[Checkins] SVN: PluggableAuthService/trunk/ Modify CookieAuthHelper to prefer __ac form variables to the cookie when extracting credentials, just like CookieCrumbler

Wichert Akkerman wichert at wiggy.net
Sat May 27 17:41:05 EDT 2006 

Log message for revision 68309:
  Modify CookieAuthHelper to prefer __ac form variables to the cookie when extracting credentials, just like CookieCrumbler

Changed:
  U   PluggableAuthService/trunk/doc/CHANGES.txt
  U   PluggableAuthService/trunk/plugins/CookieAuthHelper.py

-=-
Modified: PluggableAuthService/trunk/doc/CHANGES.txt
===================================================================
--- PluggableAuthService/trunk/doc/CHANGES.txt	2006-05-27 15:39:24 UTC (rev 68308)
+++ PluggableAuthService/trunk/doc/CHANGES.txt	2006-05-27 21:41:04 UTC (rev 68309)
@@ -1,5 +1,12 @@
 PluggableAuthService changelog
 
+  PluggableAuthService (unreleased)
+
+     - Modify CookieAuthHelper to prefer __ac form variables to the cookie
+       when extracting credentials.
+       (https://dev.plone.org/plone/ticket/5355)
+
+
   PluggableAuthService 1.2 (2006/05/14)
 
     Bugs Fixed

Modified: PluggableAuthService/trunk/plugins/CookieAuthHelper.py
===================================================================
--- PluggableAuthService/trunk/plugins/CookieAuthHelper.py	2006-05-27 15:39:24 UTC (rev 68308)
+++ PluggableAuthService/trunk/plugins/CookieAuthHelper.py	2006-05-27 21:41:04 UTC (rev 68309)
@@ -108,14 +108,9 @@
         """ Extract credentials from cookie or 'request'. """
         creds = {}
         cookie = request.get(self.cookie_name, '')
+        login = request.get('__ac_name', '')
 
-        if cookie:
-            cookie_val = decodestring(unquote(cookie))
-            login, password = cookie_val.split(':')
-
-            creds['login'] = login
-            creds['password'] = password
-        else:
+        if login:
             # Look in the request for the names coming from the login form
             login = request.get('__ac_name', '')
             password = request.get('__ac_password', '')
@@ -123,7 +118,13 @@
             if login:
                 creds['login'] = login
                 creds['password'] = password
+        elif cookie:
+            cookie_val = decodestring(unquote(cookie))
+            login, password = cookie_val.split(':')
 
+            creds['login'] = login
+            creds['password'] = password
+
         if creds:
             creds['remote_host'] = request.get('REMOTE_HOST', '')

More information about the Checkins mailing list