[Checkins] SVN: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/ - removed 'retry' and 'disable_cookie_login__' parameters
Yvo Schubbe
y.2010 at wcm-solutions.de
Mon Jun 14 13:28:29 EDT 2010
Log message for revision 113457:
- removed 'retry' and 'disable_cookie_login__' parameters
Changed:
U Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py
U Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt
-=-
Modified: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py
===================================================================
--- Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py 2010-06-14 16:04:13 UTC (rev 113456)
+++ Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py 2010-06-14 17:28:29 UTC (rev 113457)
@@ -65,19 +65,10 @@
except (AttributeError, ValueError):
# re-raise the unhandled exception
raise self.context
- req = self.request
- if req.get('disable_cookie_login__', 0):
- # re-raise the unhandled exception
- raise self.context
+ req = self.request
attempt = getattr(req, '_cookie_auth', ATTEMPT_NONE)
- if attempt == ATTEMPT_NONE:
- # An anonymous user was denied access to something.
- retry = ''
- elif attempt == ATTEMPT_LOGIN:
- # The login attempt failed. Try again.
- retry = '1'
- else:
+ if attempt not in (ATTEMPT_NONE, ATTEMPT_LOGIN):
# An authenticated user was denied access to something.
# XXX: hack context to get the right @@standard_macros/page
# why do we get the wrong without this hack?
@@ -94,8 +85,7 @@
if not query.startswith('?'):
query = '?' + query
came_from = came_from + query
- url = '%s?came_from=%s&retry=%s&disable_cookie_login__=1' % (
- target, quote(came_from), retry)
+ url = '%s?came_from=%s' % (target, quote(came_from))
raise Redirect(url)
Modified: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt
===================================================================
--- Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt 2010-06-14 16:04:13 UTC (rev 113456)
+++ Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt 2010-06-14 17:28:29 UTC (rev 113457)
@@ -29,7 +29,7 @@
>>> browser.contents
''
>>> browser.headers['Location']
- 'http://localhost/site/login_form?came_from=http%3A//localhost/site/reconfig_form&retry=&disable_cookie_login__=1'
+ 'http://localhost/site/login_form?came_from=http%3A//localhost/site/reconfig_form'
And it works if raised by BaseRequest.traverse (here caused by manage_main).
@@ -40,7 +40,7 @@
>>> browser.contents
''
>>> browser.headers['Location']
- 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main&retry=&disable_cookie_login__=1'
+ 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main'
Same redirect with a query string. The query string is preserved.
@@ -51,7 +51,7 @@
>>> browser.contents
''
>>> browser.headers['Location']
- 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main%3Fa%3Aint%3D1%26x%3Astring%3Dy&retry=&disable_cookie_login__=1'
+ 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main%3Fa%3Aint%3D1%26x%3Astring%3Dy'
>>> quote('manage_main?a:int=1&x:string=y') in browser.headers['Location']
True
@@ -65,17 +65,8 @@
>>> browser.contents
''
>>> browser.headers['Location']
- 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main&retry=1&disable_cookie_login__=1'
+ 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main'
-But requests with 'disable_cookie_login__=1' are not redirected.
-
- >>> browser.open('http://localhost/site/manage_main?disable_cookie_login__=1')
- Traceback (most recent call last):
- ...
- HTTPError: HTTP Error 401: Unauthorized
- >>> browser.contents
- '<strong>You are not authorized to access this resource.</strong>'
-
The view for zExceptions.Unauthorized shows a Forbidden error if logged in.
>>> browser.cookies['__ac'] = '%s' % mbr_credentials
More information about the checkins
mailing list