Changeset 170

Timestamp:

11/19/08 12:34:09

Author:

thejimmyg

Message:

Added bad cookie support to fix #65 and twaked render function functionality in forms to accept an environ and state argument

Files:

• AuthKit/trunk/CHANGELOG.txt (modified) (1 diff)
• AuthKit/trunk/authkit/authenticate/cookie.py (modified) (9 diffs)
• AuthKit/trunk/authkit/authenticate/form.py (modified) (2 diffs)

AuthKit/trunk/CHANGELOG.txt

@@ -4 +4 @@
-0.4.3
-
+* Added the ability to pass the environ dictionary to render() functions
+* Added bad cookie customisation options to fix #65 but also to allow
+  bad cookie template customisation. See the docstring of the 
+  authkit.authenticate.cookie module.
-* Added a new algorithm based on ideas from #61 to guess the correct action
-  for the form produced by the form middleware but also added support for

AuthKit/trunk/authkit/authenticate/cookie.py

@@ -73 +73 @@
-    design your application accordingly. In particular you should definietly
-    not store passwords as user data.
+
+
+Bad Cookie Support
+==================
+
+If a cookie has expired or because there is an error parsing the ticket, it 
+is known as a bad cookie. By default, a simple HTML page is displayed with
+the title "Bad Cookie" and a brief message. The headers sent with this page 
+remove the cookie.
+
+You may want to disable this functionality and let your application handle
+the error condition. You can do so with this option::
+
+    authkit.cookie.badcookie.page = false
+
+When a bad cookie is found the variable ``authkit.cookie.error`` is set in
+the environment with a value ``True``. If the error was due to cookie
+expiration the value ``authkit.cookie.timeout`` is also set to ``True``. It
+is then up to your application to set an appropriate cookie or restrict 
+access to resources. AuthKit will also remove any ``REMOTE_USER`` present. 
+
+Rather than handling the bad cookie in your application you may just want 
+to change the template used by AuthKit. You do so like this::
+
+    authkit.cookie.badcookie.page = false
+    authkit.cookie.badcookie.template.string = <html>Bad Cookie</html>
+
+You can use any of the template options you use to customise a form so
+you can also specify a function to render the template::
+
+    authkit.cookie.badcookie.page = false
+    authkit.cookie.badcookie.template.obj = mymodule.auth:render_badcookie
+
+The render function can also take optional ``environ`` and ``state`` 
+arguments which are passed in by AuthKit if the function takes them as named
+arguments.
+
+One thing to be aware of when using this functionality is that because the
+render function gets called as the request is first passed along the middleware
+chain, many of the tools your application relies on are not yet set up so 
+you may not be able to use all the tools you usually do. This is unlike
+thr forms situation where the form render function is called on the response
+after all your usual application infrastructure is in place.
+
-"""
-
@@ -83 +127 @@
-import md5
-import os
+import inspect
+import types
-import time
-import logging
-from paste.deploy.converters import asbool
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-#
@@ -278 +337 @@
-        ticket_class=AuthKitTicket, 
-        nouserincookie=False,
-
+
+
+
-    ):
-        log.debug("Setting up the cookie middleware")
@@ -300 +361 @@
-        self.nouserincookie = nouserincookie
-        self.session_middleware = session_middleware
+        self.badcookiepage=badcookiepage
+        if self.badcookiepage and not badcookietemplate:
+            raise AuthKitConfigError(
+                "No badcookiepage.template option was specified for the cookie middleware"
+            )
+        self.badcookietemplate = badcookietemplate
-
-    def __call__(self, environ, start_response):
@@ -325 +392 @@
-                # checked:
-                remote_addr = '0.0.0.0'
-            # @@: This should handle bad signatures better:
-            # Also, timeouts should cause cookie refresh
-            
-            #
-            # Start changes from the default
-            #
-            def bad_ticket_app(environ, start_response, msg=None):
-                # Remove the session username
-                if self.nouserincookie:
-                    environ[self.session_middleware]['authkit.cookie.user'] = None
-                    del environ[self.session_middleware]['authkit.cookie.user']
-                    environ[self.session_middleware].save()
-
-                headers = self.logout_user_cookie(environ)
-                headers.append(('Content-type','text/plain'))
-                start_response('200 OK', headers)
-                if not msg:
-                    msg = 'Bad cookie, you have been signed out.\n If this'
-                    msg += 'problem persists please clear your browser\'s '
-                    msg += 'cookies.'
-                return [msg]
-            try:
-                log.debug("Parsing ticket secret %r, cookie value %r, "
@@ -354 +400 @@
-            except BadTicket, e:
-                if e.expected:
-debu
+warnin
-                else:
-debu
-return bad_ticket_app(environ, start_response)
+warnin
+environ['authkit.cookie.error'] = True
-            else:
-                now = time.time()
@@ -366 +412 @@
-                if self.cookie_enforce and now - timestamp > \
-                   float(self.cookie_params['expires']) + 1:
- return bad_ticket_app(environ, start_response, 
-                       msg="Cookie expired.")
+environ['authkit.cookie.error'] = True
+environ['authkit.cookie.timeout'] = True
-                else:
-                    environ['paste.auth_tkt.timestamp'] = timestamp
-            # End changes from the default
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-        set_cookies = []
-        
@@ -388 +461 @@
-        environ['paste.auth_tkt.set_user'] = set_user
-        environ['paste.auth_tkt.logout_user'] = logout_user
-
+
+
-            logout_user()
-        
@@ -459 +533 @@
-    prefix='authkit.cookie.'
-):
+
+    badcookie_conf = strip_base(auth_conf, 'badcookie.')
+    template_conf = strip_base(badcookie_conf, 'template.')
+    if template_conf:
+        template_ = get_template(template_conf, prefix=prefix+'badcookiepage.template.')
+    else:
+        template_ = template
-    user_setter_params = {
-        'params':  strip_base(auth_conf, 'params.'),
-        'ticket_class':AuthKitTicket,
+        'badcookiepage': asbool(badcookie_conf.get('page', True)),
+        'badcookietemplate': template_,
-    }
-    for k,v in auth_conf.items():
-k.startswith('params.'
+(k.startswith('params.') or k.startswith('badcookie.')
-            user_setter_params[k] = v
-    if not user_setter_params.has_key('secret'):

AuthKit/trunk/authkit/authenticate/form.py

@@ -25 +25 @@
-from authkit.authenticate.multi import MultiHandler, status_checker
-
+import inspect
-import logging
-import urllib
@@ -97 +98 @@
-        action = self.action or construct_url(environ)
-        log.debug("Form action is: %s", action)
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-        if self.charset is not None:
-            content = content.encode(self.charset)