diff options
| author | Mark Sapiro <msapiro@value.net> | 2011-04-25 15:40:16 -0700 |
|---|---|---|
| committer | Mark Sapiro <msapiro@value.net> | 2011-04-25 15:40:16 -0700 |
| commit | 9bc9d9c391b0726d9b4538a79732f24f7d974443 (patch) | |
| tree | 44e0e1463b83a6959fd848d9a25c2cb89faa7ede | |
| parent | 663e0178728b6618064743a737f72889f014787e (diff) | |
| download | mailman2-9bc9d9c391b0726d9b4538a79732f24f7d974443.tar.gz mailman2-9bc9d9c391b0726d9b4538a79732f24f7d974443.tar.xz mailman2-9bc9d9c391b0726d9b4538a79732f24f7d974443.zip | |
A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.
If this is set to a non-zero value, web authentication cookies will
expire that many seconds following their last use. Its default value is
zero to preserve current behavior.
| -rw-r--r-- | Mailman/Defaults.py.in | 4 | ||||
| -rw-r--r-- | Mailman/SecurityManager.py | 7 | ||||
| -rw-r--r-- | NEWS | 5 |
3 files changed, 15 insertions, 1 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index 1bf8362d..e6a0e400 100644 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -104,6 +104,10 @@ MAILMAN_SITE_LIST = 'mailman' # the site. Set this value to Yes to allow site admin cookies. ALLOW_SITE_ADMIN_COOKIES = No +# If the following is set to a non-zero value, web authentication cookies will +# expire that many seconds following their last use. +AUTHENTICATION_COOKIE_LIFETIME = 0 + # Command that is used to convert text/html parts into plain text. This # should output results to standard output. %(filename)s will contain the # name of the temporary file that the program should operate on. diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py index 902c1fdd..c2f57cc4 100644 --- a/Mailman/SecurityManager.py +++ b/Mailman/SecurityManager.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2008 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -224,6 +224,8 @@ class SecurityManager: for ac in authcontexts: ok = self.CheckCookie(ac, user) if ok: + # Refresh the cookie + print self.MakeCookie(ac, user) return True # Check passwords ac = self.Authenticate(authcontexts, response, user) @@ -342,6 +344,9 @@ class SecurityManager: now = time.time() if now < issued: return False + if (mm_cfg.AUTHENTICATION_COOKIE_LIFETIME and + issued + mm_cfg.AUTHENTICATION_COOKIE_LIFETIME < now): + return False # Calculate what the mac ought to be based on the cookie's timestamp # and the shared secret. mac = sha_new(secret + `issued`).hexdigest() @@ -12,6 +12,11 @@ Here is a history of user visible changes to Mailman. New Features + - A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added. + If this is set to a non-zero value, web authentication cookies will + expire that many seconds following their last use. Its default value is + zero to preserve current behavior. + - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control how much of the original message is included in automatic responses to email commands. The default is 2 to preserve the prior behavior of |