[Repoze-dev] [issue58] Repoze.who does not allow identity to be set programmatically
Raphael Slinckx r.slin...@whatever-company.com added the comment: For the record here's what i had to do in my registration controller to login the user after he signs up automatically (using TG2/pylons): # Remember the user, removing the need to login identity = {'repoze.who.userid': user.user_name.lower()} headers = request.environ['repoze.who.plugins']['cookie'].remember(request.environ, identity) for k, v in headers: response.headers.add(k, v) __ Repoze Bugs b...@bugs.repoze.org http://bugs.repoze.org/issue58 __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
[Repoze-dev] [issue60] repoze.who auth_tkt is broken when using string userid containing spaces
Raphael Slinckx r.slin...@whatever-company.com added the comment: It doesn't matter if it's a binary string or not, the point is to escape it properly to be stored in a cookie. __ Repoze Bugs b...@bugs.repoze.org http://bugs.repoze.org/issue60 __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
[Repoze-dev] [issue60] repoze.who auth_tkt is broken when using string userid containing spaces
New submission from Raphael Slinckx r.slin...@whatever-company.com: If you look at line 132 in auth_tkt.py: ticket = auth_tkt.AuthTicket([...]) new_cookie_value = ticket.cookie_value() [...] return self._get_cookies(environ, new_cookie_value) The value of the cookie is computed using paste's auth tkt mechanism, but then is passed as-is to _get_cookies, which in turn does the following: ('Set-Cookie', '%s=%s; Path=/' % (self.cookie_name, value)) Now, if the cookie value contains any illegal chars such as 'space', then the cookie will be worthless. It should then be quoted. Paste uses python's Simplecookie to generate the set-cookie header, which handles all the quoting logic so that if the cookie value is 'foo bar' it will use key=foo bar and if the key is 'foobar' it will use key=foobar. The space issue happens whenever an userid is a user_name with a space char in it since the user name is appended to the digest as is... -- messages: 141 nosy: rslinckx priority: bug status: unread title: repoze.who auth_tkt is broken when using string userid containing spaces __ Repoze Bugs b...@bugs.repoze.org http://bugs.repoze.org/issue60 __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev