[Zope-CMF] [dev] CookieCrumbler cleanup

Tres Seaver tseaver at palladion.com
Mon Jun 14 09:34:37 EDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

yuppie wrote:
> Hi!
> 
> 
> The refactoring on the cookiecrumbler_with_views branch is almost done. 
> There are 3 small CookieCrumbler 'features' I'd like to remove before 
> merging the changes into CMF trunk:
> 
> 
> 1.) insufficient privileges page (unauth_page property)
> =======================================================
> 
> Logged in users are usually redirected to a view that tells them they 
> don't have sufficient privileges. Anonymous users are usually redirected 
> to a login form. AFAICS PAS has no built in support for that distinction 
> and Plone uses require_login as dispatcher.
> 
> By default CookieCrumbler only redirects anonymous users to the login 
> form. But allows to specify a redirect target for logged in users in the 
> unauth_page property.
> 
> I propose to remove that feature because all redirection logic is moved 
> to the UnauthorizedView. By default Forbidden is raised with a message 
> similar to Plone's insufficient_privileges. If you want to customize 
> that, you have to override the UnauthorizedView.

+1.

> 2.) redirect loop detection (disable_cookie_login__ parameter)
> ==============================================================
> 
> AFAICS the special disable_cookie_login__=1 behavior is only used to 
> prevent redirect loops caused by unauthorized exceptions in the 
> login_form. This can only happen in mis-configured sites. And browsers 
> are responsible for ending infinite redirect loops, so even in the case 
> of misconfiguration nothing bad happens.
> 
> I propose to remove that feature completely. I there is a reason why we 
> have to detect redirect loops, we should at least do it without a 
> special query parameter. CookieAuthHelper.unauthorized of PAS checks if 
> ACTUAL_URL is the login_form URL.

+1.

> 3.) retry detection (retry parameter)
> =====================================
> 
> AFAICS no special retry=1 behavior is implemented, so I can't see a 
> reason why we should set the retry parameter. PAS also works without 
> that feature. I propose to remove that feature completely.

+1.


Ters.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkwWL+0ACgkQ+gerLs4ltQ6gjwCgt2QcbsDvqE+vOmzrxY/PhatR
mM4An06At/BtYAimlahedQexDOnoIK6a
=d8wG
-----END PGP SIGNATURE-----

More information about the Zope-CMF mailing list