I need to redirect all my http requests to the login_form of the
CookieCrumble to https, so, I wrote this rule in apache:

RewriteRule ^/login/login_form(.*) https://server/login/login_form$1 [NE,L]

It authenticates me through ssl, but then it cames back to http. I saw that
the problem is that the came_from variable refers to the original http
request; something like this:

https://server/login/login_form?came_from=http%3A//server/page&retry=&disabl
e_cookie_login__=1

Ok, finally I found a way of correcting this behavior without modifying my original RewriteRule. I added a new boolean attribute to the CookieCrumbler class: "ssl_redirect". If it is set, then the http Part in the came_from variable will be replaced by https. All this would be done inside the getUnauthorizedURL method of the CookieCrumbler class (See the attachment).

If you think there is a better way of doing this, please let me know.

Regards
Josef

Note: The patch was done for the CookieCrumbler v1.2
diff -Naur CookieCrumbler_old/CookieCrumbler.py 
CookieCrumbler_new/CookieCrumbler.py
--- CookieCrumbler_old/CookieCrumbler.py        2004-06-14 18:34:36.000000000 
+0200
+++ CookieCrumbler_new/CookieCrumbler.py        2006-06-16 17:34:04.000000000 
+0200
@@ -83,6 +83,9 @@
                     'label':'Use cookie paths to limit scope'},
                    {'id':'cache_header_value', 'type': 'string', 'mode':'w',
                     'label':'Cache-Control header value'},
+                   #SSL Redirection from Josef Meile
+                   {'id':'ssl_redirect', 'type': 'boolean', 'mode':'w',
+                    'label':'Use ssl after login'},
                    )
 
     auth_cookie = '__ac'
@@ -95,6 +98,9 @@
     local_cookie_path = 0
     cache_header_value = 'no-cache'
 
+    #Patch from Josef Meile
+    ssl_redirect = 0
+
     security.declarePrivate('delRequestVar')
     def delRequestVar(self, req, name):
         # No errors of any sort may propagate, and we don't care *what*
@@ -315,6 +321,11 @@
                 came_from = req.get('came_from', None)
                 if came_from is None:
                     came_from = req.get('URL', '')
+
+                    #Patch from Josef Meile in order to redirect to ssl if 
using http
+                    if self.ssl_redirect and came_from.startswith('http:'):
+                        came_from = 'https' + came_from[4:]
+                   
                     query = req.get('QUERY_STRING')
                     if query:
                         # Include the query string in came_from
@@ -371,6 +382,14 @@
                 return p.get('label', id)
         return id
 
+    #Patch from Josef Meile
+    def __setstate__(self,state):
+        #This method adds new attributes and deletes old ones each time
+        #that you view old instances of the class
+        Folder.__setstate__(self,state)
+        if not hasattr(self,'ssl_redirect'):
+            self.ssl_redirect = 0
+
 Globals.InitializeClass(CookieCrumbler)
 
 
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to