[Repoze-dev] [issue58] Repoze.who does not allow identity to be set programmatically

2009-04-20 Thread Raphael Slinckx 

Raphael Slinckx r.slin...@whatever-company.com added the comment:

For the record here's what i had to do in my registration controller to login
the user after he signs up automatically (using TG2/pylons):

# Remember the user, removing the need to login
identity = {'repoze.who.userid': user.user_name.lower()}
headers =
request.environ['repoze.who.plugins']['cookie'].remember(request.environ, 
identity)
for k, v in headers:
response.headers.add(k, v)

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue58
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue60] repoze.who auth_tkt is broken when using string userid containing spaces

2009-04-14 Thread Raphael Slinckx 

Raphael Slinckx r.slin...@whatever-company.com added the comment:

It doesn't matter if it's a binary string or not, the point is to escape it
properly to be stored in a cookie.

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue60
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue60] repoze.who auth_tkt is broken when using string userid containing spaces

2009-02-13 Thread Raphael Slinckx 

New submission from Raphael Slinckx r.slin...@whatever-company.com:

If you look at line 132 in auth_tkt.py:

ticket = auth_tkt.AuthTicket([...])
new_cookie_value = ticket.cookie_value()
[...]
return self._get_cookies(environ, new_cookie_value)

The value of the cookie is computed using paste's auth tkt mechanism, but then
is passed as-is to _get_cookies, which in turn does the following:

('Set-Cookie', '%s=%s; Path=/' % (self.cookie_name, value))

Now, if the cookie value contains any illegal chars such as 'space', then the
cookie will be worthless. It should then be quoted. 

Paste uses python's Simplecookie to generate the set-cookie header, which
handles all the quoting logic so that if the cookie value is 'foo bar' it will
use key=foo bar and if the key is 'foobar' it will use key=foobar.

The space issue happens whenever an userid is a user_name with a space char in
it since the user name is appended to the digest as is...

--
messages: 141
nosy: rslinckx
priority: bug
status: unread
title: repoze.who auth_tkt is broken when using string userid containing spaces

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue60
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev