diff options
| author | bwarsaw | 2006-10-15 22:04:16 +0000 |
|---|---|---|
| committer | bwarsaw | 2006-10-15 22:04:16 +0000 |
| commit | e7fe84dca5681a6de55262a0eddd06758cbd1ce4 (patch) | |
| tree | a4c5a0e2778269c2a77ee0fecae45ac3f8e64de0 /Mailman/SecurityManager.py | |
| parent | d75f597cb3ccfdd6de9c6bb3877e5452884002c9 (diff) | |
| download | mailman-e7fe84dca5681a6de55262a0eddd06758cbd1ce4.tar.gz mailman-e7fe84dca5681a6de55262a0eddd06758cbd1ce4.tar.zst mailman-e7fe84dca5681a6de55262a0eddd06758cbd1ce4.zip | |
More work on the WSGI support. So far, I've tested most of the admin.py links
and some of the admindb.py links. There may still be breakage in other parts
of the interface and I haven't gone back to verify that traditional CGI still
works.
Changes:
- Add wsgiref-0.1.2-py2.4.egg so that we can still do WSGI in Python 2.4,
which doesn't come with wsgiref. Of course this means we /also/ have to add
setuptools-0.5c3 because eggs require setuptools.
- Style cleanups in HTTPRunner.py and wsgi_app.py. Also, use cStringIO
instead of StringIO.
- All internal links within the listinfo and admin pages are (or at least
should be ;) relative now. This should make other things better, such as
running Mailman over https or alternative ports. It does kind of mean that
web_page_url is obsolete, but I haven't looked at whether we can completely
eradicate it.
- ValidateEmail(): Use ' ' in s instead of s.count(' ') > 0.
- GetPathPieces(): When path is false, return the empty list instead of None,
so we can still len() it.
- ScriptURL(): Much simpler. To support relative urls as the default, we
change the API so that it only takes a 'target' argument (i.e. the script we
want to link to). It no longer takes 'absolute' or 'web_page_url', and it
constructs its link from GetPathPieces(), the target, and the cgi extension.
- GetRequestURI(): code style updates.
- Mailman/bin/show_config.py: De-DOS-line-ending-ification.
- export.py: A few modifications, although this is likely still not final (I'm
still working on the import script). First, for <option> elements, don't
put the value in an attribute, put it in the text body of the element.
Second, put the list <option> tags in a <configuration> element. Third, put
the preferred language on an <option> tag with a 'preferred_language'
name attribute value.
- SecurityManager: Make sure that MakeCookie() and ZapCookie() use the same
'path' cookie value by refactoring that into a separate method. That method
now returns just the SCRIPT_NAME and the full listname. web_page_url
doesn't enter into it.
- loginit.py: Add a 'debug' logger since it's just too useful to have :)
- admin.py: Remove the extra / right before the query string in ?VARHELP
urls. That extra / turns out to be problematic with the relative url scheme
we're using now.
- Auth.py: whitespace normalization and copyright years update. Also, remove
a couple of unnecessary imports. Also, make sure that the actionurl is
relative.
- create.py: Typo.
- private.py: mm_cfg -> config object
- In MailList.py: GetScriptURL() can be written in terms of Utils.ScriptURL()
now.
Diffstat (limited to 'Mailman/SecurityManager.py')
| -rw-r--r-- | Mailman/SecurityManager.py | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py index e97084cf1..8c55d2863 100644 --- a/Mailman/SecurityManager.py +++ b/Mailman/SecurityManager.py @@ -57,8 +57,6 @@ import logging import marshal import binascii -from urlparse import urlparse - from Mailman import Errors from Mailman import mm_cfg from Mailman import Utils @@ -225,6 +223,9 @@ class SecurityManager: return True return False + def _cookie_path(self): + return '/%s/%s' % (os.environ['SCRIPT_NAME'], self.fqdn_listname) + def MakeCookie(self, authcontext, user=None): key, secret = self.AuthContextInfo(authcontext, user) if key is None or secret is None or not isinstance(secret, str): @@ -236,10 +237,7 @@ class SecurityManager: # Create the cookie object. c = Cookie.SimpleCookie() c[key] = binascii.hexlify(marshal.dumps((issued, mac))) - # The path to all Mailman stuff, minus the scheme and host, - # i.e. usually the string `/mailman' - path = urlparse(self.web_page_url)[2] - c[key]['path'] = path + c[key]['path'] = self._cookie_path() # We use session cookies, so don't set `expires' or `max-age' keys. # Set the RFC 2109 required header. c[key]['version'] = 1 @@ -253,10 +251,7 @@ class SecurityManager: # string. c = Cookie.SimpleCookie() c[key] = '' - # The path to all Mailman stuff, minus the scheme and host, - # i.e. usually the string `/mailman' - path = urlparse(self.web_page_url)[2] - c[key]['path'] = path + c[key]['path'] = self._cookie_path() c[key]['max-age'] = 0 # Don't set expires=0 here otherwise it'll force a persistent cookie c[key]['version'] = 1 |