diff options
| author | Chris McDonough <chrism@plope.com> | 2013-07-17 03:37:30 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2013-07-17 03:37:30 -0400 |
| commit | e60fcf5d6912d8f3788f2ac1c0bc0ac1f646b62d (patch) | |
| tree | cdcaea33aae06bcbce8cba5ffa35d34f3f4f60fd | |
| parent | df3cd8dd94d8529e211d3319bb10a3ced1b3990b (diff) | |
| parent | 188aa7ee1d4cbc55d965a452d45201852b46df58 (diff) | |
| download | pyramid-e60fcf5d6912d8f3788f2ac1c0bc0ac1f646b62d.tar.gz pyramid-e60fcf5d6912d8f3788f2ac1c0bc0ac1f646b62d.tar.bz2 pyramid-e60fcf5d6912d8f3788f2ac1c0bc0ac1f646b62d.zip | |
Merge branch 'auth-parent-domain' of github.com:wichert/pyramid into wichert-auth-parent-domain
| -rw-r--r-- | CHANGES.txt | 4 | ||||
| -rw-r--r-- | pyramid/authentication.py | 40 | ||||
| -rw-r--r-- | pyramid/tests/test_authentication.py | 24 |
3 files changed, 58 insertions, 10 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 0dff0f047..2d8cf9ef4 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -21,6 +21,10 @@ Features ``pyramid.config.Configurator.add_static_view``. This allows externally-hosted static URLs to be generated based on the current protocol. +- The ``AuthTktAuthenticationPolicy`` has a new ``parent_domain`` option to + set the authentication cookie as a wildcard cookie on the parent domain. This + is useful if you have multiple sites sharing the same domain. + - The ``AuthTktAuthenticationPolicy`` now supports IPv6 addresses when using the ``include_ip=True`` option. This is possibly incompatible with alternative ``auth_tkt`` implementations, as the specification does not diff --git a/pyramid/authentication.py b/pyramid/authentication.py index bc0286ed3..c1aa970bd 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -511,9 +511,23 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): ``wild_domain`` Default: ``True``. An auth_tkt cookie will be generated for the - wildcard domain. + wildcard domain. If your site is hosted as ``example.com`` this + will make the cookie available for sites underneath ``example.com`` + such as ``www.example.com``. Optional. + ``parent_domain`` + + Default: ``False``. An auth_tkt cookie will be generated for the + parent domain of the current site. For example if your site is + hosted under ``www.example.com`` a cookie will be generated for + ``.example.com``. This can be useful if you have multiple sites + sharing the same domain. This option supercedes the ``wild_domain`` + option. + Optional. + + This option is available as of :app:`Pyramid` 1.5. + ``hashalg`` Default: ``md5`` (the literal string). @@ -565,7 +579,8 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): http_only=False, wild_domain=True, debug=False, - hashalg=_marker + hashalg=_marker, + parent_domain=False, ): if hashalg is _marker: hashalg = 'md5' @@ -603,6 +618,7 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): path=path, wild_domain=wild_domain, hashalg=hashalg, + parent_domain=parent_domain, ) self.callback = callback self.debug = debug @@ -800,7 +816,7 @@ class AuthTktCookieHelper(object): def __init__(self, secret, cookie_name='auth_tkt', secure=False, include_ip=False, timeout=None, reissue_time=None, max_age=None, http_only=False, path="/", wild_domain=True, - hashalg='md5'): + hashalg='md5', parent_domain=False): self.secret = secret self.cookie_name = cookie_name self.include_ip = include_ip @@ -811,6 +827,7 @@ class AuthTktCookieHelper(object): self.http_only = http_only self.path = path self.wild_domain = wild_domain + self.parent_domain = parent_domain self.hashalg = hashalg static_flags = [] @@ -850,16 +867,19 @@ class AuthTktCookieHelper(object): cookies = [ ('Set-Cookie', '%s="%s"; Path=%s%s%s' % ( - self.cookie_name, value, self.path, max_age, self.static_flags)), - ('Set-Cookie', '%s="%s"; Path=%s; Domain=%s%s%s' % ( - self.cookie_name, value, self.path, cur_domain, max_age, - self.static_flags)), + self.cookie_name, value, self.path, max_age, self.static_flags)) ] - if self.wild_domain: - wild_domain = '.' + cur_domain + domains = [] + if self.parent_domain and cur_domain.count('.') > 1: + domains.append('.' + cur_domain.split('.', 1)[1]) + else: + domains.append(cur_domain) + if self.wild_domain: + domains.append('.' + cur_domain) + for domain in domains: cookies.append(('Set-Cookie', '%s="%s"; Path=%s; Domain=%s%s%s' % ( - self.cookie_name, value, self.path, wild_domain, max_age, + self.cookie_name, value, self.path, domain, max_age, self.static_flags))) return cookies diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py index cfabf9a9d..960a87a6a 100644 --- a/pyramid/tests/test_authentication.py +++ b/pyramid/tests/test_authentication.py @@ -947,6 +947,30 @@ class TestAuthTktCookieHelper(unittest.TestCase): self.assertTrue(result[1][1].endswith('; Path=/; Domain=localhost')) self.assertTrue(result[1][1].startswith('auth_tkt=')) + def test_remember_parent_domain(self): + helper = self._makeOne('secret', parent_domain=True) + request = self._makeRequest() + request.environ['HTTP_HOST'] = 'www.example.com' + result = helper.remember(request, 'other') + self.assertEqual(len(result), 2) + + self.assertEqual(result[0][0], 'Set-Cookie') + self.assertTrue(result[0][1].endswith('; Path=/')) + self.assertTrue(result[0][1].startswith('auth_tkt=')) + + self.assertEqual(result[1][0], 'Set-Cookie') + self.assertTrue(result[1][1].endswith('; Path=/; Domain=.example.com')) + self.assertTrue(result[1][1].startswith('auth_tkt=')) + + def test_remember_parent_domain_supercedes_wild_domain(self): + helper = self._makeOne('secret', parent_domain=True, wild_domain=True) + request = self._makeRequest() + request.environ['HTTP_HOST'] = 'www.example.com' + result = helper.remember(request, 'other') + self.assertEqual(len(result), 2) + self.assertTrue(result[0][1].endswith('; Path=/')) + self.assertTrue(result[1][1].endswith('; Path=/; Domain=.example.com')) + def test_remember_domain_has_port(self): helper = self._makeOne('secret', wild_domain=False) request = self._makeRequest() |