From 77ded4452550e35a469e33bc336653f1d9deefc1 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Wed, 12 Jan 2011 03:29:16 -0600 Subject: Updated AuthTkt policy to support turning off wildcard domain cookies. --- pyramid/authentication.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/pyramid/authentication.py b/pyramid/authentication.py index 9de306b80..0a792edc9 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -256,6 +256,7 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): max_age=None, path="/", http_only=False, + wild_domain=True, ): self.cookie = AuthTktCookieHelper( secret, @@ -267,6 +268,7 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): max_age=max_age, http_only=http_only, path=path, + wild_domain=wild_domain, ) self.callback = callback @@ -316,7 +318,7 @@ class AuthTktCookieHelper(object): def __init__(self, secret, cookie_name='auth_tkt', secure=False, include_ip=False, timeout=None, reissue_time=None, - max_age=None, http_only=False, path="/"): + max_age=None, http_only=False, path="/", wild_domain=True): self.secret = secret self.cookie_name = cookie_name self.include_ip = include_ip @@ -329,6 +331,7 @@ class AuthTktCookieHelper(object): self.max_age = max_age self.http_only = http_only self.path = path + self.wild_domain = wild_domain static_flags = [] if self.secure: @@ -352,7 +355,6 @@ class AuthTktCookieHelper(object): max_age = '' cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME')) - wild_domain = '.' + cur_domain cookies = [ ('Set-Cookie', '%s="%s"; Path=%s%s%s' % ( @@ -360,11 +362,14 @@ class AuthTktCookieHelper(object): ('Set-Cookie', '%s="%s"; Path=%s; Domain=%s%s%s' % ( self.cookie_name, value, self.path, cur_domain, max_age, self.static_flags)), - ('Set-Cookie', '%s="%s"; Path=%s; Domain=%s%s%s' % ( - self.cookie_name, value, self.path, wild_domain, max_age, - self.static_flags)) ] + if self.wild_domain: + wild_domain = '.' + cur_domain + cookies.append(('Set-Cookie', '%s="%s"; Path=%s; Domain=%s%s%s' % ( + self.cookie_name, value, self.path, wild_domain, max_age, + self.static_flags))) + return cookies def identify(self, request): -- cgit v1.2.3 From 3dc86f8b8e768c74c906e07ad2222ac6cd6a8027 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Wed, 12 Jan 2011 04:00:14 -0600 Subject: Added documentation and unit tests for wild_domain in AuthTkt. --- pyramid/authentication.py | 6 ++++++ pyramid/tests/test_authentication.py | 14 ++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/pyramid/authentication.py b/pyramid/authentication.py index 0a792edc9..d454e7f1d 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -243,6 +243,12 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): Default: ``False``. Hide cookie from JavaScript by setting the HttpOnly flag. Not honored by all browsers. Optional. + + ``wild_domain`` + + Default: ``True``. An auth_tkt cookie will be generated for the + wildcard domain. + Optional. """ implements(IAuthenticationPolicy) def __init__(self, diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py index 49d655466..d17966dd0 100644 --- a/pyramid/tests/test_authentication.py +++ b/pyramid/tests/test_authentication.py @@ -548,6 +548,20 @@ class TestAuthTktCookieHelper(unittest.TestCase): self.failUnless('; Secure' in result[2][1]) self.failUnless(result[2][1].startswith('auth_tkt=')) + def test_remember_wild_domain_disabled(self): + plugin = self._makeOne('secret', wild_domain=False) + request = self._makeRequest() + result = plugin.remember(request, 'other') + self.assertEqual(len(result), 2) + + self.assertEqual(result[0][0], 'Set-Cookie') + self.assertTrue(result[0][1].endswith('; Path=/')) + self.failUnless(result[0][1].startswith('auth_tkt=')) + + self.assertEqual(result[1][0], 'Set-Cookie') + self.assertTrue(result[1][1].endswith('; Path=/; Domain=localhost')) + self.failUnless(result[1][1].startswith('auth_tkt=')) + def test_remember_string_userid(self): plugin = self._makeOne('secret') request = self._makeRequest() -- cgit v1.2.3