMPT_DISABLED
=20
@@ -137,9 +144,9 @@
                 self.delRequestVar(req, self.name_cookie)
                 self.delRequestVar(req, self.pw_cookie)
                 return ATTEMPT_LOGIN
-            elif req.has_key(self.auth_cookie):
+            elif ac:
                 # Copy __ac to the auth header.
-                ac =3D unquote(req[self.auth_cookie])
+                ac =3D unquote(ac)
                 req._auth =3D 'Basic %s' % ac
                 req._cookie_auth =3D 1
                 resp._auth =3D 1
@@ -192,8 +199,9 @@
     def unauthorized(self):
         resp =3D self._cleanupResponse()
         # If we set the auth cookie before, delete it now.
-        if resp.cookies.has_key(self.auth_cookie):
-            del resp.cookies[self.auth_cookie]
+        method =3D self.getCookieMethod( 'expireAuthCookie'
+                                       , self.defaultExpireAuthCookie )
+        method( resp, self.auth_cookie )
         # Redirect if desired.
         url =3D self.getLoginURL()
         if url is not None:
@@ -204,8 +212,9 @@
     def _unauthorized(self):
         resp =3D self._cleanupResponse()
         # If we set the auth cookie before, delete it now.
-        if resp.cookies.has_key(self.auth_cookie):
-            del resp.cookies[self.auth_cookie]
+        method =3D self.getCookieMethod( 'expireAuthCookie'
+                                       , self.defaultExpireAuthCookie )
+        method( resp, self.auth_cookie )
         # Redirect if desired.
         url =3D self.getLoginURL()
         if url is not None:

--=-VJJEzo4AzKg1qFC2YHfR--