[Checkins] SVN: Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/ - removed 'retry' and 'disable_cookie_login__' parameters

[Yvo Schubbe]

Log message for revision 113458:
  - removed 'retry' and 'disable_cookie_login__' parameters

Changed:
  U   Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py
  U   Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py

-=-
Modified: Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py
===================================================================
--- Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py	2010-06-14 17:28:29 UTC (rev 113457)
+++ Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py	2010-06-14 17:28:48 UTC (rev 113458)
@@ -93,7 +93,7 @@
 
     auth_cookie = '__ac'
     name_cookie = '__ac_name'
-    pw_cookie = '__ac_password'
+    pw_cookie = '__ac_password' # not used as cookie, just as request key
     persist_cookie = '__ac_persistent'
     local_cookie_path = False
     cache_header_value = 'private'
@@ -246,8 +246,6 @@
             attempt = self.modifyRequest(req, resp)
         except CookieCrumblerDisabled:
             return
-        if req.get('disable_cookie_login__', 0):
-            return
 
         if attempt != ATTEMPT_NONE:
             # Trying to log in or resume a session

Modified: Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py
===================================================================
--- Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py	2010-06-14 17:28:29 UTC (rev 113457)
+++ Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py	2010-06-14 17:28:48 UTC (rev 113458)
@@ -206,31 +206,6 @@
         self.assertEqual(
             req.response.headers.get('cache-control', ''), '')
 
-    def testDisableLoginDoesNotPreventPasswordShredding(self):
-        # Even if disable_cookie_login__ is set, read the cookies
-        # anyway to avoid revealing the password to the app.
-        # (disable_cookie_login__ does not mean disable cookie
-        # authentication, it only means disable the automatic redirect
-        # to the login page.)
-        root, cc, req, credentials = self._makeSite()
-        req.cookies['__ac_name'] = 'abraham'
-        req.cookies['__ac_password'] = 'pass-w'
-        req['disable_cookie_login__'] = 1
-        req.traverse('/')
-        self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
-                         'abraham')
-        # Here is the real test: the password should have been shredded.
-        self.failIf( req.has_key('__ac_password'))
-
-    def testDisableLoginDoesNotPreventPasswordShredding2(self):
-        root, cc, req, credentials = self._makeSite()
-        req.cookies['__ac'] = credentials
-        req['disable_cookie_login__'] = 1
-        req.traverse('/')
-        self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
-                         'abraham')
-        self.failIf( req.has_key('__ac'))
-
     def testLoginRatherThanResume(self):
         # When the user presents both a session resume and new
         # credentials, choose the new credentials (so that it's