[Checkins]
SVN: PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/
- CookieAuthHelper:
Andrew Sawyers
andrew at sawdog.com
Fri Oct 20 16:59:05 EDT 2006
Log message for revision 70855:
- CookieAuthHelper:
Removed silly logic in letting the login form values override cookie values if a cookie exists at 'relogin' time.
- there's no reason for the silliness that was there.
- DelegatingMultiPlugin:
Fixed case where password checks against the delegated user folder would only work if the user folder was storing
passwords in the clear.
Fixed serious bug where if the PAS was a root user folder, AND the name trying to authenticate was the same as the emergency users' name - you'd get through, regardless of whether or not passwords matched. BAD BAD BAD
Changed:
U PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/CookieAuthHelper.py
U PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/DelegatingMultiPlugin.py
-=-
Modified: PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/CookieAuthHelper.py
===================================================================
--- PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/CookieAuthHelper.py 2006-10-20 20:58:27 UTC (rev 70854)
+++ PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/CookieAuthHelper.py 2006-10-20 20:59:04 UTC (rev 70855)
@@ -108,16 +108,13 @@
""" Extract credentials from cookie or 'request'. """
creds = {}
cookie = request.get(self.cookie_name, '')
- login = request.get('__ac_name', '')
+ # Look in the request.form for the names coming from the login form
+ login = request.form.get('__ac_name', '')
if login:
- # Look in the request for the names coming from the login form
- login = request.get('__ac_name', '')
- password = request.get('__ac_password', '')
+ creds['login'] = login
+ creds['password'] = request.form.get('__ac_password', '')
- if login:
- creds['login'] = login
- creds['password'] = password
elif cookie and cookie != 'deleted':
cookie_val = decodestring(unquote(cookie))
login, password = cookie_val.split(':')
@@ -181,7 +178,7 @@
url = self.getLoginURL()
if url is not None:
came_from = req.get('came_from', None)
-
+
if came_from is None:
came_from = req.get('URL', '')
query = req.get('QUERY_STRING')
@@ -202,7 +199,7 @@
# the only sane thing to do is to give up because we are
# in an endless redirect loop.
return 0
-
+
url = url + '?came_from=%s' % quote(came_from)
resp.redirect(url, lock=1)
return 1
Modified: PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/DelegatingMultiPlugin.py
===================================================================
--- PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/DelegatingMultiPlugin.py 2006-10-20 20:58:27 UTC (rev 70854)
+++ PluggableAuthService/tags/1.4_with_ZODBRoleManager-fix/plugins/DelegatingMultiPlugin.py 2006-10-20 20:59:04 UTC (rev 70855)
@@ -29,6 +29,7 @@
from Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from AccessControl.SpecialUsers import emergency_user
+from AccessControl import AuthEncoding
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.interfaces.plugins import \
@@ -122,15 +123,19 @@
if not acl or not login or not password:
return (None, None)
- if login == emergency_user.getUserName():
+ if login == emergency_user.getUserName() and \
+ AuthEncoding.pw_validate(emergency_user._getPassword(), password):
return ( login, login )
user = acl.getUser(login)
+
if user is None:
return (None, None)
- elif user and user._getPassword() == password:
+
+ elif user and AuthEncoding.pw_validate(user._getPassword(),
+ password):
return ( user.getId(), login )
-
+
return (None, None)
More information about the Checkins
mailing list