[Zope-CVS] CVS: Products/CookieCrumbler - CHANGES.txt:1.3 CookieCrumbler.py:1.5 version.txt:1.3

Shane Hathaway shane@cvs.zope.org
Sat, 13 Apr 2002 22:24:00 -0400


Update of /cvs-repository/Products/CookieCrumbler
In directory cvs.zope.org:/tmp/cvs-serv22068

Modified Files:
	CHANGES.txt CookieCrumbler.py version.txt 
Log Message:
- Cookie crumblers were causing an authentication error on logout.  Corrected.

- Cookie paths weren't being set correctly when local paths were turned
  on.  Actually, the enabling of local paths was reversed from what the
  checkbox label implied, doubling the confusion.


=== Products/CookieCrumbler/CHANGES.txt 1.2 => 1.3 ===
 
 - Merged WebDAV source port fix from CMFCore
+
+Version 0.5
+
+- Cookie crumblers were causing an authentication error on logout.  Corrected.
+
+- Cookie paths weren't being set correctly when local paths were turned
+  on.  Actually, the enabling of local paths was reversed from what the
+  checkbox label implied, doubling the confusion.


=== Products/CookieCrumbler/CookieCrumbler.py 1.4 => 1.5 ===
 
 import sys
-from base64 import encodestring
+from base64 import encodestring, decodestring
 from urllib import quote, unquote
 from os import path
 
@@ -164,11 +164,11 @@
 
     security.declarePublic('getCookiePath')
     def getCookiePath(self):
-        if self.local_cookie_path:
+        if not self.local_cookie_path:
             return '/'
         parent = aq_parent(aq_inner(self))
         if parent is not None:
-            return parent.absolute_url(1)
+            return '/' + parent.absolute_url(1)
         else:
             return '/'
 
@@ -229,11 +229,18 @@
             elif req.has_key(self.auth_cookie):
                 # Copy __ac to the auth header.
                 ac = unquote(req[self.auth_cookie])
-                req._auth = 'basic %s' % ac
-                req._cookie_auth = 1
-                resp._auth = 1
-                self.delRequestVar(req, self.auth_cookie)
-                return ATTEMPT_RESUME
+                if ac and ac != 'deleted':
+                    try:
+                        decodestring(ac)
+                    except:
+                        # Not a valid auth header.
+                        pass
+                    else:
+                        req._auth = 'basic %s' % ac
+                        req._cookie_auth = 1
+                        resp._auth = 1
+                        self.delRequestVar(req, self.auth_cookie)
+                        return ATTEMPT_RESUME
             return ATTEMPT_NONE
 
     def __call__(self, container, req):


=== Products/CookieCrumbler/version.txt 1.2 => 1.3 ===
+CookieCrumbler-0.5