Alberto Valverde wrote:
> Gustavo Narea wrote:
>
>> Hello,
>>
>> Authorization-related messages are no longer flashed in TG2 trunk. Could
>> this
>> be related to the modifications to the flash() function lately?
>>
>>
>
> That's most probable since the flash payload is now passed in a cookie
> and this cookie is lost somewhere in the middleware stack if the
> response's status is a 401. This doesn't affect only flash but can
> potentially affect any application using cookies. I've just comited a
> FIXME test to prove it:
>
> http://trac.turbogears.org/changeset/6135
>
> My guess is that repoze.who's RedirectFormPlugin is not copying the
> cookies from the 401 response when traps it and redirects to the login
> handler but I need to confirm it. Will try to that tomorrow.
>
Confirmed. The following patch makes the test pass so it will probably
fix the flash issue:
Index: repoze/who/plugins/form.py
===
--- repoze/who/plugins/form.py(revision 3293)
+++ repoze/who/plugins/form.py(working copy)
@@ -190,7 +190,8 @@
url_parts[4] = urllib.urlencode(query_elements, doseq=True)
login_form_url = urlparse.urlunparse(url_parts)
headers = [ ('Location', login_form_url) ]
-headers = headers + forget_headers
+cookies = [(h,v) for (h,v) in app_headers if h.lower() ==
'set-cookie']
+headers = headers + forget_headers + cookies
return HTTPFound(headers=headers)
It's late here, I'll send a proper patch tomorrow to the repoze people
tomorrow with a test case hopefully.
Alberto
P.S: Cc'ing them in case a kind soul wants to beat me to it while I'm
asleep :)
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
