Small patch to the version at http://www.autopond.com/digestauth.py that
fixes logout for me; without it, even though the user has logged out,
.authUserName() still returns their name.
--- a/webapp/digestauth.py
+++ b/webapp/digestauth.py
@@ -187,9 +187,18 @@ class auth(object):
"""Returns the HTTP username, or None if not logged in."""
try:
reqHeaderDict = self._getValidAuthHeader()
- return reqHeaderDict.username
except MalformedAuthenticationHeader:
return None
+ if len(reqHeaderDict.nonce) != 34:
+ return None
+ nonceReaction = self.outstandingNonces.nonceState(reqHeaderDict,
self.nonceSkip)
+ if nonceReaction in [ 2, 3 ] :
+ # Client sent a nonce we've never heard of before
+ # Client sent an old nonce. Give the client a new one, and ask
to authenticate again before continuing.
+ return None
+ return reqHeaderDict.username
+
+
def H(data):
"""Return a hex digest MD5 hash of the argument"""
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/webpy?hl=en.
