author: bwarsaw 2001-10-09 21:33:32 +0000
committer: bwarsaw 2001-10-09 21:33:32 +0000
commit: 8934271ae10c55826b02e8d2c987fe2e171e2bf3 (patch)
tree: 4c85c669e07b6b762d9d873dbc84fc9b874e9294 /Mailman/SecurityManager.py
parent: 326a1174d730585329db1c3a321d5c94c17af0b2 (diff)
download: mailman-8934271ae10c55826b02e8d2c987fe2e171e2bf3.tar.gz
mailman-8934271ae10c55826b02e8d2c987fe2e171e2bf3.tar.zst
mailman-8934271ae10c55826b02e8d2c987fe2e171e2bf3.zip
1 files changed, 7 insertions, 6 deletions
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py
index 1704a2402..faa78a04d 100644
--- a/Mailman/SecurityManager.py
+++ b/Mailman/SecurityManager.py
@@ -97,7 +97,7 @@ class SecurityManager:
                 # A bad system error
                 raise TypeError, 'No user supplied for AuthUser context'
             secret = self.getMemberPassword(user)
-            key += 'user+%s' % user
+            key += 'user+%s' % Utils.ObscureEmail(user)
         elif authcontext == mm_cfg.AuthListModerator:
             secret = self.mod_password
             key += 'moderator'
@@ -202,14 +202,14 @@ class SecurityManager:
             if ac:
                 print self.MakeCookie(ac, user)
                 return 1
-        except Errors.MMNotAMemberError:
+        except Errors.NotAMemberError:
             pass
         return 0
 
     def MakeCookie(self, authcontext, user=None):
         key, secret = self.AuthContextInfo(authcontext, user)
         if key is None or secret is None or not isinstance(secret, StringType):
-            raise Errors.MMBadUserError
+            raise ValueError
         # Timestamp
         issued = int(time.time())
         # Get a digest of the secret, plus other information.
@@ -266,12 +266,13 @@ class SecurityManager:
                 usernames = [user]
             else:
                 usernames = []
-                prefix = self.internal_name() + ':user:'
+                prefix = self.internal_name() + '+user+'
                 for k in c.keys():
                     if k.startswith(prefix):
                         usernames.append(k[len(prefix):])
-            # If any check out, we're golden
-            for user in usernames:
+            # If any check out, we're golden.  Note: `@'s are no longer legal
+            # values in cookie keys.
+            for user in [Utils.UnobscureEmail(u) for u in usernames]:
                 ok = self.__checkone(c, authcontext, user)
                 if ok:
                     return 1
author	bwarsaw	2001-10-09 21:33:32 +0000
committer	bwarsaw	2001-10-09 21:33:32 +0000
commit	8934271ae10c55826b02e8d2c987fe2e171e2bf3 (patch)
tree	4c85c669e07b6b762d9d873dbc84fc9b874e9294 /Mailman/SecurityManager.py
parent	326a1174d730585329db1c3a321d5c94c17af0b2 (diff)
download	mailman-8934271ae10c55826b02e8d2c987fe2e171e2bf3.tar.gz mailman-8934271ae10c55826b02e8d2c987fe2e171e2bf3.tar.zst mailman-8934271ae10c55826b02e8d2c987fe2e171e2bf3.zip