[Zope] Lost user credentials
Dennis Allison
allison at shasta.stanford.edu
Mon Mar 12 14:29:49 EDT 2007
I did not catch the original post and so don't know any of the details,
but it sounds like a problem with the logging system, not a loss of
credentials. We had long ago and resolved with the list's help. This
patch is still in use with Zope 2.9.X.
You need to patch ../lib/python/ZServer/medusa/http_server.py
--- ./v0.0/http_server.py 2004-12-25 22:39:31.000000000 -0800
+++ ./v0.1/http_server.py 2004-12-25 22:39:31.000000000 -0800
@@ -36,6 +36,9 @@
from counter import counter
from urllib import unquote
+# Paul's Patch (a shameful thing) to make names register properly
+from ZPublisher.HTTPRequest import parse_cookie
+
#
===========================================================================
# Request Object
#
===========================================================================
@@ -277,6 +280,7 @@
auth=self.get_header('Authorization')
name='Anonymous'
+
if auth is not None:
if string.lower(auth[:6]) == 'basic ':
try: decoded=base64.decodestring(auth[6:])
@@ -286,10 +290,35 @@
name = 'Unknown (bad auth string)'
else:
name = t[0]
+ else:
+ # start of patch
+ try:
+ auth_cookie_name='__ac'
+ cookie= None
+ try:
+ cookies = {}
+ header_value = self.get_header("Cookie")
+ if header_value:
+ parse_cookie(header_value, cookies)
+ cookie = cookies.get(auth_cookie_name, None)
+ except:
+ name = 'Anonymous'
+
+ if cookie is not None:
+ cookie = unquote(cookie)
+ try:
+ cookie = base64.decodestring(cookie)
+ name, password = tuple( cookie.split(':',1))
+ except: name= "Unknown (bad auth cookie)"
+ except:
+ name = "Failure!"
+ # end of patch
+ # log the host domain too
self.channel.server.logger.log (
self.channel.addr[0],
- '- %s [%s] "%s" %d %d "%s" "%s"\n' % (
+ '%s %s [%s] "%s" %d %d "%s" "%s"\n' % (
+ self.get_header('Host'),
name,
self.log_date_string (time.time()),
self.request,
Hope this helps.
On Mon, 12 Mar 2007, Garito wrote:
> Could any charitable soul take pity on this poor sinner, please...?
>
> 2007/3/12, Garito <garito at gmail.com>:
> >
> > Hi Andreas!
> > What kind of information do you need?
> > On my last messages to the list I send the tracebacks and some other
> > information (need to resend them?)
> >
> > Could you point me what details do you need?
> >
> > Thank you so much for you interest!
> >
> > 2007/3/12, Andreas Jung <lists at zopyx.com>:
> > >
> > >
> > >
> > > --On 12. März 2007 04:04:31 +0100 Garito <garito at gmail.com> wrote:
> > >
> > > > Hi all!
> > > > Some days ago I send to the list a question about a problem losting
> > > user
> > > > credentials
> > > >
> > > > In my code I don't use nothing about security and nothing is changed
> > > on
> > > > zmi's security tab
> > > >
> > > > But when I launch a method (Borrar if you remember) the user who
> > > launches
> > > > the action is anonymous not the logged one
> > >
> > > Somewhat hard to believe without a detailed description....
> > >
> > > -aj
> > >
> >
> >
> >
> > --
> > Mis Cosas: http://blogs.sistes.net/Garito
> >
>
>
>
>
--
More information about the Zope
mailing list