-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simon Neidhold wrote:
| hi,
|
| i'am using the cookiecrumbler-product (v1.2) in a zope-2.7.1 instance to
| get cookie-based login for my users.
| the approach worked well until now.
|
| today i've encountered a problem. users can authorize themselve, but
| their username isnt send regularly within the authentication-header.
| therefore all log-entrys in the Z2.log contain the username 'Anonymous
| User' not the actual authenticated one.
|
| i've searched the mailinglist for possible fixes, but the only result is
| that dirty hack:
|
http://mail.zope.org/pipermail/zope-collector-monitor/2003-February/001733.html

|
| it was posted 2 years ago, so i'am looking forward that someone knows an
| even better solution?

I am attaching the patch which Casey Duncan worked up to log the
cookie-based user somewhat more cleanly.

Tres.
- --
===============================================================
Tres Seaver                                [EMAIL PROTECTED]
Zope Corporation      "Zope Dealers"       http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCB6v0GqWXf00rNCgRAipeAKCBWwFdDlV2N0v9jhQDOYLMEv7WiQCghf4x
VB9jmCCJTJXwPpjorxOXs90=
=IJ+W
-----END PGP SIGNATURE-----
diff -I '$Id: cookie_auth_log.patch,v 1.1 2005/01/20 22:33:16 tseaver Exp $Revision:' --exclude CVS -c -r CMF-1.4.5/CMFCore/CookieCrumbler.py CMF-1.4.5+1/CMFCore/CookieCrumbler.py
*** CMF-1.4.5/CMFCore/CookieCrumbler.py	2004-04-23 17:11:33.000000000 -0400
--- CMF-1.4.5+1/CMFCore/CookieCrumbler.py	2004-07-14 15:32:01.000000000 -0400
***************
*** 68,73 ****
--- 68,75 ----
                      'label':'Auto-login page ID'},
                     {'id':'logout_page', 'type': 'string', 'mode':'w',
                      'label':'Logout page ID'},
+                    {'id':'log_username', 'type':'boolean', 'mode': 'w',
+                     'label':'Log cookie auth username to access log'}
                     )
  
      auth_cookie = '__ac'
***************
*** 76,81 ****
--- 78,84 ----
      persist_cookie = '__ac_persistent'
      auto_login_page = 'login_form'
      logout_page = 'logged_out'
+     log_username = 1
  
      security.declarePrivate('delRequestVar')
      def delRequestVar(self, req, name):
***************
*** 102,107 ****
--- 105,127 ----
      security.declarePrivate('defaultExpireAuthCookie')
      def defaultExpireAuthCookie( self, resp, cookie_name ):
          resp.expireCookie( cookie_name, path='/')
+     
+     def _setAuthHeader(self, ac, request, response):
+         """Set the auth headers for both the Zope and Medusa http request
+         objects.
+         """
+         request._auth = 'Basic %s' % ac
+         request._cookie_auth = 1
+         response._auth = 1
+         if self.log_username:
+             # Set the authorization header in the medusa http request
+             # so that the username can be logged to the Z2.log
+             try:
+                 medusa_headers = response.stdout._request._header_cache
+             except AttributeError:
+                 pass
+             else:
+                 medusa_headers['authorization'] = request._auth
  
      security.declarePrivate('modifyRequest')
      def modifyRequest(self, req, resp):
***************
*** 126,134 ****
                  name = req[self.name_cookie]
                  pw = req[self.pw_cookie]
                  ac = encodestring('%s:%s' % (name, pw))
!                 req._auth = 'Basic %s' % ac
!                 req._cookie_auth = 1
!                 resp._auth = 1
                  if req.get(self.persist_cookie, 0):
                      # Persist the user name (but not the pw or session)
                      expires = (DateTime() + 365).toZone('GMT').rfc822()
--- 146,152 ----
                  name = req[self.name_cookie]
                  pw = req[self.pw_cookie]
                  ac = encodestring('%s:%s' % (name, pw))
!                 self._setAuthHeader(ac, req, resp)
                  if req.get(self.persist_cookie, 0):
                      # Persist the user name (but not the pw or session)
                      expires = (DateTime() + 365).toZone('GMT').rfc822()
***************
*** 146,154 ****
              elif req.has_key(self.auth_cookie):
                  # Copy __ac to the auth header.
                  ac = unquote(req[self.auth_cookie])
!                 req._auth = 'Basic %s' % ac
!                 req._cookie_auth = 1
!                 resp._auth = 1
                  self.delRequestVar(req, self.auth_cookie)
                  return ATTEMPT_RESUME
              return ATTEMPT_NONE
--- 164,170 ----
              elif req.has_key(self.auth_cookie):
                  # Copy __ac to the auth header.
                  ac = unquote(req[self.auth_cookie])
!                 self._setAuthHeader(ac, req, resp)
                  self.delRequestVar(req, self.auth_cookie)
                  return ATTEMPT_RESUME
              return ATTEMPT_NONE
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to