Changeset 145

Timestamp:

02/25/08 00:16:15

Author:

thejimmyg

Message:

Fixed bug reported by Sam Gentle where remote addr is obtained from X_FORWARDED_FOR after multiple proxies.

Files:

• AuthKit/trunk/CHANGELOG.txt (modified) (1 diff)
• AuthKit/trunk/authkit/authenticate/cookie.py (modified) (2 diffs)

AuthKit/trunk/CHANGELOG.txt

@@ -4 +4 @@
-0.4.1 (**svn**)
-
+* Fixed bug reported by Sam Gentle where remote addr is obtained from 
+  X_FORWARDED_FOR after multiple proxies.
-* AuthKit form authentication now picks up HTTP_X_FORWARDED_HOST and
-  HTTP_X_FORWARDED_PORT when generating an action. This allows you to run

AuthKit/trunk/authkit/authenticate/cookie.py

@@ -314 +314 @@
-        remote_addr = environ.get('HTTP_X_FORWARDED_FOR', 
-                                  environ.get('REMOTE_ADDR','0.0.0.0'))
+        remote_addr = remote_addr.split(',')[0]
-        log.debug("Remote addr %r, value %r, include_ip %r", remote_addr, 
-                  cookie_value, self.include_ip)
@@ -407 +408 @@
-            # @@@ should this use environ.get('REMOTE_ADDR','0.0.0.0')?
-            remote_addr = environ.get('HTTP_X_FORWARDED_FOR', environ['REMOTE_ADDR'])
+            remote_addr = remote_addr.split(',')[0]
-        else:
-            remote_addr = '0.0.0.0'