summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES.txt8
-rw-r--r--repoze/bfg/authentication.py6
-rw-r--r--repoze/bfg/tests/test_authentication.py8
3 files changed, 20 insertions, 2 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index bc1a5d039..9daf23b0d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -12,6 +12,14 @@ Features
registration of "settings" values obtained via
``repoze.bfg.settings.get_settings()`` for use in unit tests.
+Bug Fixes
+---------
+
+- Re-issue authentication ticket if the cookie has expired when using
+ ``repoze.bfg.security.remember`` when the
+ ``authtktauthenticationpolicy`` authentication policy is in effect.
+ (Patch from Andreas Zeidler).
+
Documentation
-------------
diff --git a/repoze/bfg/authentication.py b/repoze/bfg/authentication.py
index 5bd3e9c4b..144e1bf39 100644
--- a/repoze/bfg/authentication.py
+++ b/repoze/bfg/authentication.py
@@ -352,8 +352,10 @@ class AuthTktCookieHelper(object):
(timestamp,old_userid,old_tokens,
old_userdata) = auth_tkt.parse_ticket(
self.secret, old_cookie_value, remote_addr)
+ now = time.time()
+ expired = self.timeout and ((timestamp + self.timeout) < now)
except auth_tkt.BadTicket:
- pass
+ expired = False
encoding_data = self.userid_type_encoders.get(type(userid))
if encoding_data:
@@ -368,7 +370,7 @@ class AuthTktCookieHelper(object):
old_data = (old_userid, old_tokens, old_userdata)
new_data = (userid, tokens, userdata)
- if old_data != new_data:
+ if old_data != new_data or expired:
ticket = auth_tkt.AuthTicket(
self.secret,
userid,
diff --git a/repoze/bfg/tests/test_authentication.py b/repoze/bfg/tests/test_authentication.py
index 12ecb6b16..9420df1a1 100644
--- a/repoze/bfg/tests/test_authentication.py
+++ b/repoze/bfg/tests/test_authentication.py
@@ -528,6 +528,14 @@ class TestAuthTktCookieHelper(unittest.TestCase):
value)
self.failUnless('; Expires=' in value)
+ def test_remember_reissue_expired_cookie(self):
+ import time
+ plugin = self._makeOne('secret', timeout=2, reissue_time=1)
+ old_val = self._makeTicket(userid='userid', time=time.time()-3)
+ request = self._makeRequest({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
+ result = plugin.remember(request, 'userid', userdata='userdata')
+ self.failIf(result is None, 'not re-issued?')
+
def test_forget(self):
plugin = self._makeOne('secret')
request = self._makeRequest()
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-25 09:28:07 +0000