[Zope-CVS] CVS: Products/CookieCrumbler - CookieCrumbler.py:1.4
Shane Hathaway
shane@cvs.zope.org
Wed, 9 Jan 2002 13:42:52 -0500
Update of /cvs-repository/Products/CookieCrumbler
In directory cvs.zope.org:/tmp/cvs-serv23875
Modified Files:
CookieCrumbler.py
Log Message:
Incorporated suggestions by Joseph Wayne Norton:
- You can specify whether all Unauthorized errors cause a redirect. This
is useful once all your site bugs have been worked out.
- You can specify whether cookie paths are local or global. With local paths
you can log in to multiple paths simultaneously, even with different names.
=== Products/CookieCrumbler/CookieCrumbler.py 1.3 => 1.4 ===
from os import path
+from Acquisition import aq_inner, aq_parent
from DateTime import DateTime
from utils import SimpleItemWithProperties
from AccessControl import ClassSecurityInfo, Permissions
@@ -135,6 +136,10 @@
'label':'Auto-login page ID'},
{'id':'logout_page', 'type': 'string', 'mode':'w',
'label':'Logout page ID'},
+ {'id':'redir_always', 'type': 'boolean', 'mode':'w',
+ 'label':'Always redirect to login page when unauthorized'},
+ {'id':'local_cookie_path', 'type': 'boolean', 'mode':'w',
+ 'label':'Use cookie paths to limit scope'},
)
auth_cookie = '__ac'
@@ -143,6 +148,8 @@
persist_cookie = '__ac_persistent'
auto_login_page = 'login_form'
logout_page = 'logged_out'
+ redir_always = 0
+ local_cookie_path = 0
security.declarePrivate('delRequestVar')
def delRequestVar(self, req, name):
@@ -155,6 +162,16 @@
try: del req.environ[name]
except: pass
+ security.declarePublic('getCookiePath')
+ def getCookiePath(self):
+ if self.local_cookie_path:
+ return '/'
+ parent = aq_parent(aq_inner(self))
+ if parent is not None:
+ return parent.absolute_url(1)
+ else:
+ return '/'
+
# Allow overridable cookie set/expiration methods.
security.declarePrivate('getCookieMethod')
def getCookieMethod( self, name='setAuthCookie', default=None ):
@@ -162,11 +179,11 @@
security.declarePrivate('setDefaultAuthCookie')
def defaultSetAuthCookie( self, resp, cookie_name, cookie_value ):
- resp.setCookie( cookie_name, cookie_value, path='/')
+ resp.setCookie( cookie_name, cookie_value, path=self.getCookiePath())
security.declarePrivate('defaultExpireAuthCookie')
def defaultExpireAuthCookie( self, resp, cookie_name ):
- resp.expireCookie( cookie_name, path='/')
+ resp.expireCookie( cookie_name, path=self.getCookiePath())
security.declarePrivate('modifyRequest')
def modifyRequest(self, req, resp):
@@ -196,11 +213,13 @@
if req.get(self.persist_cookie, 0):
# Persist the user name (but not the pw or session)
expires = (DateTime() + 365).toZone('GMT').rfc822()
- resp.setCookie(self.name_cookie, name, path='/',
+ resp.setCookie(self.name_cookie, name,
+ path=self.getCookiePath(),
expires=expires)
else:
# Expire the user name
- resp.expireCookie(self.name_cookie, path='/')
+ resp.expireCookie(self.name_cookie,
+ path=self.getCookiePath())
method = self.getCookieMethod( 'setAuthCookie'
, self.defaultSetAuthCookie )
method( resp, self.auth_cookie, quote( ac ) )
@@ -224,7 +243,8 @@
if attempt == ATTEMPT_DISABLED:
return
if not req.get('disable_cookie_login__', 0):
- if attempt == ATTEMPT_LOGIN or attempt == ATTEMPT_NONE:
+ if (self.redir_always or
+ attempt == ATTEMPT_LOGIN or attempt == ATTEMPT_NONE):
# Modify the "unauthorized" response.
req._hold(ResponseCleanup(resp))
resp.unauthorized = self.unauthorized