author: hmeland 1999-06-13 08:10:10 +0000
committer: hmeland 1999-06-13 08:10:10 +0000
commit: ee4bf52e074bdaa647294e54afae49493eca6034 (patch)
tree: 00301b29943a1b4baaa79753f8e5de5302314c11 /Mailman/Cgi/private.py
parent: db1ac2dcaec79558fe763f701ede08321aa72655 (diff)
download: mailman-ee4bf52e074bdaa647294e54afae49493eca6034.tar.gz
mailman-ee4bf52e074bdaa647294e54afae49493eca6034.tar.zst
mailman-ee4bf52e074bdaa647294e54afae49493eca6034.zip
1 files changed, 67 insertions, 81 deletions
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index e46879371..24eff56e7 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -22,12 +22,11 @@ Currently this is organized to obtain passwords for Mailman mailing list
 subscribers.
 """
 
-import sys, os, string
-from Mailman import MailList, Errors
-from Mailman import Cookie
+import sys, os, string, cgi
+from Mailman import Utils, MailList, Errors
+from Mailman.htmlformat import *
 from Mailman.Logging.Utils import LogStdErr
-from Mailman import Utils
-import Mailman.mm_cfg
+from Mailman import mm_cfg
 
 LogStdErr("error", "private")
 
@@ -70,58 +69,6 @@ PAGE = '''
 login_attempted = 0
 _list = None
 
-def GetListobj(list_name):
-    """Return an unlocked instance of the named mailing list, if found."""
-    global _list
-    if _list:
-	return _list
-    _list = MailList.MailList(list_name, lock=0)
-    return _list
-
-def isAuthenticated(list_name):
-    try:
-        listobj = GetListobj(list_name)
-    except Errors.MMUnknownListError:
-        print "\n<H3>List", repr(list_name), "not found.</h3>"
-        raise SystemExit
-    if os.environ.has_key('HTTP_COOKIE'):
-	c = Cookie.Cookie( os.environ['HTTP_COOKIE'] )
-	if c.has_key(list_name):
-            if listobj.CheckCookie(c[list_name].value):
-                return 1
-    # No corresponding cookie.  OK, then check for username, password
-    # CGI variables 
-    import cgi
-    v = cgi.FieldStorage()
-    username = password = None
-    if v.has_key('username'): 
-	username = v['username']
-	if type(username) == type([]): username = username[0]
-	username = username.value
-    if v.has_key('password'): 
-	password = v['password']
-	if type(password) == type([]): password = password[0]
-	password = password.value
-	
-    if username is None or password is None: return 0
-
-    # Record that this is a login attempt, so if it fails the form can
-    # be displayed with an appropriate message.
-    global login_attempted
-    login_attempted=1
-    try:
-	listobj.ConfirmUserPassword( username, password)
-    except (Errors.MMBadUserError, Errors.MMBadPasswordError,
-            Errors.MMNotAMemberError): 
-	return 0
-
-    token = listobj.MakeCookie()
-    c = Cookie.Cookie()
-    c[list_name] = token
-    print c				# Output the cookie
-    return 1
-
-
 def true_path(path):
     "Ensure that the path is safe by removing .."
     path = string.replace(path, "../", "")
@@ -138,15 +85,28 @@ def content_type(path):
 
 
 def main():
-    path = os.environ.get('PATH_INFO', "/index.html")
+    doc = Document()
+
+    try:
+        path = os.environ['PATH_INFO']
+    except KeyError:
+        doc.SetTitle("Private Archive Error")
+        doc.AddItem(Header(3, "You must specify a list."))
+        print doc.Format(bgcolor="#FFFFFF")
+        sys.exit(0)
+
     true_filename = os.path.join(
-        Mailman.mm_cfg.PRIVATE_ARCHIVE_FILE_DIR,
+        mm_cfg.PRIVATE_ARCHIVE_FILE_DIR,
         true_path(path))
+
     list_info = Utils.GetPathPieces(path)
-    if len(list_info) == 0:
-        list_name = None
-    else:
-        list_name = string.lower(list_info[0])
+
+    if len(list_info) < 1:
+        doc.SetTitle("Private Archive Error")
+        doc.AddItem(Header(3, "You must specify a list."))
+        print doc.Format(bgcolor="#FFFFFF")
+        sys.exit(0)
+    list_name = string.lower(list_info[0])
 
