[Zope-CMF] Re: [Zope-dev] Re: CookieCrumbler and User-Logging

Florent Guillaume fg at nuxeo.com
Mon Feb 21 14:55:40 EST 2005


Anyone opposed to including this in stock CMF ?

Florent

Tres Seaver  <tseaver at zope.com> wrote:
> -=-=-=-=-=-
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Simon Neidhold wrote:
> | hi,
> |
> | i'am using the cookiecrumbler-product (v1.2) in a zope-2.7.1 instance to
> | get cookie-based login for my users.
> | the approach worked well until now.
> |
> | today i've encountered a problem. users can authorize themselve, but
> | their username isnt send regularly within the authentication-header.
> | therefore all log-entrys in the Z2.log contain the username 'Anonymous
> | User' not the actual authenticated one.
> |
> | i've searched the mailinglist for possible fixes, but the only result is
> | that dirty hack:
> |
> http://mail.zope.org/pipermail/zope-collector-monitor/2003-February/001733.html
> 
> |
> | it was posted 2 years ago, so i'am looking forward that someone knows an
> | even better solution?
> 
> I am attaching the patch which Casey Duncan worked up to log the
> cookie-based user somewhat more cleanly.
> 
> Tres.
> - --
> ===============================================================
> Tres Seaver                                tseaver at zope.com
> Zope Corporation      "Zope Dealers"       http://www.zope.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFCB6v0GqWXf00rNCgRAipeAKCBWwFdDlV2N0v9jhQDOYLMEv7WiQCghf4x
> VB9jmCCJTJXwPpjorxOXs90=
> =IJ+W
> -----END PGP SIGNATURE-----
> 
> -=-=-=-=-=-
> 
> diff -I '$Id: cookie_auth_log.patch,v 1.1 2005/01/20 22:33:16 tseaver Exp
> $Revision:' --exclude CVS -c -r CMF-1.4.5/CMFCore/CookieCrumbler.py
> CMF-1.4.5+1/CMFCore/CookieCrumbler.py
> *** CMF-1.4.5/CMFCore/CookieCrumbler.py	2004-04-23 17:11:33.000000000 -0400
> --- CMF-1.4.5+1/CMFCore/CookieCrumbler.py	2004-07-14 15:32:01.000000000 -0400
> ***************
> *** 68,73 ****
> --- 68,75 ----
>                       'label':'Auto-login page ID'},
>                      {'id':'logout_page', 'type': 'string', 'mode':'w',
>                       'label':'Logout page ID'},
> +                    {'id':'log_username', 'type':'boolean', 'mode': 'w',
> +                     'label':'Log cookie auth username to access log'}
>                      )
>   
>       auth_cookie = '__ac'
> ***************
> *** 76,81 ****
> --- 78,84 ----
>       persist_cookie = '__ac_persistent'
>       auto_login_page = 'login_form'
>       logout_page = 'logged_out'
> +     log_username = 1
>   
>       security.declarePrivate('delRequestVar')
>       def delRequestVar(self, req, name):
> ***************
> *** 102,107 ****
> --- 105,127 ----
>       security.declarePrivate('defaultExpireAuthCookie')
>       def defaultExpireAuthCookie( self, resp, cookie_name ):
>           resp.expireCookie( cookie_name, path='/')
> +     
> +     def _setAuthHeader(self, ac, request, response):
> +         """Set the auth headers for both the Zope and Medusa http request
> +         objects.
> +         """
> +         request._auth = 'Basic %s' % ac
> +         request._cookie_auth = 1
> +         response._auth = 1
> +         if self.log_username:
> +             # Set the authorization header in the medusa http request
> +             # so that the username can be logged to the Z2.log
> +             try:
> +                 medusa_headers = response.stdout._request._header_cache
> +             except AttributeError:
> +                 pass
> +             else:
> +                 medusa_headers['authorization'] = request._auth
>   
>       security.declarePrivate('modifyRequest')
>       def modifyRequest(self, req, resp):
> ***************
> *** 126,134 ****
>                   name = req[self.name_cookie]
>                   pw = req[self.pw_cookie]
>                   ac = encodestring('%s:%s' % (name, pw))
> !                 req._auth = 'Basic %s' % ac
> !                 req._cookie_auth = 1
> !                 resp._auth = 1
>                   if req.get(self.persist_cookie, 0):
>                       # Persist the user name (but not the pw or session)
>                       expires = (DateTime() + 365).toZone('GMT').rfc822()
> --- 146,152 ----
>                   name = req[self.name_cookie]
>                   pw = req[self.pw_cookie]
>                   ac = encodestring('%s:%s' % (name, pw))
> !                 self._setAuthHeader(ac, req, resp)
>                   if req.get(self.persist_cookie, 0):
>                       # Persist the user name (but not the pw or session)
>                       expires = (DateTime() + 365).toZone('GMT').rfc822()
> ***************
> *** 146,154 ****
>               elif req.has_key(self.auth_cookie):
>                   # Copy __ac to the auth header.
>                   ac = unquote(req[self.auth_cookie])
> !                 req._auth = 'Basic %s' % ac
> !                 req._cookie_auth = 1
> !                 resp._auth = 1
>                   self.delRequestVar(req, self.auth_cookie)
>                   return ATTEMPT_RESUME
>               return ATTEMPT_NONE
> --- 164,170 ----
>               elif req.has_key(self.auth_cookie):
>                   # Copy __ac to the auth header.
>                   ac = unquote(req[self.auth_cookie])
> !                 self._setAuthHeader(ac, req, resp)
>                   self.delRequestVar(req, self.auth_cookie)
>                   return ATTEMPT_RESUME
>               return ATTEMPT_NONE
> 
> -=-=-=-=-=-
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev at zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope )
> 
> -=-=-=-=-=-


-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com


More information about the Zope-CMF mailing list