← Back to branch summary

~ubuntu-branches/ubuntu/precise/trac/precise

« back to all changes in this revision

Viewing changes to trac/web/auth.py

  • Committer: Bazaar Package Importer
  • Author(s): W. Martin Borgert
  • Date: 2009-09-15 21:43:38 UTC
  • mfrom: (1.1.15 upstream)
  • Revision ID: james.westby@ubuntu.com-20090915214338-q3ecy6qxwxfzf9y8
Tags: 0.11.5-2
http://bugs.debian.org/510441
http://bugs.debian.org/513117
http://bugs.debian.org/497862
http://bugs.debian.org/526142
* Set exec bit for *_frontends (Closes: #510441), thanks to Torsten
  Landschoff for the patch.
* Move python-psycopg2 and python-mysql from Suggests to Depends as
  alternative to python-psqlite2 (Closes: #513117).
* Use debhelper 7 (Closes: #497862).
* Don't compress *-hook files and don't install MS-Windows *.cmd
  files (Closes: #526142), thanks to Jan Dittberner for the patch.
* Add README.source to point to dpatch.

Show diffs side-by-side

added added

removed removed

Lines of Context:
trac/web/auth.py
1
1
# -*- coding: utf-8 -*-
2
2
#
3
 
# Copyright (C) 2003-2008 Edgewall Software
 
3
# Copyright (C) 2003-2009 Edgewall Software
4
4
# Copyright (C) 2003-2005 Jonas Borgström <jonas@edgewall.com>
5
5
# All rights reserved.
6
6
#
52
52
 
53
53
    implements(IAuthenticator, INavigationContributor, IRequestHandler)
54
54
 
55
 
    check_ip = BoolOption('trac', 'check_auth_ip', 'true',
 
55
    check_ip = BoolOption('trac', 'check_auth_ip', 'false',
56
56
         """Whether the IP address of the user should be checked for
57
57
         authentication (''since 0.9'').""")
58
58
 
144
144
        req.authname = remote_user
145
145
        req.outcookie['trac_auth'] = cookie
146
146
        req.outcookie['trac_auth']['path'] = req.base_path or '/'
 
147
        if self.env.secure_cookies:
 
148
            req.outcookie['trac_auth']['secure'] = True
147
149
 
148
150
    def _do_logout(self, req):
149
151
        """Log the user out.
175
177
        req.outcookie['trac_auth'] = ''
176
178
        req.outcookie['trac_auth']['path'] = req.base_path or '/'
177
179
        req.outcookie['trac_auth']['expires'] = -10000
 
180
        if self.env.secure_cookies:
 
181
            req.outcookie['trac_auth']['secure'] = True
178
182
 
179
183
    def _get_name_for_cookie(self, req, cookie):
180
184
        db = self.env.get_db_cnx()
197
201
 
198
202
    def _redirect_back(self, req):
199
203
        """Redirect the user back to the URL she came from."""
200
 
        referer = req.get_header('Referer')
 
204
        referer = self._referer(req)
201
205
        if referer and not (referer == req.base_url or \
202
206
                referer.startswith(req.base_url.rstrip('/')+'/')):
203
207
            # only redirect to referer if it is from the same site
204
208
            referer = None
205
209
        req.redirect(referer or req.abs_href())
206
210
 
 
211
    def _referer(self, req):
 
212
        return req.args.get('referer') or req.get_header('Referer')
 
213
 
207
214
 
208
215
class HTTPAuthentication(object):
209
216
 
288
295
                    return user
289
296
 
290
297
        start_response('401 Unauthorized',
291
 
                       [('WWW-Authenticate', 'Basic realm="%s"'
292
 
                         % self.realm)])('')
 
298
                       [('WWW-Authenticate', 'Basic realm="%s"' % self.realm),
 
299
                        ('Content-Length', '0')])('')
293
300
 
294
301
 
295
302
class DigestAuthentication(PasswordFileAuthentication):
344
351
        start_response('401 Unauthorized',
345
352
                       [('WWW-Authenticate',
346
353
                        'Digest realm="%s", nonce="%s", qop="auth", stale="%s"'
347
 
                        % (self.realm, nonce, stale))])('')
 
354
                        % (self.realm, nonce, stale)),
 
355
                        ('Content-Length', '0')])('')
348
356
 
349
357
    def do_auth(self, environ, start_response):
350
358
        header = environ.get('HTTP_AUTHORIZATION')