     # If it's a directory, we have to append index.html in this script.  We
     # must also check for a gzipped file, because the text archives are
@@ -158,29 +118,55 @@ def main():
         # then
         true_filename = true_filename + '.gz'
 
-    if not list_name or not isAuthenticated(list_name):
+    try:
+        listobj = MailList.MailList(list_name, lock=0)
+    except Errors.MMUnknownListError:
+        listobj = None
+    if not (listobj and listobj._ready):
+        msg = "%s: No such list." % list_name
+        doc.SetTitle("Private Archive Error - %s" % msg)
+        doc.AddItem(Header(2, msg))
+        print doc.Format(bgcolor="#FFFFFF")
+        sys.exit(0)
+
+    form = cgi.FieldStorage()
+    user = password = None
+    if form.has_key('username'):
+	user = form['username']
+	if type(user) == type([]): user = user[0]
+	user = user.value
+    if form.has_key('password'): 
+	password = form['password']
+	if type(password) == type([]): password = password[0]
+	password = password.value
+
+    is_auth = 0
+    message = ("Please enter your %s subscription email address "
+               "and password." % listobj.real_name)
+    try:
+        is_auth = listobj.WebAuthenticate(user=user,
+                                          password=password,
+                                          cookie='archive')
+    except (Errors.MMBadUserError, Errors.MMBadPasswordError,
+            Errors.MMNotAMemberError): 
+        message = ('Your email address or password were incorrect. '
+                   'Please try again.')
+    except Errors.MMExpiredCookieError:
+        message = 'Your cookie has gone stale, ' \
+                  'enter password to get a new one.',
+    except Errors.MMInvalidCookieError:
+        message = 'Error decoding authorization cookie.'
+    except Errors.MMAuthenticationError:
+        message = 'Authentication error.'
+    
+    if not is_auth:
         # Output the password form
-        print 'Content-type: text/html\n'
+        print 'Content-type: text/html\n\n'
         page = PAGE
-
-        if not list_name:
-            print '\n<h3>No list name found.</h3>'
-            raise SystemExit
-        try:
-            listobj = GetListobj(list_name)
-        except Errors.MMUnknownListError:
-            print "\n<H3>List", repr(list_name), "not found.</h3>"
-            raise SystemExit
-        if login_attempted:
-            message = ("Your email address or password were incorrect."
-                       " Please try again.")
-        else:
-            message = ("Please enter your %s subscription email address"
-                       " and password." % listobj.real_name)
         while path and path[0] == '/': path=path[1:]  # Remove leading /'s
         basepath = os.path.split(listobj.GetBaseArchiveURL())[0]
         listname = listobj.real_name
-        print '\n\n', page % vars()
+        print page % vars()
         sys.exit(0)
 
     # Authorization confirmed... output the desired file
author	hmeland	1999-06-13 08:10:10 +0000
committer	hmeland	1999-06-13 08:10:10 +0000
commit	ee4bf52e074bdaa647294e54afae49493eca6034 (patch)
tree	00301b29943a1b4baaa79753f8e5de5302314c11 /Mailman/Cgi/private.py
parent	db1ac2dcaec79558fe763f701ede08321aa72655 (diff)
download	mailman-ee4bf52e074bdaa647294e54afae49493eca6034.tar.gz mailman-ee4bf52e074bdaa647294e54afae49493eca6034.tar.zst mailman-ee4bf52e074bdaa647294e54afae49493eca6034.zip