[Zope-dev] zope.pluggableauth and "camefrom" information in login form not an absolute URL
Jan-Wijbrand Kolman
janwijbrand at gmail.com
Mon Feb 7 04:42:33 EST 2011
Hi,
The SessionCredentialsPlugin will redirect to a login form whenever a
user needs to be authenticated. The URL to this login form will have a
"camefrom" query string, where the "camefrom" is the path-information to
the originally requested view.
When the credentials provided by the user are correct, the login form
will use the camefrom information to redirect back to that original view.
Ideally (a.k.a. according to the HTTP spec.), the camefrom should be an
absolute URL, not just a path like the SessionCredentialsPlugin now does.
I'd like to fix and release zope.pluggableauth with the following patch
applied - unless of course there's compelling reasons not to do this:
--- trunk/src/zope/pluggableauth/plugins/session.py 2011-02-07
10:33:25.643791415 +0100
+++
branches/janjaapdriessen-camefrom-fix/src/zope/pluggableauth/plugins/session.py
2011-02-07 10:40:12.301790203 +0100
@@ -308,7 +308,7 @@
# Better to add the query string, if present
query = request.get('QUERY_STRING')
- camefrom = '/'.join([request.getURL(path_only=True)] + stack)
+ camefrom = '/'.join([request.getURL()] + stack)
if query:
camefrom = camefrom + '?' + query
url = '%s/@@%s?%s' % (absoluteURL(site, request),
regards, jw
More information about the Zope-Dev
mailing list