| Commit message (Collapse) | Author | Files | Lines |
|
|
|
if AUTHENTICATION_COOKIE_LIFETIME is non-zero.
|
|
|
|
|
|
be used in Approved: or X-Approved: headers for pre-approving posts.
Using this password for that purpose precludes compromise of a more
valuable password sent in plain text email. Bug #770581.
|
|
If this is set to a non-zero value, web authentication cookies will
expire that many seconds following their last use. Its default value is
zero to preserve current behavior.
|
|
Bug #770377.
|
|
to a list's web admin interface without authentication. Fixed by
not accepting null passwords.
|
|
cookie when CheckCookie was not given a user and the user in the cookie
had a %xx encoded character. Bug # 299220.
|
|
I've modified the patch to improve some of the stylistic issues.
|
|
- In SecurityManager.py, fix the parsecookie() code to work with Python 2.5
generated cookie text. The latter was changed to be more RFC compliant so
it does not output trailing semicolons for each line of cookie text. This
broke the splitting rules, so now first split on newlines, then on ';\s*'.
This should work across all Python versions.
- In Python 2.5, exceptions are new-style, and thus are no longer of
ClassType. The instantiation type test in hold_for_approval() was too
naive. This one is fixed differently here than in the MM trunk because in
Python 2.1, 'type' isn't a type, it's a function and so can't be used as the
second argument to isinstance() directly.
- Raising strings generates deprecation warnings in Python 2.5. Switch the
one weird use of this in Utils.py to use a class exception. Don't call it
"quick exit" though because it's probably not.
|
|
|
|
|
|
Also, '/' can be used now.
|
|
from AuthContextInfo() when old cookie data is for someone no longer a
member of the mailing list. Closes SF bug # 869647. Bug and patch by
Stephan Berndts.
|
|
self.authenticateMember() call in a try/except catching and ignoring
NotAMemberErrors. The effect of this is that other authcontexts being
check will then proceed as normal. This fixes admin login to the
private archives, and non-public rosters.
Under the old code, if you tried to get into the private archives w/o
entering an email address, but using the admin password, you'd be
denied access.
WebAuthenticate(): Removed the wrapping of .Authenticate() in
try/except catching of NotAMemberError, since this should never
percolate out now.
Also, use True/False everywhere it's appropriate (but not in the
cookie code).
Original bug and patch by Stephan Berndts. Closes SF bug # 864676 and
SF patch # 864674.
|
|
|