[Zope-CMF] [dev] CookieCrumbler cleanup
Tres Seaver
tseaver at palladion.com
Mon Jun 14 09:34:37 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
yuppie wrote:
> Hi!
>
>
> The refactoring on the cookiecrumbler_with_views branch is almost done.
> There are 3 small CookieCrumbler 'features' I'd like to remove before
> merging the changes into CMF trunk:
>
>
> 1.) insufficient privileges page (unauth_page property)
> =======================================================
>
> Logged in users are usually redirected to a view that tells them they
> don't have sufficient privileges. Anonymous users are usually redirected
> to a login form. AFAICS PAS has no built in support for that distinction
> and Plone uses require_login as dispatcher.
>
> By default CookieCrumbler only redirects anonymous users to the login
> form. But allows to specify a redirect target for logged in users in the
> unauth_page property.
>
> I propose to remove that feature because all redirection logic is moved
> to the UnauthorizedView. By default Forbidden is raised with a message
> similar to Plone's insufficient_privileges. If you want to customize
> that, you have to override the UnauthorizedView.
+1.
> 2.) redirect loop detection (disable_cookie_login__ parameter)
> ==============================================================
>
> AFAICS the special disable_cookie_login__=1 behavior is only used to
> prevent redirect loops caused by unauthorized exceptions in the
> login_form. This can only happen in mis-configured sites. And browsers
> are responsible for ending infinite redirect loops, so even in the case
> of misconfiguration nothing bad happens.
>
> I propose to remove that feature completely. I there is a reason why we
> have to detect redirect loops, we should at least do it without a
> special query parameter. CookieAuthHelper.unauthorized of PAS checks if
> ACTUAL_URL is the login_form URL.
+1.
> 3.) retry detection (retry parameter)
> =====================================
>
> AFAICS no special retry=1 behavior is implemented, so I can't see a
> reason why we should set the retry parameter. PAS also works without
> that feature. I propose to remove that feature completely.
+1.
Ters.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkwWL+0ACgkQ+gerLs4ltQ6gjwCgt2QcbsDvqE+vOmzrxY/PhatR
mM4An06At/BtYAimlahedQexDOnoIK6a
=d8wG
-----END PGP SIGNATURE-----
More information about the Zope-CMF
mailing list