[Checkins] SVN: Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/ - removed 'retry' and 'disable_cookie_login__' parameters
Yvo Schubbe
y.2010 at wcm-solutions.de
Mon Jun 14 13:28:49 EDT 2010
Log message for revision 113458:
- removed 'retry' and 'disable_cookie_login__' parameters
Changed:
U Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py
U Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py
-=-
Modified: Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py
===================================================================
--- Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py 2010-06-14 17:28:29 UTC (rev 113457)
+++ Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/CookieCrumbler.py 2010-06-14 17:28:48 UTC (rev 113458)
@@ -93,7 +93,7 @@
auth_cookie = '__ac'
name_cookie = '__ac_name'
- pw_cookie = '__ac_password'
+ pw_cookie = '__ac_password' # not used as cookie, just as request key
persist_cookie = '__ac_persistent'
local_cookie_path = False
cache_header_value = 'private'
@@ -246,8 +246,6 @@
attempt = self.modifyRequest(req, resp)
except CookieCrumblerDisabled:
return
- if req.get('disable_cookie_login__', 0):
- return
if attempt != ATTEMPT_NONE:
# Trying to log in or resume a session
Modified: Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py
===================================================================
--- Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py 2010-06-14 17:28:29 UTC (rev 113457)
+++ Products.CMFCore/branches/cookiecrumbler_with_views/Products/CMFCore/tests/test_CookieCrumbler.py 2010-06-14 17:28:48 UTC (rev 113458)
@@ -206,31 +206,6 @@
self.assertEqual(
req.response.headers.get('cache-control', ''), '')
- def testDisableLoginDoesNotPreventPasswordShredding(self):
- # Even if disable_cookie_login__ is set, read the cookies
- # anyway to avoid revealing the password to the app.
- # (disable_cookie_login__ does not mean disable cookie
- # authentication, it only means disable the automatic redirect
- # to the login page.)
- root, cc, req, credentials = self._makeSite()
- req.cookies['__ac_name'] = 'abraham'
- req.cookies['__ac_password'] = 'pass-w'
- req['disable_cookie_login__'] = 1
- req.traverse('/')
- self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
- 'abraham')
- # Here is the real test: the password should have been shredded.
- self.failIf( req.has_key('__ac_password'))
-
- def testDisableLoginDoesNotPreventPasswordShredding2(self):
- root, cc, req, credentials = self._makeSite()
- req.cookies['__ac'] = credentials
- req['disable_cookie_login__'] = 1
- req.traverse('/')
- self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
- 'abraham')
- self.failIf( req.has_key('__ac'))
-
def testLoginRatherThanResume(self):
# When the user presents both a session resume and new
# credentials, choose the new credentials (so that it's
More information about the checkins
mailing list