| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
SecurityManager: New functions MakeCookie() and CheckCookie(). These
functions work with cookies containing cookie creation and expire
time, the client's IP number, and a checksum hash of these values as
well as a secret (the lists (encrypted) admin password).
admin.py, admindb.py and private.py: isAuthenticated now uses these
new cookie functions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
address case matching. These changes require the DATA_FILE_VERSION to
be bumped, which should auto-update your config.db files. I sure hope
this works correctly! Details of changes:
MailList.GetUserSubscribedAddress(): New method. If the address is a
member, this returns the case-preserved address the user is subscribed
with. If not a member, None is returned.
MailList.GetUserCanonicalAddress(): New method. If the address is a
member, this returns the lowercased address the user is subscribed
with. If not a member, None is returned.
MailList.FindUser(): Wrote down, in a big comment, the constraints for
the dictionaries self.members, self.digest_members, self.passwords.
This wasn't always followed, but now it should be. FindUser() is now
also guaranteed to return the lowercased version of the subscribed
email address. This wasn't always the case. FindUser() also provides
a shortcut for the common case.
ApprovedAddMember(): Guarantee that passwords stored in self.passwords
are keyed off the lowercased address.
Deliverer.MailUserPassword(): Find the user's password using the
lowercased version of their address. However, be sure to use their
case-preserved address for the recipient of the password email.
Digester.SetUserDigest(): Fixed a fairly old bug where a user
switching from regular to digest membership (or vice versa) would get
their case-preserved address blown away. I don't think there's any
way to recover this information, but at least now we properly save it.
SecurityManager.ConfirmUserPassword(): Simplified address matching
stuff, since we now guarantee that FindUser() will return a lowercased
address, and that the passwords dictionary has lowercased keys.
FindUser() will return None if the address isn't found, and it also
has a built-in shortcut so that the more expensive
FindMatchingAddresses() isn't called in the common case. I eliminated
the case-insensitive password comparision that Ken rightly questioned
in his comment.
admin.py: In the list of members, display a member's case-preserved
address instead of their lowercased address. Also, obscure the URL in
the hyperlink (probably not terribly necessary).
handle_opts.py: When the password can't be found (when emailing it),
put the address we tried to find in the result message. Makes for
better debugging.
options.py: Use a better mechanism for finding if the member has a
case-preserved address different from their lowercased address.
|
| |
|
|
|
|
|
|
|
|
|
| |
Digester.SetUserDigest(), and possibly other places) the members dict
values to 1 now, as well as 0, breaking the user password recognition.
This is fucked up. Anyway, i'm dealing with that by not checking the
for a 0 from the get, but rather assuming a string returned means that
the returned value should be used instead of the index. The
complications with the different values should be fixed, as well, but
i no longer know what the right thing is, because i don't know the
purpose of the use of 1 instead of 0, if any. Sigh.
|
| |
|
|
|
|
|
|
|
|
|
| |
name optimizations - provisions to fix it are gross. It would be nice
to have an abstraction for getting the user account name under which
their password is registered (which i would call the normalized
account name). I suspect that FindUser() could serve for that, but
i'm not certain what the optimizations considerations are. I am afraid
that it is significantly more confusing, overall, to figure out which
subscription name to use (user-specified case-preserved, or lower
case) in what situation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dicts instead of lists, which optimizes Utils.FindMatchingAddresses
and general membership management, especially for large lists.
MailList.py now supplies .GetMembers() and .GetDigestMembers() to
supply the data in list form to anything that needs it that way.
An new install showed this worked fine with some cursory testing of
the cgi's and interactive poking around.
A detailed listing of the changes follows:
Mailman/Defaults.py.in: change data version to 11
Mailman/Digester.py: initvars now instantiates digest_members as {}
instead of []
lines 113-114 and 121-122 now use del
This change implements storing list members and digest members as
dicts instead of lists, which optimizes Utils.FindMatchingAddresses
and general membership management, especially for large lists.
MailList.py now supplies .GetMembers() and .GetDigestMembers() to
supply the data in list form to anything that needs it that way.
Though INSTALL shows up on the changed files section, a diff a few
seconds ago didn't show any differences in that file, so I hope nobody
changed it in the interim.
An new install showed this worked fine with some cursory testing of
the cgi's and interactive poking around.
A detailed listing of the changes follows:
Mailman/Defaults.py.in: change data version to 11
Mailman/Digester.py: initvars now instantiates digest_members as {}
instead of []
lines 113-114 and 121-122 now use del
list.[digest_]member instead of
list.[digest_]members.remove
when figuring who to actually send digests to,
use list.GetDigestMembers() instead of
list.digest_members.
Mailman/HTMLFormatter: now uses list.Get[Digest]Members to get
subscribers, and length of digested subscribers
and regular members
MailCommandHandler, SecurityManager,Cgi/handle_opts, Cgi/options: all
simple replacements of list.[digest_]members with
list.Get[Digest]Members().
Mailman/Cgi/admin.py: mostly simple replacements of
list.[digest_]members with the Get..() methods, however, the
membership management section now works much quicker and changes
digest->nodigest subscriptions via dictionary manipulations.
Mailman/versions.py: updates lists to use dicts and changed
list.[digest_]members to use the list.Get[Digest]Members() methods.
Mailman/Utils.py: added a function "GetPossibleMatchingAddresses"
which when fed an address, returns the list of addresses that "smart"
address matching would match.
changed FindMatchingAddresses(name, list) to use a new signature:
FindMatchingAddresses(name, *dicts), where dicts is a list of
dictionaries keyed by addresses. Just realized that this would better
be FindMatchingAddresses(name, dict, *dicts) so that it enforces
atleast 2 args... I'll make that change in a sec.
All uses of FindMatchingAddresses have been changed to fit the new
arguments.
scott
----:**-F1 cvs30458aaa 1:12PM 0.98 Mail (Text Fill)--L59--32%-------------------------------------------
?
|
| | |
|
| |
|
|
|
|
| |
1) the password data file was changed to g-w (which is good)
2) the open(...) used "r+" instead of "r" (which is bad)
I changed #2...
|
| |
|
|
|
|
|
| |
interface to an md5 digest if the import fails. This way, we don't
have to tell people to recompile python if they compiled it out of the
box. (since crypt is no longer in by default).
mm_security now uses mm_crypt instead of crypt.
|
| | |
|
| |
|
|
|
| |
different variable from mm_cfg. The file location is stored in
SITE_PW_FILE.
|
| | |
|
| |
|
|
|
|
|
| |
do so.
Added a copy of the GNU GPL.
Added information about mailman-users in README, and reworded some text in there (made the credits less verbose... perhaps they should move to a credits file?)
|
| | |
|
| |
|
|
| |
__version__ info.
|
| |
|
|
|
| |
'approved' line password, and removes all 'approved' lines from the
message as a side effect. Central to the message-approved processing.
|
| |
|
|
|
|
| |
go+rw-x!) for adm.pw to 0022 (u+rw, go+r). I'm a bit shaking about
this - think it's right, but seems like the original error is so odd
that i may be seeing something incorrectly...
|
| | |
|
| |
|
